/// <summary>
/// Gets the UserId of the currently logged in user for a specific UserArea,
/// regardless of the ambient authentication scheme. Useful in multi-userarea
/// scenarios where you need to ignore the ambient user and check for permissions
/// against a specific user area.
/// </summary>
/// <param name="userAreaCode">The unique identifying code fo the user area to check for.</param>
public async Task <int?> GetUserIdByUserAreaCodeAsync(string userAreaCode)
{
if (userAreaCode == null)
{
throw new ArgumentNullException(nameof(userAreaCode));
}
if (cachedUserIdArea == userAreaCode && userIdCache.HasValue)
{
return(userIdCache.Value);
}
var scheme = CofoundryAuthenticationConstants.FormatAuthenticationScheme(userAreaCode);
var result = await _httpContextAccessor.HttpContext.AuthenticateAsync(scheme);
if (!result.Succeeded)
{
return(null);
}
var userIdClaim = result.Principal.FindFirst(ClaimTypes.NameIdentifier);
if (userIdClaim == null)
{
return(null);
}
var userId = IntParser.ParseOrNull(userIdClaim.Value);
return(userId);
}
/// <summary>
/// Logs the specified UserId into the current session.
/// </summary>
/// <param name="userAreaCode">Unique code of the user area to log the user into (required).</param>
/// <param name="userId">UserId belonging to the owner of the current session.</param>
/// <param name="rememberUser">
/// True if the session should last indefinately; false if the
/// session should close after a timeout period.
/// </param>
public Task LogUserInAsync(string userAreaCode, int userId, bool rememberUser)
{
if (userAreaCode == null)
{
throw new ArgumentNullException(nameof(userAreaCode));
}
if (userId < 1)
{
throw new ArgumentOutOfRangeException(nameof(userId));
}
var stringId = Convert.ToString(userId);
var scheme = CofoundryAuthenticationConstants.FormatAuthenticationScheme(userAreaCode);
var claims = new[] {
new Claim(ClaimTypes.NameIdentifier, stringId),
};
var claimsIdentity = new ClaimsIdentity(claims, scheme);
var userPrincipal = new ClaimsPrincipal(claimsIdentity);
userIdCache = userId;
cachedUserIdArea = userAreaCode;
return(_httpContextAccessor.HttpContext.SignInAsync(scheme, userPrincipal, _defaultAuthenticationProperties));
}
/// <summary>
/// Logs the user out of all user areas.
/// </summary>
public async Task LogUserOutOfAllUserAreasAsync()
{
ClearCache();
foreach (var customEntityDefinition in _userAreaDefinitionRepository.GetAll())
{
var scheme = CofoundryAuthenticationConstants.FormatAuthenticationScheme(customEntityDefinition.UserAreaCode);
await _httpContextAccessor.HttpContext.SignOutAsync(scheme);
}
}
/// <summary>
/// Logs the user out of the specified user area.
/// </summary>
/// <param name="userAreaCode">Unique code of the user area to log the user into (required).</param>
public async Task LogUserOutAsync(string userAreaCode)
{
if (userAreaCode == null)
{
throw new ArgumentNullException(nameof(userAreaCode));
}
if (cachedUserIdArea == userAreaCode)
{
ClearCache();
}
var scheme = CofoundryAuthenticationConstants.FormatAuthenticationScheme(userAreaCode);
await _httpContextAccessor.HttpContext.SignOutAsync(scheme);
}
public void Configure(IMvcBuilder mvcBuilder)
{
var services = mvcBuilder.Services;
var allUserAreas = _userAreaDefinitionRepository.GetAll();
// Set default schema as specified in config, falling back to CofoundryAdminUserArea
// Since any additional areas are configured by the implementor there shouldn't be multiple
// unless the developer has misconfigured their areas.
var defaultSchemaCode = allUserAreas
.OrderByDescending(u => u.IsDefaultAuthSchema)
.ThenByDescending(u => u is CofoundryAdminUserArea)
.ThenBy(u => u.Name)
.Select(u => u.UserAreaCode)
.First();
var defaultScheme = CofoundryAuthenticationConstants.FormatAuthenticationScheme(defaultSchemaCode);
var authBuilder = mvcBuilder.Services.AddAuthentication(defaultScheme);
var cookieNamespace = _authCookieNamespaceProvider.GetNamespace();
foreach (var userAreaDefinition in allUserAreas)
{
var scheme = CofoundryAuthenticationConstants.FormatAuthenticationScheme(userAreaDefinition.UserAreaCode);
authBuilder
.AddCookie(scheme, cookieOptions =>
{
cookieOptions.Cookie.Name = cookieNamespace + userAreaDefinition.UserAreaCode;
cookieOptions.Cookie.HttpOnly = true;
cookieOptions.Cookie.IsEssential = true;
cookieOptions.Cookie.SameSite = SameSiteMode.Lax;
if (!string.IsNullOrWhiteSpace(userAreaDefinition.LoginPath))
{
cookieOptions.LoginPath = userAreaDefinition.LoginPath;
}
});
}
mvcBuilder.Services.AddAuthorization();
}
public AuthorizeUserAreaAttribute(string userAreaCode)
: base()
{
AuthenticationSchemes = CofoundryAuthenticationConstants.FormatAuthenticationScheme(userAreaCode);
}
