DotBased.AspNet.Authority/AuthorityDefaults.cs

@@ -27,14 +27,6 @@ public static class AuthorityDefaults
         public const string Default = "/";
         public const string Login = "/auth/login";
         public const string Logout = "/auth/logout";
-        public const string Challenge = "/auth/challenge";
         public const string Forbidden = "/forbidden";
-        public const string Info = "/info";
-    }
-    
-    public static class ClaimTypes
-    {
-        public const string Attribute = "Authority.Attribute";
-        public const string AuthenticatedScheme = "Authority.Scheme.Authenticated";
     }
 }

DotBased.AspNet.Authority/Controllers/AuthorityController.cs

@@ -1,6 +1,4 @@
 using System.Text.Json;
-using DotBased.AspNet.Authority.Models.Data.System;
-using DotBased.AspNet.Authority.Services;
 using Microsoft.AspNetCore.Authentication;
 using Microsoft.AspNetCore.Authorization;
 using Microsoft.AspNetCore.Mvc;
@@ -11,7 +9,7 @@ namespace DotBased.AspNet.Authority.Controllers;
 [Route("[controller]")]
 public class AuthorityController(IAuthenticationService authenticationService) : ControllerBase
 {
-    [HttpGet(AuthorityDefaults.Paths.Login)]
+    [HttpGet("auth/login")]
     [AllowAnonymous]
     public async Task<ActionResult> LoginFromSchemeAsync([FromQuery(Name = "s")] string? scheme, [FromQuery(Name = "ss")] string? sessionScheme)
     {
@@ -19,41 +17,17 @@ public class AuthorityController(IAuthenticationService authenticationService) :
         return Ok();
     }
 
-    [HttpGet(AuthorityDefaults.Paths.Challenge)]
+    [HttpGet("auth/logout")]
-    [AllowAnonymous]
-    public IActionResult ChallengeLogin([FromQuery(Name = "s")] string? scheme, [FromQuery(Name = "returnUrl")] string returnUrl = "/")
-    {
-        return Challenge(scheme, returnUrl);
-    }
-
-    [HttpGet(AuthorityDefaults.Paths.Logout)]
     public async Task<ActionResult> LogoutAsync()
     {
         await HttpContext.SignOutAsync();
         return Ok();
     }
 
-    [HttpGet(AuthorityDefaults.Paths.Info)]
+    [HttpGet("info")]
     [AllowAnonymous]
     public async Task<ActionResult<JsonDocument>> GetAuthorityInfoAsync()
     {
-        if (authenticationService is not AuthorityAuthenticationService authService)
+        return Ok();
-        {
-            return BadRequest();
-        }
-
-        var schemesInfos = authService.GetAllSchemeInfos();
-        
-        var info = new AuthorityInformation
-        {
-            IsAuthenticated = false,
-            SchemeInformation = new SchemeInformation
-            {
-                DefaultScheme = authService.Options.DefaultScheme ?? "Unknown",
-                AvailableSchemes = schemesInfos.ToList()
-            }
-        };
-        
-        return Ok(info);
     }
 }

DotBased.AspNet.Authority/Handlers/AuthorityLoginAuthenticationHandler.cs

@@ -1,5 +1,3 @@
-using System.Buffers.Text;
-using System.Net.Http.Headers;
 using System.Security.Claims;
 using System.Text.Encodings.Web;
 using DotBased.AspNet.Authority.Managers;
@@ -7,7 +5,6 @@ using DotBased.AspNet.Authority.Models.Options.Auth;
 using Microsoft.AspNetCore.Authentication;
 using Microsoft.Extensions.Logging;
 using Microsoft.Extensions.Options;
-using Microsoft.Extensions.Primitives;
 
 namespace DotBased.AspNet.Authority.Handlers;
 
@@ -22,81 +19,8 @@ public class AuthorityLoginAuthenticationHandler(IOptionsMonitor<AuthorityLoginO
     // Validate credentials
     protected override async Task<AuthenticateResult> HandleAuthenticateAsync()
     {
-        var authResult = GetBasicAuthorization(out var email, out var password);
+        var ticket = new AuthenticationTicket(new ClaimsPrincipal(), Scheme.Name);
-        if (authResult != null || string.IsNullOrEmpty(email) || string.IsNullOrEmpty(password))
-        {
-            return AuthenticateResult.Fail(authResult ?? "Failed to get basic authorization from header.");
-        }
-        
-        var userResult = await manager.GetUserByEmailAsync(email);
-        if (userResult is { IsSuccess: false, Error: not null })
-        {
-            return AuthenticateResult.Fail(userResult.Error.Description);
-        }
-        var user = userResult.Value;
-        
-        var passwordValidateResult = await manager.ValidatePasswordAsync(user, password);
-        if (!passwordValidateResult.IsSuccess)
-        {
-            return AuthenticateResult.Fail(passwordValidateResult.Error?.Description ?? "Failed to validate password.");
-        }
-
-        var identityClaims = new List<Claim>();
-        var rolesResult = await manager.GetAllUserRolesAsync(user);
-        if (rolesResult.IsSuccess)
-        {
-            var roles = rolesResult.Value;
-            foreach (var authorityRole in roles)
-            {
-                identityClaims.Add(new Claim(ClaimTypes.Role, authorityRole.Name));
-            }
-        }
-        
-        var principal = new ClaimsPrincipal(new ClaimsIdentity(identityClaims, Scheme.Name));
-        var ticket = new AuthenticationTicket(principal, Scheme.Name);
         var result = AuthenticateResult.Success(ticket);
         return result;
     }
-
-    private string? GetBasicAuthorization(out string? email, out string? password)
-    {
-        email = null;
-        password = null;
-        
-        if (StringValues.IsNullOrEmpty(Context.Request.Headers.Authorization))
-        {
-            return "Missing authorization header";
-        }
-
-        var basicAuth = string.Empty;
-        foreach (var authorizationValue in Context.Request.Headers.Authorization)
-        {
-            if (string.IsNullOrWhiteSpace(authorizationValue))
-            {
-                continue;
-            }
-
-            if (AuthenticationHeaderValue.TryParse(authorizationValue, out var basicAuthHeader) && !string.IsNullOrWhiteSpace(basicAuthHeader.Parameter))
-            {
-                basicAuth = basicAuthHeader.Parameter;
-            }
-        }
-
-        if (!Base64.IsValid(basicAuth))
-        {
-            return "Invalid basic authorization data!";
-        }
-        
-        var base64Auth = Convert.FromBase64String(basicAuth);
-        var decodedAuth = System.Text.Encoding.UTF8.GetString(base64Auth);
-        var parts = decodedAuth.Split(':');
-        if (parts.Length != 2)
-        {
-            return "No email and/or password found!";
-        }
-
-        email = parts[0];
-        password = parts[1];
-        return null;
-    }
 }

DotBased.AspNet.Authority/Managers/AuthorityUserManager.cs

@@ -36,22 +36,6 @@ public partial class AuthorityManager
         return errors.Count > 0 ? ValidationResult.Fail(errors) : ValidationResult.Success();
     }
 
-    public async Task<Result<AuthorityUser>> GetUserByEmailAsync(string email)
-    {
-        if (string.IsNullOrEmpty(email))
-        {
-            return ResultError.Fail("No email given.");
-        }
-
-        var user = await userRepository.GetUserByEmailAsync(email);
-        if (user == null)
-        {
-            return ResultError.Fail("No user found with given email.");
-        }
-
-        return user;
-    }
-
     public async Task<Result<QueryItems<AuthorityUserItem>>> SearchUsersAsync(string query, int maxResults = 20, int offset = 0, CancellationToken cancellationToken = default)
     {
         var result = await UserRepository.GetUsersAsync(maxResults, offset, query, cancellationToken);

DotBased.AspNet.Authority/Models/Data/System/AboutModel.cs

@@ -0,0 +1,10 @@
+using DotBased.AspNet.Authority.Models.Data.Auth;
+
+namespace DotBased.AspNet.Authority.Models.Data.System;
+
+public class AboutModel
+{
+    public string Name { get; set; } = "Authority.Server";
+    public List<AuthenticationType> AuthenticationTypes { get; set; } = [];
+    public List<AuthenticationSessionType> SessionTypes { get; set; } = [];
+}

DotBased.AspNet.Authority/Models/Data/System/AuthorityInformation.cs

@@ -1,25 +0,0 @@
-using DotBased.AspNet.Authority.Models.Data.Auth;
-using DotBased.AspNet.Authority.Models.Options.Auth;
-
-namespace DotBased.AspNet.Authority.Models.Data.System;
-
-public class AuthorityInformation
-{
-    public string ServerName { get; set; } = "Authority.Server";
-    public bool IsAuthenticated { get; set; }
-    public List<AuthenticationType> AuthenticationTypes { get; set; } = [];
-    public List<AuthenticationSessionType> SessionTypes { get; set; } = [];
-    public SchemeInformation? SchemeInformation { get; set; }
-    public AuthenticatedInformation? AuthenticatedInformation { get; set; }
-}
-
-public class SchemeInformation
-{
-    public string? DefaultScheme { get; set; }
-    public List<SchemeInfo> AvailableSchemes { get; set; } = [];
-}
-
-public class AuthenticatedInformation
-{
-    public string? AuthenticatedScheme { get; set; }
-}

DotBased.AspNet.Authority/Models/Options/Auth/AuthorityAuthenticationOptions.cs

@@ -22,7 +22,6 @@ public class SchemeInfo
     public string Description { get; set; } = string.Empty;
     public SchemeType Type { get; set; }
     public string AuthenticationType { get; set; } = string.Empty;
-    public string? Endpoint { get; set; }
 }
 
 public enum SchemeType

DotBased.AspNet.Authority/Services/AuthorityAuthenticationService.cs

@@ -27,7 +27,7 @@ public class AuthorityAuthenticationService(
         return base.AuthenticateAsync(context, scheme);
     }
 
-    // Trigger login - Redirects to provider (OIDC, etc.)
+    // Trigger login
     // Used when access to a resource requires authentication, but the user has not provided valid credentials.
     public override Task ChallengeAsync(HttpContext context, string? scheme, AuthenticationProperties? properties)
     {

TestWebApi/Program.cs

@@ -33,26 +33,23 @@ builder.Services.AddAuthority()
 .MapAuthorityEndpoints()
 .AddAuthorityAuth(options =>
 {
-    options.DefaultScheme = AuthorityDefaults.Scheme.Authority.AuthenticationScheme;
+    options.DefaultScheme = AuthorityDefaults.Scheme.Cookie.AuthenticationScheme;
-    options.DefaultAuthenticateScheme = AuthorityDefaults.Scheme.Authority.AuthenticationScheme;
+    options.DefaultSignInScheme = AuthorityDefaults.Scheme.Authority.AuthenticationScheme;
-    options.DefaultSignInScheme = AuthorityDefaults.Scheme.Cookie.AuthenticationScheme;
+    options.DefaultSignOutScheme = AuthorityDefaults.Scheme.Authority.AuthenticationScheme;
-    options.DefaultSignOutScheme = AuthorityDefaults.Scheme.Cookie.AuthenticationScheme;
     options.SchemeInfoMap = [
         new SchemeInfo
         {
             Scheme = AuthorityDefaults.Scheme.Authority.AuthenticationScheme,
             Description = "Authority password login",
             Type = SchemeType.Authentication,
-            AuthenticationType = "Password",
+            AuthenticationType = "Password"
-            Endpoint = AuthorityDefaults.Paths.Login
         },
         /*new SchemeInfo
         {
             Scheme = "OIDC",
             Description = "Authentik OIDC login",
             Type = SchemeType.Authentication,
-            AuthenticationType = "OpenIdConnect",
+            AuthenticationType = "OpenIdConnect"
-            Endpoint = AuthorityDefaults.Paths.Challenge
         },*/
         new SchemeInfo
         {

TestWebApi/TestWebApi.csproj

@@ -25,8 +25,4 @@
       <ProjectReference Include="..\DotBased\DotBased.csproj" />
     </ItemGroup>
 
-    <ItemGroup>
-      <Folder Include="Migrations\" />
-    </ItemGroup>
-
 </Project>