mirror of
https://github.com/hmaxnl/DotBased.git
synced 2025-05-15 23:07:54 +02:00
[WIP] Reworked auth schemes and added framework reference to Microsoft.AspNetCore.App
This commit is contained in:
max
parent
723c654d70
commit
edf8891ddc
|
|
@ -6,18 +6,18 @@ public static class AuthorityDefaults
|
|||
{
|
||||
public static class Authority
|
||||
{
|
||||
public const string AuthenticationScheme = "Authority.Scheme.Password";
|
||||
public const string AuthenticationScheme = "AuthorityLogin";
|
||||
}
|
||||
|
||||
public static class Cookie
|
||||
{
|
||||
public const string Default = "Authority.Scheme.Cookie";
|
||||
public const string AuthenticationScheme = "AuthorityCookie";
|
||||
public const string CookieName = "AuthorityAuth";
|
||||
}
|
||||
|
||||
public static class Token
|
||||
{
|
||||
public const string Default = "Authority.Scheme.Token";
|
||||
public const string AuthenticationScheme = "AuthorityToken";
|
||||
public const string TokenName = "AuthorityAuthToken";
|
||||
}
|
||||
}
|
||||
|
|
|
|||
|
|
@ -1,4 +1,5 @@
|
|||
using DotBased.AspNet.Authority.Crypto;
|
||||
using DotBased.AspNet.Authority.Handlers;
|
||||
using DotBased.AspNet.Authority.Managers;
|
||||
using DotBased.AspNet.Authority.Models.Options;
|
||||
using DotBased.AspNet.Authority.Models.Options.Auth;
|
||||
|
|
@ -33,29 +34,41 @@ public static class AuthorityProviderExtensions
|
|||
return new AuthorityBuilder(services);
|
||||
}
|
||||
|
||||
public static AuthenticationBuilder AddAuthorityAuth(this AuthorityBuilder builder) => AddAuthorityAuth(builder, _ => { });
|
||||
|
||||
public static AuthenticationBuilder AddAuthorityAuth(this AuthorityBuilder builder, Action<AuthorityAuthenticationOptions> configureOptions)
|
||||
{
|
||||
ArgumentNullException.ThrowIfNull(configureOptions);
|
||||
builder.Services.Configure(configureOptions);
|
||||
|
||||
builder.Services.AddScoped<IAuthenticationService, AuthorityAuthenticationService>();
|
||||
//TODO: Register authority default authentication handler
|
||||
|
||||
var authBuilder = builder.Services.AddAuthentication();
|
||||
var authorityOptions = new AuthorityAuthenticationOptions();
|
||||
configureOptions.Invoke(authorityOptions);
|
||||
|
||||
var authBuilder = builder.Services.AddAuthentication(options =>
|
||||
{
|
||||
options.DefaultScheme = authorityOptions.DefaultScheme;
|
||||
options.DefaultAuthenticateScheme = authorityOptions.DefaultAuthenticateScheme;
|
||||
options.DefaultChallengeScheme = authorityOptions.DefaultChallengeScheme;
|
||||
options.DefaultSignInScheme = authorityOptions.DefaultSignInScheme;
|
||||
options.DefaultSignOutScheme = authorityOptions.DefaultSignOutScheme;
|
||||
options.DefaultForbidScheme = authorityOptions.DefaultForbidScheme;
|
||||
});
|
||||
return authBuilder;
|
||||
}
|
||||
|
||||
public static AuthenticationBuilder AddAuthorityLoginScheme(this AuthenticationBuilder builder, string scheme = AuthorityDefaults.Scheme.Authority.AuthenticationScheme)
|
||||
public static AuthenticationBuilder AddAuthorityLoginScheme(this AuthenticationBuilder builder, string scheme) =>
|
||||
AddAuthorityLoginScheme(builder, scheme, _ => { });
|
||||
public static AuthenticationBuilder AddAuthorityLoginScheme(this AuthenticationBuilder builder,
|
||||
string scheme,
|
||||
Action<AuthorityLoginOptions> configureOptions)
|
||||
{
|
||||
|
||||
builder.AddScheme<AuthorityLoginOptions, AuthorityLoginAuthenticationHandler>(scheme, scheme, configureOptions);
|
||||
return builder;
|
||||
}
|
||||
|
||||
public static AuthenticationBuilder AddAuthorityCookie(this AuthenticationBuilder builder, string scheme = AuthorityDefaults.Scheme.Cookie.Default)
|
||||
public static AuthenticationBuilder AddAuthorityCookie(this AuthenticationBuilder builder, string scheme)
|
||||
{
|
||||
builder.AddCookie(options =>
|
||||
builder.AddCookie(scheme, options =>
|
||||
{
|
||||
options.Cookie.Name = AuthorityDefaults.Scheme.Cookie.CookieName;
|
||||
options.Cookie.Path = AuthorityDefaults.Paths.Default;
|
||||
|
|
@ -71,7 +84,7 @@ public static class AuthorityProviderExtensions
|
|||
return builder;
|
||||
}
|
||||
|
||||
public static AuthenticationBuilder AddAuthorityToken(this AuthenticationBuilder builder, string scheme = AuthorityDefaults.Scheme.Token.Default)
|
||||
public static AuthenticationBuilder AddAuthorityToken(this AuthenticationBuilder builder, string scheme)
|
||||
{
|
||||
|
||||
return builder;
|
||||
|
|
|
|||
|
|
@ -1,3 +1,4 @@
|
|||
using System.Text.Json;
|
||||
using Microsoft.AspNetCore.Mvc;
|
||||
|
||||
namespace DotBased.AspNet.Authority.Controllers;
|
||||
|
|
@ -6,5 +7,21 @@ namespace DotBased.AspNet.Authority.Controllers;
|
|||
[Route("[controller]")]
|
||||
public class AuthorityController : ControllerBase
|
||||
{
|
||||
|
||||
[HttpGet("auth/login")]
|
||||
public async Task<ActionResult> LoginFromSchemeAsync([FromQuery(Name = "s")] string scheme)
|
||||
{
|
||||
return BadRequest();
|
||||
}
|
||||
|
||||
[HttpGet("auth/logout")]
|
||||
public async Task<ActionResult> LogoutAsync()
|
||||
{
|
||||
return Ok();
|
||||
}
|
||||
|
||||
[HttpGet("info")]
|
||||
public async Task<ActionResult<JsonDocument>> GetAuthorityInfoAsync()
|
||||
{
|
||||
return Ok();
|
||||
}
|
||||
}
|
||||
|
|
@ -7,9 +7,7 @@
|
|||
</PropertyGroup>
|
||||
|
||||
<ItemGroup>
|
||||
<Reference Include="Microsoft.Extensions.DependencyInjection.Abstractions">
|
||||
<HintPath>..\..\..\.nuget\packages\microsoft.extensions.dependencyinjection.abstractions\8.0.2\lib\net8.0\Microsoft.Extensions.DependencyInjection.Abstractions.dll</HintPath>
|
||||
</Reference>
|
||||
<FrameworkReference Include="Microsoft.AspNetCore.App" />
|
||||
</ItemGroup>
|
||||
|
||||
<ItemGroup>
|
||||
|
|
@ -22,10 +20,7 @@
|
|||
</ItemGroup>
|
||||
|
||||
<ItemGroup>
|
||||
<PackageReference Include="Microsoft.AspNetCore.Authentication" Version="2.3.0" />
|
||||
<PackageReference Include="Microsoft.AspNetCore.Authentication.Cookies" Version="2.3.0" />
|
||||
<PackageReference Include="Microsoft.AspNetCore.Mvc" Version="2.3.0" />
|
||||
<PackageReference Include="Microsoft.Extensions.Options" Version="9.0.0" />
|
||||
<PackageReference Include="Microsoft.Extensions.Options" Version="8.0.2" />
|
||||
</ItemGroup>
|
||||
|
||||
</Project>
|
||||
|
|
|
|||
|
|
@ -1,41 +0,0 @@
|
|||
using System.Security.Claims;
|
||||
using Microsoft.AspNetCore.Authentication;
|
||||
using Microsoft.AspNetCore.Http;
|
||||
|
||||
namespace DotBased.AspNet.Authority.Handlers;
|
||||
|
||||
/// <summary>
|
||||
/// Handles authentication for Authority logins.
|
||||
/// </summary>
|
||||
public class AuthorityAuthenticationHandler : IAuthenticationSignInHandler
|
||||
{
|
||||
public Task InitializeAsync(AuthenticationScheme scheme, HttpContext context)
|
||||
{
|
||||
throw new NotImplementedException();
|
||||
}
|
||||
|
||||
public Task<AuthenticateResult> AuthenticateAsync()
|
||||
{
|
||||
throw new NotImplementedException();
|
||||
}
|
||||
|
||||
public Task ChallengeAsync(AuthenticationProperties properties)
|
||||
{
|
||||
throw new NotImplementedException();
|
||||
}
|
||||
|
||||
public Task ForbidAsync(AuthenticationProperties properties)
|
||||
{
|
||||
throw new NotImplementedException();
|
||||
}
|
||||
|
||||
public Task SignOutAsync(AuthenticationProperties properties)
|
||||
{
|
||||
throw new NotImplementedException();
|
||||
}
|
||||
|
||||
public Task SignInAsync(ClaimsPrincipal user, AuthenticationProperties properties)
|
||||
{
|
||||
throw new NotImplementedException();
|
||||
}
|
||||
}
|
||||
|
|
@ -0,0 +1,34 @@
|
|||
using System.Security.Claims;
|
||||
using System.Text.Encodings.Web;
|
||||
using DotBased.AspNet.Authority.Managers;
|
||||
using DotBased.AspNet.Authority.Models.Options.Auth;
|
||||
using Microsoft.AspNetCore.Authentication;
|
||||
using Microsoft.Extensions.Logging;
|
||||
using Microsoft.Extensions.Options;
|
||||
|
||||
namespace DotBased.AspNet.Authority.Handlers;
|
||||
|
||||
/// <summary>
|
||||
/// Handles authentication for Authority logins.
|
||||
/// </summary>
|
||||
public class AuthorityLoginAuthenticationHandler(IOptionsMonitor<AuthorityLoginOptions> options,
|
||||
ILoggerFactory logger,
|
||||
UrlEncoder encoder,
|
||||
ISystemClock clock,
|
||||
AuthorityManager manager) : SignInAuthenticationHandler<AuthorityLoginOptions>(options, logger, encoder, clock)
|
||||
{
|
||||
protected override Task<AuthenticateResult> HandleAuthenticateAsync()
|
||||
{
|
||||
throw new NotImplementedException();
|
||||
}
|
||||
|
||||
protected override Task HandleSignOutAsync(AuthenticationProperties properties)
|
||||
{
|
||||
throw new NotImplementedException();
|
||||
}
|
||||
|
||||
protected override Task HandleSignInAsync(ClaimsPrincipal user, AuthenticationProperties properties)
|
||||
{
|
||||
throw new NotImplementedException();
|
||||
}
|
||||
}
|
||||
|
|
@ -10,13 +10,16 @@ public class AuthorityAuthenticationOptions
|
|||
public string DefaultForbidScheme { get; set; } = string.Empty;
|
||||
public string DefaultSignInScheme { get; set; } = string.Empty;
|
||||
public string DefaultSignOutScheme { get; set; } = string.Empty;
|
||||
public List<SchemeInfo> SchemeMap { get; set; } = [];
|
||||
/// <summary>
|
||||
/// List of schemes that the Authority application will support to authenticate against.
|
||||
/// </summary>
|
||||
public List<SchemeInfo> SchemeInfoMap { get; set; } = [];
|
||||
}
|
||||
|
||||
public class SchemeInfo
|
||||
{
|
||||
public string Scheme { get; set; } = string.Empty;
|
||||
public string Identifier { get; set; } = string.Empty;
|
||||
public string Description { get; set; } = string.Empty;
|
||||
public SchemeType Type { get; set; }
|
||||
public string AuthenticationType { get; set; } = string.Empty;
|
||||
}
|
||||
|
|
|
|||
|
|
@ -0,0 +1,8 @@
|
|||
using Microsoft.AspNetCore.Authentication;
|
||||
|
||||
namespace DotBased.AspNet.Authority.Models.Options.Auth;
|
||||
|
||||
public class AuthorityLoginOptions : AuthenticationSchemeOptions
|
||||
{
|
||||
|
||||
}
|
||||
|
|
@ -1,101 +1,20 @@
|
|||
using System.Security.Claims;
|
||||
using DotBased.AspNet.Authority.Models.Options.Auth;
|
||||
using DotBased.Logging;
|
||||
using Microsoft.AspNetCore.Authentication;
|
||||
using Microsoft.AspNetCore.Http;
|
||||
using Microsoft.Extensions.Options;
|
||||
|
||||
namespace DotBased.AspNet.Authority.Services;
|
||||
|
||||
public class AuthorityAuthenticationService(
|
||||
IAuthenticationSchemeProvider schemes,
|
||||
IAuthenticationHandlerProvider handlers,
|
||||
IClaimsTransformation transform,
|
||||
IOptions<AuthorityAuthenticationOptions> options) : IAuthenticationService
|
||||
IOptions<AuthenticationOptions> options,
|
||||
IOptions<AuthorityAuthenticationOptions> authorityOptions) : AuthenticationService(schemes, handlers, transform, options)
|
||||
{
|
||||
private readonly ILogger _logger = LogService.RegisterLogger(typeof(AuthorityAuthenticationService));
|
||||
private readonly AuthorityAuthenticationOptions _options = options.Value;
|
||||
private readonly AuthorityAuthenticationOptions _options = authorityOptions.Value;
|
||||
|
||||
public async Task<AuthenticateResult> AuthenticateAsync(HttpContext context, string scheme)
|
||||
{
|
||||
_logger.Debug("Authenticate with scheme: {Scheme}", scheme);
|
||||
|
||||
var authenticationHandler = await GetAuthenticationHandler(context, scheme, _options.DefaultAuthenticateScheme);
|
||||
var authResult = await authenticationHandler.AuthenticateAsync();
|
||||
|
||||
return authResult is { Succeeded: true }
|
||||
? AuthenticateResult.Success(
|
||||
new AuthenticationTicket(await transform.TransformAsync(authResult.Principal), authResult.Properties, authResult.Ticket.AuthenticationScheme)) :
|
||||
AuthenticateResult.Fail("Failed to authenticate");
|
||||
}
|
||||
|
||||
public async Task ChallengeAsync(HttpContext context, string scheme, AuthenticationProperties properties)
|
||||
{
|
||||
_logger.Debug("Challenging with scheme: {Scheme}", scheme);
|
||||
|
||||
var authenticationHandler = await GetAuthenticationHandler(context, scheme, _options.DefaultChallengeScheme);
|
||||
await authenticationHandler.ChallengeAsync(properties);
|
||||
}
|
||||
|
||||
public async Task ForbidAsync(HttpContext context, string scheme, AuthenticationProperties properties)
|
||||
{
|
||||
_logger.Debug("Forbid with scheme: {Scheme}", scheme);
|
||||
|
||||
var authenticationHandler = await GetAuthenticationHandler(context, scheme, _options.DefaultForbidScheme);
|
||||
await authenticationHandler.ForbidAsync(properties);
|
||||
}
|
||||
|
||||
public async Task SignInAsync(HttpContext context, string scheme, ClaimsPrincipal principal, AuthenticationProperties properties)
|
||||
{
|
||||
_logger.Debug("SignIn with scheme: {Scheme}", scheme);
|
||||
|
||||
var authenticationHandler = await GetAuthenticationHandler(context, scheme, _options.DefaultSignInScheme);
|
||||
if (authenticationHandler is not IAuthenticationSignInHandler signInHandler)
|
||||
{
|
||||
throw new InvalidOperationException("Authentication handler is not a IAuthenticationSignInHandler.");
|
||||
}
|
||||
await signInHandler.SignInAsync(principal, properties);
|
||||
}
|
||||
|
||||
public async Task SignOutAsync(HttpContext context, string scheme, AuthenticationProperties properties)
|
||||
{
|
||||
_logger.Debug("SignOut with scheme: {Scheme}", scheme);
|
||||
|
||||
var authenticationHandler = await GetAuthenticationHandler(context, scheme, _options.DefaultSignOutScheme);
|
||||
if (authenticationHandler is not IAuthenticationSignOutHandler signOutHandler)
|
||||
{
|
||||
throw new InvalidOperationException("Authentication handler is not a IAuthenticationSignOutHandler.");
|
||||
}
|
||||
await signOutHandler.SignOutAsync(properties);
|
||||
}
|
||||
|
||||
/*public async Task ValidateLoginAsync()
|
||||
{
|
||||
//TODO: Check if user is logged in from external identity provider, if user not exists in authority db create user.
|
||||
throw new NotImplementedException();
|
||||
}*/
|
||||
|
||||
private async Task<IAuthenticationHandler> GetAuthenticationHandler(HttpContext context, string scheme, string defaultScheme)
|
||||
{
|
||||
if (string.IsNullOrWhiteSpace(scheme))
|
||||
{
|
||||
scheme = defaultScheme;
|
||||
if (string.IsNullOrWhiteSpace(scheme))
|
||||
{
|
||||
scheme = _options.DefaultScheme;
|
||||
if (string.IsNullOrWhiteSpace(scheme))
|
||||
{
|
||||
throw new InvalidOperationException("Failed to get default scheme. No scheme specified.");
|
||||
}
|
||||
}
|
||||
}
|
||||
|
||||
var authenticationHandler = await handlers.GetHandlerAsync(context, scheme);
|
||||
if (authenticationHandler == null)
|
||||
{
|
||||
_logger.Warning("Failed to load handler for scheme: {Scheme}", scheme);
|
||||
throw new InvalidOperationException($"No authentication handlers registered to the scheme '{scheme}'");
|
||||
}
|
||||
|
||||
return authenticationHandler;
|
||||
}
|
||||
public IReadOnlyCollection<SchemeInfo> GetSchemeInfos(SchemeType schemeType) => _options.SchemeInfoMap.Where(s => s.Type == schemeType).ToList();
|
||||
public IReadOnlyCollection<SchemeInfo> GetAllSchemeInfos() => _options.SchemeInfoMap;
|
||||
}
|
||||
|
|
@ -27,4 +27,9 @@ public class WeatherController : ControllerBase
|
|||
await Task.Delay(TimeSpan.FromSeconds(1));
|
||||
return forecast;
|
||||
}
|
||||
|
||||
public record WeatherForecast(DateOnly Date, int TemperatureC, string? Summary)
|
||||
{
|
||||
public int TemperatureF => 32 + (int)(TemperatureC / 0.5556);
|
||||
}
|
||||
}
|
||||
|
|
@ -25,45 +25,49 @@ builder.Logging.AddDotBasedLoggerProvider(LogService.Options);
|
|||
|
||||
builder.Services.AddControllers();
|
||||
|
||||
builder.Services.AddAuthority().AddAuthorityContext(options =>
|
||||
builder.Services.AddAuthority()
|
||||
.AddAuthorityContext(options =>
|
||||
{
|
||||
options.UseSqlite("Data Source=dev-authority.db", c => c.MigrationsAssembly("TestWebApi"));
|
||||
}).AddAuthorityAuth(options =>
|
||||
})
|
||||
.MapAuthorityEndpoints()
|
||||
.AddAuthorityAuth(options =>
|
||||
{
|
||||
options.DefaultScheme = AuthorityDefaults.Scheme.Authority.AuthenticationScheme;
|
||||
//TODO: Auto detect auth and session store schemes?
|
||||
options.SchemeMap = [
|
||||
options.DefaultScheme = AuthorityDefaults.Scheme.Cookie.AuthenticationScheme;
|
||||
options.DefaultSignInScheme = AuthorityDefaults.Scheme.Authority.AuthenticationScheme;
|
||||
options.DefaultChallengeScheme = AuthorityDefaults.Scheme.Authority.AuthenticationScheme;
|
||||
options.SchemeInfoMap = [
|
||||
new SchemeInfo
|
||||
{
|
||||
Scheme = AuthorityDefaults.Scheme.Authority.AuthenticationScheme,
|
||||
Identifier = "Authority password login",
|
||||
Description = "Authority password login",
|
||||
Type = SchemeType.Authentication,
|
||||
AuthenticationType = "Password"
|
||||
},
|
||||
new SchemeInfo
|
||||
/*new SchemeInfo
|
||||
{
|
||||
Scheme = "OIDC",
|
||||
Identifier = "Authentik OIDC login",
|
||||
Description = "Authentik OIDC login",
|
||||
Type = SchemeType.Authentication,
|
||||
AuthenticationType = "OpenIdConnect"
|
||||
},
|
||||
},*/
|
||||
new SchemeInfo
|
||||
{
|
||||
Scheme = AuthorityDefaults.Scheme.Cookie.Default,
|
||||
Identifier = "Cookie session",
|
||||
Scheme = AuthorityDefaults.Scheme.Cookie.AuthenticationScheme,
|
||||
Description = "Cookie session",
|
||||
Type = SchemeType.SessionStore
|
||||
},
|
||||
}/*,
|
||||
new SchemeInfo
|
||||
{
|
||||
Scheme = AuthorityDefaults.Scheme.Token.Default,
|
||||
Identifier = "Session token",
|
||||
Scheme = AuthorityDefaults.Scheme.Token.AuthenticationScheme,
|
||||
Description = "Session token",
|
||||
Type = SchemeType.SessionStore
|
||||
}
|
||||
}*/
|
||||
];
|
||||
})
|
||||
.AddAuthorityLoginScheme()
|
||||
.AddAuthorityCookie()
|
||||
.AddAuthorityToken();
|
||||
.AddAuthorityLoginScheme(AuthorityDefaults.Scheme.Authority.AuthenticationScheme)
|
||||
.AddAuthorityCookie(AuthorityDefaults.Scheme.Cookie.AuthenticationScheme)
|
||||
.AddAuthorityToken(AuthorityDefaults.Scheme.Token.AuthenticationScheme);
|
||||
|
||||
// Add services to the container.
|
||||
// Learn more about configuring Swagger/OpenAPI at https://aka.ms/aspnetcore/swashbuckle
|
||||
|
|
@ -96,9 +100,4 @@ ILogger SetupSerilog()
|
|||
.MinimumLevel.Verbose()
|
||||
.WriteTo.Console(outputTemplate: BasedSerilog.OutputTemplate);
|
||||
return logConfig.CreateLogger();
|
||||
}
|
||||
|
||||
public record WeatherForecast(DateOnly Date, int TemperatureC, string? Summary)
|
||||
{
|
||||
public int TemperatureF => 32 + (int)(TemperatureC / 0.5556);
|
||||
}
|
||||
Loading…
Reference in New Issue
Block a user