public override void OnActionExecuting(ActionExecutingContext filterContext)
{
//if (!SuperOfficeAuthorizeHelper.IsAuthorized(filterContext.HttpContext))
if (!SuperOfficeAuthHelper.IsAuthorized())
{
RedirectToSuperOfficeLogin(filterContext);
}
}
/// <summary>
/// We must log in to be able to use netserver:
/// </summary>
/// <param name="filterContext"></param>
private void RedirectToSuperOfficeLogin(ActionExecutingContext filterContext)
{
SuperOfficeAuthHelper.Context = null;
var ctx = filterContext.HttpContext.Request.Params["ctx"];
HttpContext.Current.Session["RedirectUrl"] = filterContext.HttpContext.Request.RawUrl;
var url = SuperOfficeAuthHelper.GetAuthenticateUrl(ctx);
filterContext.Result = new RedirectResult(url);
}
/// <summary>
/// Determine if there is a valid context stored in ASP.Net <see cref="HttpContext"/>
/// </summary>
/// <returns></returns>
public static bool IsValid()
{
HttpContext currentContext = HttpContext.Current;
if (currentContext != null && currentContext.Session != null)
{
var contextContainer = currentContext.Session[Provider] as SoContextContainer;
// If this is a Anonymous user, we don't have a contextContainer since we actually don't need to store that data.
if (contextContainer == null &&
SoContext.CurrentPrincipal != null &&
SoContext.CurrentPrincipal.UserType == UserType.AnonymousAssociate)
{
return(true);
}
return(SuperOfficeAuthHelper.IsAuthenticatedWithNetServer());
}
else
{
return(false);
}
}
/// <summary>
///
/// </summary>
/// <param name="token">Saml or JWT token</param>
public static bool TryLogin(string token, string tokenType)
{
var tokenHandler = new SuperIdTokenHandler();
var typedTokenType = (SuperOffice.SuperID.Contracts.SystemUser.V1.TokenType)
Enum.Parse(typeof(SuperOffice.SuperID.Contracts.SystemUser.V1.TokenType), tokenType);
var certificatePath = ConfigManager.SuperOfficeFederatedLogin;
if (!String.IsNullOrWhiteSpace(certificatePath))
{
if (!Path.IsPathRooted(certificatePath))
{
certificatePath = Path.Combine(HostingEnvironment.MapPath(@"~"), certificatePath);
}
tokenHandler.JwtIssuerSigningCertificate =
new System.Security.Cryptography.X509Certificates.X509Certificate2(certificatePath);
}
else
{
tokenHandler.CertificateValidator = X509CertificateValidator.PeerTrust;
}
//tokenHandler.ValidateAudience = false;
var superIdClaims = tokenHandler.ValidateToken(token, typedTokenType);
var context = new SuperOfficeContext
{
Ticket = superIdClaims.Ticket,
Email = superIdClaims.Email,
ContextIdentifier = superIdClaims.ContextIdentifier,
NetServerUrl = superIdClaims.NetserverUrl,
SystemToken = superIdClaims.SystemToken,
};
Context = context;
// Use forms authentication - this is optional
var soFormsTicket = new FormsAuthenticationTicket(superIdClaims.Email, false, 3600);
var soFormsTicketEncrypted = FormsAuthentication.Encrypt(soFormsTicket);
var httpContext = HttpContext.Current;
httpContext.Session[ConfigManager.SoAuthCookie] = soFormsTicketEncrypted;
httpContext.Response.Cookies.Add(new HttpCookie(ConfigManager.SoAuthCookie, soFormsTicketEncrypted));
try
{
// If request is not authenticated, and a controller with the
// SuperOfficeAuthorize attribute is accessed, the called controller
// will continue to send the user to SuperID. If already authenticated there
// this user will always return here and be stuck in an endless loop.
// Therefore, it is important to authenticate with NetServer, and allow the
// context provider to store the current session. Thus, the SuperOfficeAuthorize
// attibute will be able to locate the session and proceed unimpeded
//Authenticate with NetServer using web services if necessary.
SoSession session = SoSession.Authenticate(new SoCredentials()
{
Ticket = context.Ticket
});
var principal = SoContext.CurrentPrincipal;
var contact = new ContactAgent().GetContact(principal.ContactId);
context.Company = contact.FullName;
context.Name = principal.FullName;
context.Username = principal.Associate;
context.AssociateId = principal.AssociateId;
return(true);
}
catch (Exception ex)
{
SuperOfficeAuthHelper.Logout();
return(false);
}
}