The next generation of the Teknik Services. Written in ASP.NET. https://www.teknik.io/
You can not select more than 25 topics Topics must start with a letter or number, can include dashes ('-') and can be up to 35 characters long.

AccountService.cs 3.9KB

123456789101112131415161718192021222324252627282930313233343536373839404142434445464748495051525354555657585960616263646566676869707172737475767778798081828384858687888990919293949596979899100101102103104105106107
  1. using IdentityModel;
  2. using IdentityServer4.Extensions;
  3. using IdentityServer4.Services;
  4. using IdentityServer4.Stores;
  5. using Microsoft.AspNetCore.Authentication;
  6. using Microsoft.AspNetCore.Http;
  7. using System.Linq;
  8. using System.Threading.Tasks;
  9. using Teknik.IdentityServer.Models;
  10. using Teknik.IdentityServer.Options;
  11. using Teknik.IdentityServer.ViewModels;
  12. namespace Teknik.IdentityServer.Services
  13. {
  14. public class AccountService
  15. {
  16. private readonly IClientStore _clientStore;
  17. private readonly IIdentityServerInteractionService _interaction;
  18. private readonly IHttpContextAccessor _httpContextAccessor;
  19. private readonly IAuthenticationSchemeProvider _schemeProvider;
  20. public AccountService(
  21. IIdentityServerInteractionService interaction,
  22. IHttpContextAccessor httpContextAccessor,
  23. IAuthenticationSchemeProvider schemeProvider,
  24. IClientStore clientStore)
  25. {
  26. _interaction = interaction;
  27. _httpContextAccessor = httpContextAccessor;
  28. _schemeProvider = schemeProvider;
  29. _clientStore = clientStore;
  30. }
  31. public async Task<LoginViewModel> BuildLoginViewModelAsync(string returnUrl)
  32. {
  33. var context = await _interaction.GetAuthorizationContextAsync(returnUrl);
  34. var allowLocal = true;
  35. if (context?.ClientId != null)
  36. {
  37. var client = await _clientStore.FindEnabledClientByIdAsync(context.ClientId);
  38. if (client != null)
  39. {
  40. allowLocal = client.EnableLocalLogin;
  41. }
  42. }
  43. return new LoginViewModel
  44. {
  45. AllowRememberLogin = AccountOptions.AllowRememberLogin,
  46. EnableLocalLogin = allowLocal && AccountOptions.AllowLocalLogin,
  47. ReturnUrl = returnUrl,
  48. Username = context?.LoginHint
  49. };
  50. }
  51. public async Task<LoginViewModel> BuildLoginViewModelAsync(LoginInputModel model)
  52. {
  53. var vm = await BuildLoginViewModelAsync(model.ReturnUrl);
  54. vm.Username = model.Username;
  55. vm.RememberMe = model.RememberMe;
  56. return vm;
  57. }
  58. public async Task<LogoutViewModel> BuildLogoutViewModelAsync(string logoutId)
  59. {
  60. var vm = new LogoutViewModel { LogoutId = logoutId, ShowLogoutPrompt = AccountOptions.ShowLogoutPrompt };
  61. var user = _httpContextAccessor.HttpContext.User;
  62. if (user?.Identity.IsAuthenticated != true)
  63. {
  64. // if the user is not authenticated, then just show logged out page
  65. vm.ShowLogoutPrompt = false;
  66. return vm;
  67. }
  68. var context = await _interaction.GetLogoutContextAsync(logoutId);
  69. if (context?.ShowSignoutPrompt == false)
  70. {
  71. // it's safe to automatically sign-out
  72. vm.ShowLogoutPrompt = false;
  73. return vm;
  74. }
  75. // show the logout prompt. this prevents attacks where the user
  76. // is automatically signed out by another malicious web page.
  77. return vm;
  78. }
  79. public async Task<LoggedOutViewModel> BuildLoggedOutViewModelAsync(string logoutId)
  80. {
  81. // get context information (client name, post logout redirect URI and iframe for federated signout)
  82. var logout = await _interaction.GetLogoutContextAsync(logoutId);
  83. var vm = new LoggedOutViewModel
  84. {
  85. AutomaticRedirectAfterSignOut = AccountOptions.AutomaticRedirectAfterSignOut,
  86. PostLogoutRedirectUri = logout?.PostLogoutRedirectUri,
  87. ClientName = logout?.ClientId,
  88. SignOutIframeUrl = logout?.SignOutIFrameUrl,
  89. LogoutId = logoutId
  90. };
  91. return vm;
  92. }
  93. }
  94. }