-
Notifications
You must be signed in to change notification settings - Fork 1
/
Authentication.cs
115 lines (104 loc) · 4.81 KB
/
Authentication.cs
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
using System;
using System.Configuration;
using System.Security.Claims;
using System.Web;
using System.Web.Configuration;
using System.Web.Helpers;
using System.Web.Mvc;
using Altis.CommonLogin.Owin;
using Microsoft.AspNet.Identity;
using Microsoft.Owin;
using Microsoft.Owin.Security.Cookies;
using Owin;
using SameSiteMode = Microsoft.Owin.SameSiteMode;
[assembly: OwinStartup(typeof(Authentication))]
namespace Altis.CommonLogin.Owin
{
public static class Authentication
{
const double DefaultCookieExpiryHours = 12;
public static void Configuration(IAppBuilder app)
{
//Authentication can be disabled via a flag in the app settings
var disableAuthentication = WebConfigurationManager.AppSettings["DisableAuthentication"];
if (disableAuthentication == null || !disableAuthentication.ToLower().Equals("true"))
{
ConfigureAuthentication(app);
}
else
{
//Authentication disabled, create a default debugging identity
GlobalFilters.Filters.Add(new DebugAuthorisationFilter());
}
}
private static void ConfigureAuthentication(IAppBuilder app)
{
//Register filters for authentication
RegisterFilters(GlobalFilters.Filters);
//Create cookie authentication provider
var provider = new CookieAuthenticationProvider();
var originalHandler = provider.OnApplyRedirect;
var commonLoginUrl = WebConfigurationManager.AppSettings["CommonLoginUrl"];
if (commonLoginUrl != null)
{
provider.OnApplyRedirect = context =>
{
if (IsApiRequest(context.Request))
{
return;
}
var redirectUri = commonLoginUrl + "/Account/Login" + new QueryString(context.Options.ReturnUrlParameter, context.Request.Uri.AbsoluteUri);
context.RedirectUri = redirectUri;
originalHandler.Invoke(context);
};
}
//Authentication cookie expiry timespan
if (!double.TryParse(WebConfigurationManager.AppSettings["CookieExpiryHours"], out var cookieExpiryHours))
{
cookieExpiryHours = DefaultCookieExpiryHours;
}
//Authentication cookie domain
var cookieDomain = WebConfigurationManager.AppSettings["CookieDomain"];
if (string.IsNullOrEmpty(cookieDomain))
{
throw new ArgumentException("No cookie domain was specified. Unable to proceed with authentication configuration.");
}
//Setup the application to use cookie authentication, information for the signed in user is stored in the cookie
app.UseCookieAuthentication(new CookieAuthenticationOptions
{
AuthenticationType = DefaultAuthenticationTypes.ApplicationCookie,
LoginPath = new PathString("/Account/Login"),
CookieSecure = CookieSecureOption.Always,
SlidingExpiration = false,
CookieName = "CommonLoginPage",
ExpireTimeSpan = TimeSpan.FromHours(cookieExpiryHours),
CookieDomain = cookieDomain,
Provider = provider,
CookieSameSite = SameSiteMode.None
});
//Set the anti-forgery claim type
AntiForgeryConfig.UniqueClaimTypeIdentifier = ClaimTypes.NameIdentifier;
}
private static void RegisterFilters(GlobalFilterCollection filters)
{
//Check if role authorisation has been disabled in the app settings
var disableAuthorisationRoles = WebConfigurationManager.AppSettings["DisableAuthorisationRoles"];
if (disableAuthorisationRoles == null || !disableAuthorisationRoles.ToLower().Equals("true"))
{
//Setup role authorisation. Only users with this role will be able to access the relevant application.
var roles = ConfigurationManager.AppSettings["AuthorisedRoles"];
if (roles == null)
{
throw new Exception("No authorised roles found in app settings. Unable to proceed with authentication configuration.");
}
//Register authorise filter
filters.Add(new RoleClaimAttribute(roles));
}
}
private static bool IsApiRequest(IOwinRequest request)
{
var apiPath = WebConfigurationManager.AppSettings["SkipCookieRedirectForApiPath"] ?? "~/api/";
return !string.IsNullOrWhiteSpace(apiPath) && request.Uri.LocalPath.ToLower().StartsWith(VirtualPathUtility.ToAbsolute(apiPath));
}
}
}