diff --git a/DotBased.AspNet.Authority/Controllers/AuthorityController.cs b/DotBased.AspNet.Authority/Controllers/AuthorityController.cs index a83ee86..2e0ffc8 100644 --- a/DotBased.AspNet.Authority/Controllers/AuthorityController.cs +++ b/DotBased.AspNet.Authority/Controllers/AuthorityController.cs @@ -1,4 +1,3 @@ -using System.Security.Claims; using System.Text.Json; using Microsoft.AspNetCore.Authentication; using Microsoft.AspNetCore.Authorization; @@ -8,14 +7,13 @@ namespace DotBased.AspNet.Authority.Controllers; [ApiController] [Route("[controller]")] -public class AuthorityController : ControllerBase +public class AuthorityController(IAuthenticationService authenticationService) : ControllerBase { [HttpGet("auth/login")] [AllowAnonymous] - public async Task LoginFromSchemeAsync([FromQuery(Name = "s")] string? scheme) + public async Task LoginFromSchemeAsync([FromQuery(Name = "s")] string? scheme, [FromQuery(Name = "ss")] string? sessionScheme) { - var cPrincipal = new ClaimsPrincipal(); - await HttpContext.SignInAsync(cPrincipal); + await authenticationService.AuthenticateAsync(HttpContext, scheme); return Ok(); } diff --git a/DotBased.AspNet.Authority/Handlers/AuthorityLoginAuthenticationHandler.cs b/DotBased.AspNet.Authority/Handlers/AuthorityLoginAuthenticationHandler.cs index 4a6875a..2cd3a0c 100644 --- a/DotBased.AspNet.Authority/Handlers/AuthorityLoginAuthenticationHandler.cs +++ b/DotBased.AspNet.Authority/Handlers/AuthorityLoginAuthenticationHandler.cs @@ -1,4 +1,3 @@ -using System.Security.Claims; using System.Text.Encodings.Web; using DotBased.AspNet.Authority.Managers; using DotBased.AspNet.Authority.Models.Options.Auth; @@ -14,20 +13,11 @@ namespace DotBased.AspNet.Authority.Handlers; public class AuthorityLoginAuthenticationHandler(IOptionsMonitor options, ILoggerFactory logger, UrlEncoder encoder, - AuthorityManager manager) : SignInAuthenticationHandler(options, logger, encoder) + AuthorityManager manager) : AuthenticationHandler(options, logger, encoder) { + // Validate credentials protected override Task HandleAuthenticateAsync() { throw new NotImplementedException(); } - - protected override Task HandleSignOutAsync(AuthenticationProperties? properties) - { - throw new NotImplementedException(); - } - - protected override Task HandleSignInAsync(ClaimsPrincipal user, AuthenticationProperties? properties) - { - throw new NotImplementedException(); - } } \ No newline at end of file diff --git a/DotBased.AspNet.Authority/Services/AuthorityAuthenticationService.cs b/DotBased.AspNet.Authority/Services/AuthorityAuthenticationService.cs index 53cf5ad..c66c539 100644 --- a/DotBased.AspNet.Authority/Services/AuthorityAuthenticationService.cs +++ b/DotBased.AspNet.Authority/Services/AuthorityAuthenticationService.cs @@ -20,27 +20,35 @@ public class AuthorityAuthenticationService( public IReadOnlyCollection GetSchemeInfos(SchemeType schemeType) => _options.SchemeInfoMap.Where(s => s.Type == schemeType).ToList(); public IReadOnlyCollection GetAllSchemeInfos() => _options.SchemeInfoMap; + // Validate credentials + // Used internally by ASP.NET Core to determine if a user is authenticated. Can also be called manually to inspect authentication status. public override Task AuthenticateAsync(HttpContext context, string? scheme) { - return base.AuthenticateAsync(context, scheme); } + // Trigger login + // Used when access to a resource requires authentication, but the user has not provided valid credentials. public override Task ChallengeAsync(HttpContext context, string? scheme, AuthenticationProperties? properties) { return base.ChallengeAsync(context, scheme, properties); } + // Log user in, set cookie/token + // Called after successfully validating user credentials (e.g., after login form submission), to establish an authenticated session. public override Task SignInAsync(HttpContext context, string? scheme, ClaimsPrincipal principal, AuthenticationProperties? properties) { return base.SignInAsync(context, scheme, principal, properties); } + // Log out user and end auth session, remove cookie/token public override Task SignOutAsync(HttpContext context, string? scheme, AuthenticationProperties? properties) { return base.SignOutAsync(context, scheme, properties); } + // Deny access, return 403/return forbid page + // Used when a user is authenticated but lacks required roles/claims/permissions. public override Task ForbidAsync(HttpContext context, string? scheme, AuthenticationProperties? properties) { return base.ForbidAsync(context, scheme, properties);