David Klempfner DavidKlempfner
DavidKlempfner
/ ForwardToIdentityProvider.cs
Created
December 3, 2023 06:30
ForwardToIdentityProvider
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| private IActionResult ForwardToIdentityProvider(string returnUrl, string loginHint) | |
| { | |
| var callbackUrl = Url.Action(nameof(Callback)); | |
| var props = new AuthenticationProperties | |
| { | |
| RedirectUri = callbackUrl, | |
| Items = | |
| { | |
| { "scheme", OpenIdConnectDefaults.AuthenticationScheme }, | |
| { "returnUrl", returnUrl } |
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| services.AddAuthentication() | |
| .AddOpenIdConnect(OpenIdConnectDefaults.AuthenticationScheme, options => | |
| { | |
| options.Events = new CustomOpenIdConnectEvents(); | |
| }); |
DavidKlempfner
/ CustomOpenIdConnectEvents.cs
Created
October 23, 2023 02:43
CustomOpenIdConnectEvents
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| public class CustomOpenIdConnectEvents : OpenIdConnectEvents | |
| { | |
| public CustomOpenIdConnectEvents() | |
| { | |
| OnRedirectToIdentityProvider = OnRedirectToIdentityProviderImpl; | |
| } | |
| private Task OnRedirectToIdentityProviderImpl(RedirectContext context) | |
| { | |
| if (context.Properties.Items.TryGetValue(AuthorizeRequest.AcrValues, out var acrValues)) |
DavidKlempfner
/ StepUpAuthenticationCallback.cs
Created
October 23, 2023 02:37
StepUpAuthenticationCallback
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| [HttpGet] | |
| [Route("StepUpAuthenticationCallback")] | |
| public HttpResponseMessage StepUpAuthenticationCallback([FromUri(Name = "state")] string state = null) | |
| { | |
| var ticket = _httpContext.GetFormsAuthenticationTicket(); | |
| if (ticket != null) | |
| { | |
| var data = FormsTicketDataModel.FromString(ticket.UserData); | |
| data.TimeOfLast2fa = DateTimeOffset.UtcNow.ToUnixTimeSeconds(); |
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| [HttpGet] | |
| public IActionResult ForwardToIdentityProvider(string returnUrl, string loginHint) | |
| { | |
| ValidateReturnUrl(returnUrl); | |
| var callbackUrl = Url.Action(nameof(Callback)); | |
| const string provider = OpenIdConnectDefaults.AuthenticationScheme; | |
| var props = new AuthenticationProperties | |
| { | |
| RedirectUri = callbackUrl, |
DavidKlempfner
/ StepUpAuthenticationEndpoint.cs
Created
October 22, 2023 23:21
StepUpAuthenticationEndpoint
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| [HttpGet] | |
| [Route("StepUpAuthentication")] | |
| public HttpResponseMessage StepUpAuthentication() | |
| { | |
| var url = @"https://localhost:44349/Account/ForwardToIdentityProvider | |
| ?returnUrl=%2Fconnect%2Fauthorize%2Fcallback%3Fclient_id%3Dpt-web%26response_type%3Dcode%26scope%3Dopenid%2Bread%2Boffline_access%2Bptpro | |
| %26redirect_uri%3Dhttps%253A%252F%252F127.0.0.1%253A44300%252Fauthentication%252FStepUpAuthenticationCallback%26state%3D%257B%2522 | |
| ReturnUrl%2522%253A%2522%252Fconfiguration%252Fcompany%253FshowPaymentInfoDialog%253Dtrue%2522%257D%26acr_values%3Durn%253Aokta%253Aloa%253A2fa%253Aany"; | |
| return CreateRedirectResponse(url); |
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| [Route("stepUpAuthentication/hasUserRecentlyDone2fa")] | |
| [HttpGet] | |
| public HttpResponseMessage HasUserRecentlyDone2fa() | |
| { | |
| var ticket = _httpContext.GetFormsAuthenticationTicket(); | |
| if (ticket != null) | |
| { | |
| var data = FormsTicketDataModel.FromString(ticket.UserData); | |
| var timeOfLast2fa = data?.TimeOfLast2fa ?? 0; | |
| var timeSinceLast2fa = DateTimeOffset.UtcNow - DateTimeOffset.FromUnixTimeSeconds(timeOfLast2fa); |
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| $scope.editPaymentInfo = function () { | |
| $q.when(api.hasUserRecentlyDone2fa()).then(function (data) { | |
| if (!data.HasUserRecentlyDone2fa) { | |
| // Redirect the browser to Okta for 2FA | |
| const returnUrl = window.location.pathname + '?showPaymentInfoDialog=true'; | |
| window.location.href = '/Authentication/StepUpAuthentication?returnUrl=' + encodeURIComponent(returnUrl); | |
| } | |
| else { | |
| // Show edit payment details dialog | |
| } |
DavidKlempfner
/ StepUpAuthenticationCallback.cs
Created
October 21, 2023 00:16
StepUpAuthenticationCallback
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| [HttpGet] | |
| [Route("StepUpAuthenticationCallback")] | |
| public HttpResponseMessage StepUpAuthenticationCallback([FromUri(Name = "state")] string state = null) | |
| { | |
| var ticket = _httpContext.GetFormsAuthenticationTicket(); | |
| if (ticket != null) | |
| { | |
| var data = FormsTicketDataModel.FromString(ticket.UserData); | |
| data.TimeOfLast2fa = DateTimeOffset.UtcNow.ToUnixTimeSeconds(); |
DavidKlempfner
/ CreateFormsTicketDataModel.cs
Created
October 21, 2023 00:09
CreateFormsTicketDataModel
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| private FormsTicketDataModel CreateFormsTicketDataModel(JwtSecurityToken token) | |
| { | |
| var result = new FormsTicketDataModel() | |
| { | |
| SessionId = Guid.NewGuid().ToString() | |
| // Other properties omitted for brevity | |
| }; | |
| var timeOfLast2fa = token.Claims.FirstOrDefault(c => c.Type == "timeOfLast2fa"); | |
| if (timeOfLast2fa != null) |