public ActionResult ValidateAuthToken(string access_token) { if (string.IsNullOrEmpty(access_token)) { return(BadRequest("Invalid token")); } IPrincipal principal = _manager.ValidateAuthenticationToken(access_token, _certificateFilePath); if (principal != null) { var tokens = new List <AuthenticationToken>() { new AuthenticationToken() { Name = "access_token", Value = access_token } }; var prop = new Microsoft.AspNetCore.Authentication.AuthenticationProperties(); prop.IsPersistent = true; prop.StoreTokens(tokens); HttpContext.SignInAsync(principal as ClaimsPrincipal, prop); } return(RedirectToAction("Profile", "User")); }
private AuthenticationProperties GenerateAuthenticationProperties(AuthenticateResult info) { //if the external provider issued an id_token, we'll keep it for signout AuthenticationProperties props = null; var id_token = info.Properties.GetTokenValue("id_token"); if (id_token != null) { props = new Microsoft.AspNetCore.Authentication.AuthenticationProperties(); props.StoreTokens(new[] { new AuthenticationToken { Name = "id_token", Value = id_token } }); } return(props); }
private void ProcessLoginCallbackForOidc(AuthenticateResult externalResult, List <Claim> localClaims, AuthenticationProperties localSignInProps) { // if the external system sent a session id claim, copy it over // so we can use it for single sign-out var sid = externalResult.Principal.Claims.FirstOrDefault(x => x.Type == JwtClaimTypes.SessionId); if (sid != null) { localClaims.Add(new Claim(JwtClaimTypes.SessionId, sid.Value)); } // if the external provider issued an id_token, we'll keep it for signout var id_token = externalResult.Properties.GetTokenValue("id_token"); if (id_token != null) { localSignInProps.StoreTokens(new[] { new AuthenticationToken { Name = "id_token", Value = id_token } }); } }
public void CanStoreMultipleTokens() { var props = new AuthenticationProperties(); var tokens = new List <AuthenticationToken>(); var tok1 = new AuthenticationToken { Name = "One", Value = "1" }; var tok2 = new AuthenticationToken { Name = "Two", Value = "2" }; var tok3 = new AuthenticationToken { Name = "Three", Value = "3" }; tokens.Add(tok1); tokens.Add(tok2); tokens.Add(tok3); props.StoreTokens(tokens); Assert.Equal("1", props.GetTokenValue("One")); Assert.Equal("2", props.GetTokenValue("Two")); Assert.Equal("3", props.GetTokenValue("Three")); Assert.Equal(3, props.GetTokens().Count()); }
public async Task <IActionResult> ExternalLoginCallback(string returnUrl) { // read external identity from the temporary cookie var info = await HttpContext.Authentication.GetAuthenticateInfoAsync(IdentityServer4.IdentityServerConstants.ExternalCookieAuthenticationScheme); var tempUser = info?.Principal; if (tempUser == null) { throw new Exception("External authentication error"); } // retrieve claims of the external user var claims = tempUser.Claims.ToList(); // try to determine the unique id of the external user - the most common claim type for that are the sub claim and the NameIdentifier // depending on the external provider, some other claim type might be used var userIdClaim = claims.FirstOrDefault(x => x.Type == JwtClaimTypes.Subject); if (userIdClaim == null) { userIdClaim = claims.FirstOrDefault(x => x.Type == ClaimTypes.NameIdentifier); } if (userIdClaim == null) { throw new Exception("Unknown userid"); } // remove the user id claim from the claims collection and move to the userId property // also set the name of the external authentication provider claims.Remove(userIdClaim); var provider = info.Properties.Items["scheme"]; var userId = userIdClaim.Value; // check if the external user is already provisioned var user = _users.FindByExternalProvider(provider, userId); if (user == null) { // this sample simply auto-provisions new external user // another common approach is to start a registrations workflow first user = _users.AutoProvisionUser(provider, userId, claims); } var additionalClaims = new List <Claim>(); // if the external system sent a session id claim, copy it over var sid = claims.FirstOrDefault(x => x.Type == JwtClaimTypes.SessionId); if (sid != null) { additionalClaims.Add(new Claim(JwtClaimTypes.SessionId, sid.Value)); } // if the external provider issued an id_token, we'll keep it for signout AuthenticationProperties props = null; var id_token = info.Properties.GetTokenValue("id_token"); if (id_token != null) { props = new AuthenticationProperties(); props.StoreTokens(new[] { new AuthenticationToken { Name = "id_token", Value = id_token } }); } // issue authentication cookie for user await _events.RaiseAsync(new UserLoginSuccessEvent(provider, userId, user.SubjectId, user.Username)); await HttpContext.Authentication.SignInAsync(user.SubjectId, user.Username, provider, props, additionalClaims.ToArray()); // delete temporary cookie used during external authentication await HttpContext.Authentication.SignOutAsync(IdentityServer4.IdentityServerConstants.ExternalCookieAuthenticationScheme); // validate return URL and redirect back to authorization endpoint or a local page if (_interaction.IsValidReturnUrl(returnUrl) || Url.IsLocalUrl(returnUrl)) { return(Redirect(returnUrl)); } return(Redirect("~/")); }