public async Task <IHttpActionResult> Login(string signin) { Logger.Info("Login page requested"); if (signin.IsMissing()) { Logger.Error("No signin id passed"); return(RenderErrorPage()); } var cookie = new SignInMessageCookie(Request.GetOwinContext(), this._options); var signInMessage = cookie.Read(signin); if (signInMessage == null) { Logger.Error("No cookie matching signin id found"); return(RenderErrorPage()); } Logger.DebugFormat("signin message passed to login: {0}", JsonConvert.SerializeObject(signInMessage, Formatting.Indented)); if (signInMessage.IdP.IsPresent()) { Logger.InfoFormat("identity provider requested, redirecting to: {0}", signInMessage.IdP); return(Redirect(Url.Link(Constants.RouteNames.LoginExternal, new { provider = signInMessage.IdP, signin }))); } return(await RenderLoginPage(signInMessage)); }
public async Task <IHttpActionResult> LoginExternalCallback() { Logger.Info("Callback invoked from external identity provider "); var signInId = await GetSignInIdFromExternalProvider(); if (signInId.IsMissing()) { Logger.Error("No signin id passed"); return(RenderErrorPage()); } var cookie = new SignInMessageCookie(Request.GetOwinContext(), this._options); var signInMessage = cookie.Read(signInId); if (signInMessage == null) { Logger.Error("No cookie matching signin id found"); return(RenderErrorPage()); } var user = await GetIdentityFromExternalProvider(); if (user == null) { Logger.Error("no identity from external identity provider"); return(await RenderLoginPage(signInMessage, Messages.NoMatchingExternalAccount)); } var externalIdentity = MapToExternalIdentity(user.Claims); if (externalIdentity == null) { Logger.Error("no subject or unique identifier claims from external identity provider"); return(await RenderLoginPage(signInMessage, Messages.NoMatchingExternalAccount)); } Logger.InfoFormat("external user provider: {0}, provider ID: {1}", externalIdentity.Provider, externalIdentity.ProviderId); var authResult = await _userService.AuthenticateExternalAsync(externalIdentity); if (authResult == null) { Logger.Warn("user service failed to authenticate external identity"); return(await RenderLoginPage(signInMessage, Messages.NoMatchingExternalAccount)); } if (authResult.IsError) { Logger.WarnFormat("user service returned error message: {0}", authResult.ErrorMessage); return(await RenderLoginPage(signInMessage, authResult.ErrorMessage)); } return(SignInAndRedirect(signInMessage, authResult)); }
private HttpResponseMessage Execute() { Logger.Info("Redirecting to login page"); var cookie = new SignInMessageCookie(this.env, this.options); message.Id = Guid.NewGuid().ToString("N"); cookie.Write(this.message); var url = env.GetIdentityServerBaseUrl() + Constants.RoutePaths.Login; url += "?signin=" + this.message.Id; var uri = new Uri(url); var response = new HttpResponseMessage(HttpStatusCode.Redirect); response.Headers.Location = uri; return(response); }
public IHttpActionResult LoginExternal(string signin, string provider) { Logger.InfoFormat("External login requested for provider: {0}", provider); if (provider.IsMissing()) { Logger.Error("No provider passed"); return(RenderErrorPage()); } if (signin.IsMissing()) { Logger.Error("No signin id passed"); return(RenderErrorPage()); } var cookie = new SignInMessageCookie(Request.GetOwinContext(), this._options); var signInMessage = cookie.Read(signin); if (signInMessage == null) { Logger.Error("No cookie matching signin id found"); return(RenderErrorPage()); } var ctx = Request.GetOwinContext(); var authProp = new Microsoft.Owin.Security.AuthenticationProperties { RedirectUri = Url.Route(Constants.RouteNames.LoginExternalCallback, null) }; // add the id to the dictionary so we can recall the cookie id on the callback authProp.Dictionary.Add("signin", signin); Request.GetOwinContext().Authentication.Challenge(authProp, provider); return(Unauthorized()); }
public async Task <IHttpActionResult> LoginLocal(string signin, LoginCredentials model) { Logger.Info("Login page submitted"); if (this._options.AuthenticationOptions.EnableLocalLogin == false) { Logger.Warn("EnableLocalLogin disabled -- returning 405 MethodNotAllowed"); return(StatusCode(HttpStatusCode.MethodNotAllowed)); } if (signin.IsMissing()) { Logger.Error("No signin id passed"); return(RenderErrorPage()); } var cookie = new SignInMessageCookie(Request.GetOwinContext(), this._options); var signInMessage = cookie.Read(signin); if (signInMessage == null) { Logger.Error("No cookie matching signin id found"); return(RenderErrorPage()); } if (model == null) { Logger.Error("no data submitted"); return(await RenderLoginPage(signInMessage, Messages.InvalidUsernameOrPassword)); } // the browser will only send 'true' if ther user has checked the checkbox // it will pass nothing if the user does not check the checkbox // this check here is to establish if the user deliberatly did not check the checkbox // or if the checkbox was not presented as an option (and thus AllowRememberMe is not allowed) // true means they did check it, false means they did not, null means they were not presented with the choice if (_options.AuthenticationOptions.CookieOptions.AllowRememberMe) { if (model.RememberMe != true) { model.RememberMe = false; } } else { model.RememberMe = null; } if (!ModelState.IsValid) { Logger.Warn("validation error: username or password missing"); return(await RenderLoginPage(signInMessage, ModelState.GetError(), model.Username, model.RememberMe == true)); } var authResult = await _userService.AuthenticateLocalAsync(model.Username, model.Password, signInMessage); if (authResult == null) { Logger.WarnFormat("user service indicated incorrect username or password for username: {0}", model.Username); return(await RenderLoginPage(signInMessage, Messages.InvalidUsernameOrPassword, model.Username, model.RememberMe == true)); } if (authResult.IsError) { Logger.WarnFormat("user service returned an error message: {0}", authResult.ErrorMessage); return(await RenderLoginPage(signInMessage, authResult.ErrorMessage, model.Username, model.RememberMe == true)); } return(SignInAndRedirect(signInMessage, authResult, model.RememberMe)); }
private void ClearSignInCookie(string signin) { var cookie = new SignInMessageCookie(Request.GetOwinContext(), this._options); cookie.Clear(signin); }
private void ClearSignInCookies() { var cookie = new SignInMessageCookie(Request.GetOwinContext(), this._options); cookie.ClearAll(); }
public async Task <IHttpActionResult> ResumeLoginFromRedirect(string resume) { Logger.Info("Callback requested to resume login from partial login"); if (resume.IsMissing()) { Logger.Error("no resumeId passed"); return(RenderErrorPage()); } var user = await GetIdentityFromPartialSignIn(); if (user == null) { Logger.Error("no identity from partial login"); return(RenderErrorPage()); } var type = GetClaimTypeForResumeId(resume); var resumeClaim = user.FindFirst(type); if (resumeClaim == null) { Logger.Error("no claim matching resumeId"); return(RenderErrorPage()); } var signInId = resumeClaim.Value; if (signInId.IsMissing()) { Logger.Error("No signin id found in resume claim"); return(RenderErrorPage()); } var cookie = new SignInMessageCookie(Request.GetOwinContext(), this._options); var signInMessage = cookie.Read(signInId); if (signInMessage == null) { Logger.Error("No cookie matching signin id found"); return(RenderErrorPage()); } AuthenticateResult result = null; var externalProviderClaim = user.FindFirst(Constants.ClaimTypes.ExternalProviderUserId); if (externalProviderClaim == null) { // the user/subject was known, so pass thru (without the redirect claims) user.RemoveClaim(user.FindFirst(Constants.ClaimTypes.PartialLoginReturnUrl)); user.RemoveClaim(user.FindFirst(GetClaimTypeForResumeId(resume))); result = new AuthenticateResult(new ClaimsPrincipal(user)); } else { // the user was not known, we need to re-execute AuthenticateExternalAsync // to obtain a subject to proceed var provider = externalProviderClaim.Issuer; var providerId = externalProviderClaim.Value; var externalId = new ExternalIdentity() { Provider = new IdentityProvider { Name = provider }, ProviderId = providerId, Claims = user.Claims }; result = await _userService.AuthenticateExternalAsync(externalId); if (result == null) { Logger.Warn("user service failed to authenticate external identity"); return(await RenderLoginPage(signInMessage, Messages.NoMatchingExternalAccount)); } if (result.IsError) { Logger.WarnFormat("user service returned error message: {0}", result.ErrorMessage); return(await RenderLoginPage(signInMessage, result.ErrorMessage)); } } return(SignInAndRedirect(signInMessage, result)); }