-
Notifications
You must be signed in to change notification settings - Fork 218
/
Copy pathAccountController.cs
177 lines (164 loc) · 7 KB
/
AccountController.cs
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
145
146
147
148
149
150
151
152
153
154
155
156
157
158
159
160
161
162
163
164
165
166
167
168
169
170
171
172
173
174
175
176
177
// Copyright (c) Microsoft Corporation. All rights reserved.
// Licensed under the MIT License.
using System.Collections.Generic;
using System.Threading.Tasks;
using Microsoft.AspNetCore.Authentication;
using Microsoft.AspNetCore.Authentication.Cookies;
using Microsoft.AspNetCore.Authentication.OAuth;
using Microsoft.AspNetCore.Authentication.OpenIdConnect;
using Microsoft.AspNetCore.Authorization;
using Microsoft.AspNetCore.Mvc;
using Microsoft.Extensions.Options;
namespace Microsoft.Identity.Web.UI.Areas.MicrosoftIdentity.Controllers
{
/// <summary>
/// Controller used in web apps to manage accounts.
/// </summary>
[NonController]
[AllowAnonymous]
[Area("MicrosoftIdentity")]
[Route("[area]/[controller]/[action]")]
public class AccountController : Controller
{
private readonly IOptionsMonitor<MicrosoftIdentityOptions> _optionsMonitor;
/// <summary>
/// Constructor of <see cref="AccountController"/> from <see cref="MicrosoftIdentityOptions"/>
/// This constructor is used by dependency injection.
/// </summary>
/// <param name="microsoftIdentityOptionsMonitor">Configuration options.</param>
public AccountController(IOptionsMonitor<MicrosoftIdentityOptions> microsoftIdentityOptionsMonitor)
{
_optionsMonitor = microsoftIdentityOptionsMonitor;
}
/// <summary>
/// Handles user sign in.
/// </summary>
/// <param name="scheme">Authentication scheme.</param>
/// <param name="redirectUri">Redirect URI.</param>
/// <returns>Challenge generating a redirect to Azure AD to sign in the user.</returns>
[HttpGet("{scheme?}")]
public IActionResult SignIn(
[FromRoute] string scheme,
[FromQuery] string redirectUri)
{
scheme ??= OpenIdConnectDefaults.AuthenticationScheme;
string redirect;
if (!string.IsNullOrEmpty(redirectUri) && Url.IsLocalUrl(redirectUri))
{
redirect = redirectUri;
}
else
{
redirect = Url.Content("~/")!;
}
return Challenge(
new AuthenticationProperties { RedirectUri = redirect },
scheme);
}
/// <summary>
/// Challenges the user.
/// </summary>
/// <param name="redirectUri">Redirect URI.</param>
/// <param name="scope">Scopes to request.</param>
/// <param name="loginHint">Login hint.</param>
/// <param name="domainHint">Domain hint.</param>
/// <param name="claims">Claims.</param>
/// <param name="policy">AAD B2C policy.</param>
/// <param name="scheme">Authentication scheme.</param>
/// <returns>Challenge generating a redirect to Azure AD to sign in the user.</returns>
[HttpGet("{scheme?}")]
public IActionResult Challenge(
string redirectUri,
string scope,
string loginHint,
string domainHint,
string claims,
string policy,
[FromRoute] string scheme)
{
scheme ??= OpenIdConnectDefaults.AuthenticationScheme;
Dictionary<string, string?> items = new Dictionary<string, string?>
{
{ Constants.Claims, claims },
{ Constants.Policy, policy },
};
Dictionary<string, object?> parameters = new Dictionary<string, object?>
{
{ Constants.LoginHint, loginHint },
{ Constants.DomainHint, domainHint },
};
OAuthChallengeProperties oAuthChallengeProperties = new OAuthChallengeProperties(items, parameters);
if (scope != null)
{
oAuthChallengeProperties.Scope = scope.Split(" ");
}
oAuthChallengeProperties.RedirectUri = redirectUri;
return Challenge(
oAuthChallengeProperties,
scheme);
}
/// <summary>
/// Handles the user sign-out.
/// </summary>
/// <param name="scheme">Authentication scheme.</param>
/// <returns>Sign out result.</returns>
[HttpGet("{scheme?}")]
public IActionResult SignOut(
[FromRoute] string scheme)
{
if (AppServicesAuthenticationInformation.IsAppServicesAadAuthenticationEnabled)
{
if (AppServicesAuthenticationInformation.LogoutUrl != null)
{
return LocalRedirect(AppServicesAuthenticationInformation.LogoutUrl);
}
return Ok();
}
else
{
scheme ??= OpenIdConnectDefaults.AuthenticationScheme;
var callbackUrl = Url.Page("/Account/SignedOut", pageHandler: null, values: null, protocol: Request.Scheme);
return SignOut(
new AuthenticationProperties
{
RedirectUri = callbackUrl,
},
CookieAuthenticationDefaults.AuthenticationScheme,
scheme);
}
}
/// <summary>
/// In B2C applications handles the Reset password policy.
/// </summary>
/// <param name="scheme">Authentication scheme.</param>
/// <returns>Challenge generating a redirect to Azure AD B2C.</returns>
[HttpGet("{scheme?}")]
public IActionResult ResetPassword([FromRoute] string scheme)
{
scheme ??= OpenIdConnectDefaults.AuthenticationScheme;
var redirectUrl = Url.Content("~/");
var properties = new AuthenticationProperties { RedirectUri = redirectUrl };
properties.Items[Constants.Policy] = _optionsMonitor.Get(scheme).ResetPasswordPolicyId;
return Challenge(properties, scheme);
}
/// <summary>
/// In B2C applications, handles the Edit Profile policy.
/// </summary>
/// <param name="scheme">Authentication scheme.</param>
/// <returns>Challenge generating a redirect to Azure AD B2C.</returns>
[HttpGet("{scheme?}")]
public async Task<IActionResult> EditProfile([FromRoute] string scheme)
{
scheme ??= OpenIdConnectDefaults.AuthenticationScheme;
var authenticated = await HttpContext.AuthenticateAsync(scheme).ConfigureAwait(false);
if (!authenticated.Succeeded)
{
return Challenge(scheme);
}
var redirectUrl = Url.Content("~/");
var properties = new AuthenticationProperties { RedirectUri = redirectUrl };
properties.Items[Constants.Policy] = _optionsMonitor.Get(scheme).EditProfilePolicyId;
return Challenge(properties, scheme);
}
}
}