/// <summary> /// Process Authentication Request /// </summary> /// <returns></returns> protected override Task <AuthenticateResult> HandleAuthenticateAsync() { // get SiteMinder headers _logger.LogDebug("Parsing the HTTP headers for SiteMinder authentication credential"); SiteMinderAuthOptions options = new SiteMinderAuthOptions(); try { HttpContext context = Request.HttpContext; DbAppContext dbAppContext = (DbAppContext)context.RequestServices.GetService(typeof(DbAppContext)); IHostingEnvironment hostingEnv = (IHostingEnvironment)context.RequestServices.GetService(typeof(IHostingEnvironment)); UserSettings userSettings = new UserSettings(); string userId = ""; string siteMinderGuid = ""; string businessGuid = ""; string url = context.Request.GetDisplayUrl().ToLower(); _logger.LogWarning("Timestamp: {0:dd-MM-yyyy HH:mm:ss.FFFF} | Url: {1} | Remote Ip: {0}", DateTime.Now, url, context.Connection.RemoteIpAddress.ToString()); // ******************************************************** // if this is an Error or Authentication API - Ignore // ******************************************************** if (url.Contains("/authentication/dev") || url.Contains("/error") || url.Contains("/hangfire") || url.Contains("/swagger")) { _logger.LogInformation("Bypassing authentication process ({0})", url); return(Task.FromResult(AuthenticateResult.NoResult())); } // ************************************************** // check if we have a Dev Environment Cookie // ************************************************** string tempToken = context.Request.Cookies[options.DevAuthenticationTokenKey]; if (hostingEnv.IsDevelopment() && !string.IsNullOrEmpty(tempToken)) { _logger.LogInformation("Dev Authentication token found ({0})", tempToken); userId = tempToken; } else if ((context.Connection.RemoteIpAddress.ToString().StartsWith("::1") || context.Connection.RemoteIpAddress.ToString().StartsWith("::ffff:127.0.0.1")) && url.StartsWith("http://*****:*****@"LOCK TABLE ""HET_USER"" IN EXCLUSIVE MODE;"); HetUser user = dbAppContext.HetUser.First(x => x.UserId == updUserId); user.DistrictId = districtId; dbAppContext.HetUser.Update(user); // update user record dbAppContext.SaveChanges(); // commit transaction.Commit(); } } } userSettings.SiteMinderGuid = siteMinderGuid; userSettings.UserAuthenticated = true; userSettings.BusinessUser = false; } // ************************************************** // validate / check user permissions // ************************************************** _logger.LogInformation("Validating user permissions"); ClaimsPrincipal userPrincipal; if (userSettings.BusinessUser && userSettings.UserAuthenticated && userSettings.HetsBusinessUser != null) { userPrincipal = userSettings.HetsBusinessUser.ToClaimsPrincipal(options.Scheme); if (!userPrincipal.HasClaim(HetUser.PermissionClaim, HetPermission.BusinessLogin)) { _logger.LogWarning(options.MissingDbUserIdError + " (" + userId + ")"); return(Task.FromResult(AuthenticateResult.Fail(options.InvalidPermissions))); } } else { userPrincipal = userSettings.HetsUser.ToClaimsPrincipal(options.Scheme); if (!userPrincipal.HasClaim(HetUser.PermissionClaim, HetPermission.Login) && !userPrincipal.HasClaim(HetUser.PermissionClaim, HetPermission.BusinessLogin)) { _logger.LogWarning(options.MissingDbUserIdError + " (" + userId + ")"); return(Task.FromResult(AuthenticateResult.Fail(options.InvalidPermissions))); } } // ************************************************** // create authenticated user // ************************************************** _logger.LogInformation("Authentication successful: " + userId); _logger.LogInformation("Setting identity and creating session for: " + userId); // ************************************************** // done! // ************************************************** ClaimsPrincipal principal = userPrincipal; return(Task.FromResult(AuthenticateResult.Success(new AuthenticationTicket(principal, null, Options.Scheme)))); } catch (Exception exception) { _logger.LogError(exception.Message); Console.WriteLine(exception); throw; } }