public async Task <SignInResult> AuthorizeUserTwoFactorAsync(ApplicationUser user, string token, string remoteIp)
{
_logger.LogInformation($"Attempting to authorize user {user.Id} through two-factor.");
_cookieManager.DeleteCookie(CookieKeys.TwoFactorAuthorizeCookie);
SignInResult result = await _signInManager.TwoFactorSignInAsync(TokenOptions.DefaultPhoneProvider, token, false, false);
if (result.Succeeded)
{
await AddNewLoginTracebackEntryAsync(user.UserName, remoteIp);
}
return(result);
}
private async Task DisposeTokenAsync(string userId)
{
_context.TwoFactorTokens.Remove(await _context.TwoFactorTokens.FirstOrDefaultAsync(u => u.UserId.Equals(userId)));
if (_cookies.HasCookie(CookieKeys.TwoFactorAuthorizeCookie))
{
_cookies.DeleteCookie(CookieKeys.TwoFactorAuthorizeCookie);
}
await _context.SaveChangesAsync();
}
private void EraseCookies()
{
//There is no end to the pain of trying to get this right, fix the path here to ensure its correct.
var cookiePath = CookieUtils.FixPath(Options.CookiePath);
cookieManager.DeleteCookie(Context, BearerCookieName, new CookieOptions()
{
Secure = true,
HttpOnly = Options.BearerHttpOnly,
Path = cookiePath
});
cookieManager.DeleteCookie(Context, RefreshCookieName, new CookieOptions()
{
Secure = true,
HttpOnly = Options.RefreshHttpOnly,
Path = cookiePath
});
}
protected bool ValidateCorrelationId(ICookieManager cookieManager, AuthenticationProperties properties, ILogger logger)
{
if (cookieManager == null)
{
throw new ArgumentNullException("cookieManager");
}
if (properties == null)
{
throw new ArgumentNullException("properties");
}
if (logger == null)
{
throw new ArgumentNullException("logger");
}
string correlationKey = Constants.CorrelationPrefix + BaseOptions.AuthenticationType;
string correlationCookie = cookieManager.GetRequestCookie(Context, correlationKey);
if (string.IsNullOrWhiteSpace(correlationCookie))
{
logger.WriteWarning("{0} cookie not found.", correlationKey);
return(false);
}
var cookieOptions = new CookieOptions
{
SameSite = SameSiteMode.None,
HttpOnly = true,
Secure = Request.IsSecure
};
cookieManager.DeleteCookie(Context, correlationKey, cookieOptions);
string correlationExtra;
if (!properties.Dictionary.TryGetValue(
correlationKey,
out correlationExtra))
{
logger.WriteWarning("{0} state property not found.", correlationKey);
return(false);
}
properties.Dictionary.Remove(correlationKey);
if (!string.Equals(correlationCookie, correlationExtra, StringComparison.Ordinal))
{
logger.WriteWarning("{0} correlation cookie and state property mismatch.", correlationKey);
return(false);
}
return(true);
}
public static void ApplyClearCookie(this CommandResult commandResult, IOwinContext context, ICookieManager cookieManager)
{
if (!string.IsNullOrEmpty(commandResult.ClearCookieName))
{
cookieManager.DeleteCookie(context,
commandResult.ClearCookieName,
new CookieOptions
{
Secure = commandResult.SetCookieSecureFlag
});
}
}
public async Task<IActionResult> Logout()
{
await _accountRepository.SignOutAsync();
if (User != null)
{
_logger.LogInformation($"({User.Identity.Name}) - Logged out.");
}
if (_cookies.HasCookie(CookieKeys.TwoFactorAuthorizeCookie))
{
_cookies.DeleteCookie(CookieKeys.TwoFactorAuthorizeCookie);
}
// Redirect the user to the main login screen with information that the user has just
// been logged out.
TempData[TempDataKeys.Redirect] = RedirectPurpose.LogoutSuccess;
return RedirectToAction(nameof(AuthController.Index), GoliathControllers.AuthController);
}
public void DeleteCookie(IOwinContext context, string key, CookieOptions options)
{
CheckSameSite(context, options);
_innerManager.DeleteCookie(context, key, options);
}
/// <summary>
/// Deletes the item.
/// </summary>
/// <param name="key">The key.</param>
public void DeleteItem(string key)
{
_cookieManager.DeleteCookie(System.Web.HttpContext.Current, key);
_InMemStorage.TryRemove(key, out var oldVal);
}
public void DeleteCookie(IOwinContext context, string key, CookieOptions options)
{
SetupDomain(context, options);
_defaultCookieManager.DeleteCookie(context, key, options);
}
public void DeleteCookie(HttpContext context, string key, CookieOptions options)
{
var siteContext = context.RequestServices.GetRequiredService <ITenantContext>();
_concreteManager.DeleteCookie(context, $"{key}{siteContext.SiteContext.IdentityCookieName}", options);
}
public void DeleteCookie(HttpContext context, string key, CookieOptions options)
{
_concreteManager.DeleteCookie(context, key, options);
}
public void DeleteCaptchaCookie()
{
_cookieManager.DeleteCookie(CookieKeys.ValidateCaptchaCookie);
}
public static async Task Apply(
this CommandResult commandResult,
HttpContext httpContext,
IDataProtector dataProtector,
ICookieManager cookieManager,
string signInScheme,
string signOutScheme,
bool emitSameSiteNone)
{
httpContext.Response.StatusCode = (int)commandResult.HttpStatusCode;
if (commandResult.Location != null)
{
httpContext.Response.Headers["Location"] = commandResult.Location.OriginalString;
}
if (!string.IsNullOrEmpty(commandResult.SetCookieName))
{
var cookieData = HttpRequestData.ConvertBinaryData(
dataProtector.Protect(commandResult.GetSerializedRequestState()));
cookieManager.AppendResponseCookie(
httpContext,
commandResult.SetCookieName,
cookieData,
new CookieOptions()
{
HttpOnly = true,
Secure = commandResult.SetCookieSecureFlag,
// We are expecting a different site to POST back to us,
// so the ASP.Net Core default of Lax is not appropriate in this case
SameSite = emitSameSiteNone ? SameSiteMode.None : (SameSiteMode)(-1),
IsEssential = true
});
}
foreach (var h in commandResult.Headers)
{
httpContext.Response.Headers.Add(h.Key, h.Value);
}
if (!string.IsNullOrEmpty(commandResult.ClearCookieName))
{
cookieManager.DeleteCookie(
httpContext,
commandResult.ClearCookieName,
new CookieOptions
{
Secure = commandResult.SetCookieSecureFlag
});
}
if (!string.IsNullOrEmpty(commandResult.Content))
{
var buffer = Encoding.UTF8.GetBytes(commandResult.Content);
httpContext.Response.ContentType = commandResult.ContentType;
await httpContext.Response.Body.WriteAsync(buffer, 0, buffer.Length);
}
if (commandResult.Principal != null)
{
var authProps = new AuthenticationProperties(commandResult.RelayData)
{
RedirectUri = commandResult.Location.OriginalString
};
await httpContext.SignInAsync(signInScheme, commandResult.Principal, authProps);
}
if (commandResult.TerminateLocalSession)
{
await httpContext.SignOutAsync(signOutScheme ?? signInScheme);
}
}