All geek questions in one place

Signing an ASP.NET identifier using manually loaded credentials

I created a very simple SSO solution. In the target application, I can successfully load the credentials at the beginning of the request.

However, I would use them to login and allow ASP.NET Identity to process credentials for all future requests (using regular cookie middleware).

My first attempt was to use a OnApplyRedirectcookie in the middleware:

var provider = new CookieAuthenticationProvider();
provider.OnApplyRedirect = ctx =>
{
    if (ctx.Request.Query["s"] != null)
    {
        var ticket = LoadTicket(ctx.Request.Query["s"]);
        var uri = RemoveQueryStringByKey(ctx.Request.Uri.ToString(), "s");
        ticket.Properties.IsPersistent = true;
        ctx.OwinContext.Authentication.SignIn(ticket.Properties, ticket.Identity);
        ctx.Response.Redirect(uri);
        return;
    }
}

No credentials were uploaded for the following request :( (middleware cookie redirected to login page)

, , Context.Authentication.SignIn(ticket.Properties, ticket.Identity); .

public class SingleSignOnAuthenticationHandler : AuthenticationHandler<AuthenticationOptions>
{
    protected override Task<AuthenticationTicket> AuthenticateCoreAsync()
    {

        var sessionIdentifier = Request.Query["s"];
        if (sessionIdentifier == null)
            return Task.FromResult<AuthenticationTicket>(null);

        var ticket = LoadTicket(sessionIdentifier);
        if (ticket == null)
            return Task.FromResult<AuthenticationTicket>(null);

        Context.Authentication.SignIn(ticket.Properties, ticket.Identity);
        return Task.FromResult(new AuthenticationTicket(ticket.Identity, ticket.Properties));
    }
}

:( ( cookie )

. , ASP.NET ?

1

, ClaimsIdentity AuthenticationType cookie, MVC.

app.UseCookieAuthentication(new CookieAuthenticationOptions
{
    AuthenticationType = "ApplicationCookie", // <--- THIS STRING
    LoginPath = new PathString(VirtualPathUtility.ToAbsolute("~/Account/Login")),
    Provider = provider
});

.. :

public class SingleSignOnAuthenticationHandler : AuthenticationHandler<AuthenticationOptions>
{
    protected override Task<AuthenticationTicket> AuthenticateCoreAsync()
    {

        var sessionIdentifier = Request.Query["s"];
        if (sessionIdentifier == null)
            return Task.FromResult<AuthenticationTicket>(null);

        var ticket = LoadTicket(sessionIdentifier);
        if (ticket == null)
            return Task.FromResult<AuthenticationTicket>(null);

        ticket.Properties.IsPersistent = true;

        // ** LOOK HERE **
        //new identity, but with the correct authentication type
        var identity = new ClaimsIdentity(ticket.Identity.Claims, "ApplicationCookie", ClaimTypes.Name, ClaimTypes.Role);
        Context.Authentication.SignIn(ticket.Properties, identity);
        return Task.FromResult(new AuthenticationTicket(identity, ticket.Properties));
    }
}

. WebApi . cookie , , ASP.NET WebApi, -.

, WebApi cookie?

+4

:

2058
# ?

Source: https://habr.com/ru/post/1658226/

More articles:


All Articles