/// <summary>
/// Create an instance of the options initialized with the default values
/// </summary>
public CookieAuthenticationOptions()
{
ExpireTimeSpan = TimeSpan.FromDays(14);
ReturnUrlParameter = CookieAuthenticationDefaults.ReturnUrlParameter;
SlidingExpiration = true;
Events = new CookieAuthenticationEvents();
}
public static void DisableRedirectForPath(
this CookieAuthenticationEvents events,
Expression <Func <CookieAuthenticationEvents,
Func <RedirectContext <CookieAuthenticationOptions>, Task> > > expr,
string path, int statuscode)
{
string propertyName = ((MemberExpression)expr.Body).Member.Name;
var oldHandler = expr.Compile().Invoke(events);
Func <RedirectContext <CookieAuthenticationOptions>, Task> newHandler
= context => {
if (context.Request.Path.StartsWithSegments(path))
{
context.Response.StatusCode = statuscode;
}
else
{
oldHandler(context);
}
return(Task.CompletedTask);
};
typeof(CookieAuthenticationEvents).GetProperty(propertyName)
.SetValue(events, newHandler);
}
public static CookieAuthenticationOptions SetupAppCookie(
this IApplicationBuilder app,
SiteAuthCookieValidator siteValidator,
string scheme,
bool useRelatedSitesMode,
SiteContext tenant,
CookieSecurePolicy cookieSecure = CookieSecurePolicy.SameAsRequest
)
{
var cookieEvents = new CookieAuthenticationEvents();
var options = new CookieAuthenticationOptions();
if (useRelatedSitesMode)
{
options.AuthenticationScheme = scheme;
options.CookieName = scheme;
options.CookiePath = "/";
}
else
{
//options.AuthenticationScheme = $"{scheme}-{tenant.SiteFolderName}";
options.AuthenticationScheme = scheme;
options.CookieName = $"{scheme}-{tenant.SiteFolderName}";
options.CookiePath = "/" + tenant.SiteFolderName;
cookieEvents.OnValidatePrincipal = siteValidator.ValidatePrincipal;
}
var tenantPathBase = string.IsNullOrEmpty(tenant.SiteFolderName)
? PathString.Empty
: new PathString("/" + tenant.SiteFolderName);
options.LoginPath = tenantPathBase + "/account/login";
options.LogoutPath = tenantPathBase + "/account/logoff";
options.AccessDeniedPath = tenantPathBase + "/account/accessdenied";
options.Events = cookieEvents;
options.AutomaticAuthenticate = true;
options.AutomaticChallenge = false;
options.CookieSecure = cookieSecure;
return options;
}
private CookieAuthenticationOptions SetupAppCookie(
CookieAuthenticationEvents cookieEvents,
cloudscribe.Core.Identity.SiteAuthCookieValidator siteValidator,
string scheme,
bool useRelatedSitesMode,
cloudscribe.Core.Models.SiteSettings tenant
)
{
var options = new CookieAuthenticationOptions();
if(useRelatedSitesMode)
{
options.AuthenticationScheme = scheme;
options.CookieName = scheme;
options.CookiePath = "/";
}
else
{
options.AuthenticationScheme = $"{scheme}-{tenant.SiteFolderName}";
options.CookieName = $"{scheme}-{tenant.SiteFolderName}";
options.CookiePath = "/" + tenant.SiteFolderName;
cookieEvents.OnValidatePrincipal = siteValidator.ValidatePrincipal;
}
var tenantPathBase = string.IsNullOrEmpty(tenant.SiteFolderName)
? PathString.Empty
: new PathString("/" + tenant.SiteFolderName);
options.LoginPath = tenantPathBase + "/account/login";
options.LogoutPath = tenantPathBase + "/account/logoff";
options.Events = cookieEvents;
options.AutomaticAuthenticate = true;
options.AutomaticChallenge = true;
return options;
}
// This method gets called by the runtime. Use this method to configure the HTTP request pipeline.
// you can add things to this method signature and they will be injected as long as they were registered during
// ConfigureServices
public void Configure(
IApplicationBuilder app,
IHostingEnvironment env,
ILoggerFactory loggerFactory,
IOptions<cloudscribe.Core.Models.MultiTenantOptions> multiTenantOptionsAccessor,
IServiceProvider serviceProvider,
IOptions<RequestLocalizationOptions> localizationOptionsAccessor
)
{
loggerFactory.AddConsole(Configuration.GetSection("Logging"));
loggerFactory.AddDebug();
var storage = Configuration["DevOptions:DbPlatform"];
if(storage != "NoDb")
{
ConfigureLogging(loggerFactory, serviceProvider);
}
if (env.IsDevelopment())
{
app.UseDeveloperExceptionPage();
app.UseDatabaseErrorPage();
app.UseBrowserLink();
}
//else
//{
// app.UseExceptionHandler("/Home/Error");
//}
app.UseStaticFiles();
// custom 404 and error page - this preserves the status code (ie 404)
app.UseStatusCodePagesWithReExecute("/Home/Error/{0}");
app.UseSession();
app.UseRequestLocalization(localizationOptionsAccessor.Value);
app.UseMultitenancy<cloudscribe.Core.Models.SiteSettings>();
//app.UseTenantContainers<SiteSettings>();
var multiTenantOptions = multiTenantOptionsAccessor.Value;
app.UsePerTenant<cloudscribe.Core.Models.SiteSettings>((ctx, builder) =>
{
var tenant = ctx.Tenant;
var shouldUseFolder = !multiTenantOptions.UseRelatedSitesMode
&& multiTenantOptions.Mode == cloudscribe.Core.Models.MultiTenantMode.FolderName
&& tenant.SiteFolderName.Length > 0;
var externalCookieOptions = SetupOtherCookies(
cloudscribe.Core.Identity.AuthenticationScheme.External,
multiTenantOptions.UseRelatedSitesMode,
tenant);
builder.UseCookieAuthentication(externalCookieOptions);
var twoFactorRememberMeCookieOptions = SetupOtherCookies(
cloudscribe.Core.Identity.AuthenticationScheme.TwoFactorRememberMe,
multiTenantOptions.UseRelatedSitesMode,
tenant);
builder.UseCookieAuthentication(twoFactorRememberMeCookieOptions);
var twoFactorUserIdCookie = SetupOtherCookies(
cloudscribe.Core.Identity.AuthenticationScheme.TwoFactorUserId,
multiTenantOptions.UseRelatedSitesMode,
tenant);
builder.UseCookieAuthentication(twoFactorUserIdCookie);
var cookieEvents = new CookieAuthenticationEvents();
var logger = loggerFactory.CreateLogger<cloudscribe.Core.Identity.SiteAuthCookieValidator>();
var cookieValidator = new cloudscribe.Core.Identity.SiteAuthCookieValidator(logger);
var appCookieOptions = SetupAppCookie(
cookieEvents,
cookieValidator,
cloudscribe.Core.Identity.AuthenticationScheme.Application,
multiTenantOptions.UseRelatedSitesMode,
tenant
);
builder.UseCookieAuthentication(appCookieOptions);
//builder.UseForwardedHeaders();
// known issue here is if a site is updated to populate the
// social auth keys, it currently requires a restart so that the middleware gets registered
// in order for it to work or for the social auth buttons to appear
builder.UseSocialAuth(ctx.Tenant, externalCookieOptions, shouldUseFolder);
});
UseMvc(app, multiTenantOptions.Mode == cloudscribe.Core.Models.MultiTenantMode.FolderName);
switch (storage)
{
case "NoDb":
CoreNoDbStartup.InitializeDataAsync(app.ApplicationServices).Wait();
break;
case "ef":
default:
// this creates ensures the database is created and initial data
CoreEFStartup.InitializeDatabaseAsync(app.ApplicationServices).Wait();
// this one is only needed if using cloudscribe Logging with EF as the logging storage
LoggingEFStartup.InitializeDatabaseAsync(app.ApplicationServices).Wait();
break;
}
}
