Is there a way with Razor pages code behind to load a static file as I can do with a traditional MVC controller? I've been playing around with this for a few hours this morning and can't seem to find a way to accomplish this. Any input is appreciated!
Razor Page Code Behind:
public async void OnGetAsync()
{
var request = HttpContext.Request;
var sessionId = request.Query.FirstOrDefault().Value;
var session = await _httpService.ValidateSession(sessionId);
if (!string.IsNullOrEmpty(session?.UserId))
{
var claims = new List<Claim>()
{
new Claim(CustomClaimTypes.UserId, session.UserId),
new Claim(CustomClaimTypes.BuId, session.BuId),
new Claim(CustomClaimTypes.SecurityLevel, session.SecurityLevel)
};
var identity = new ClaimsIdentity(claims, "TNReadyEVP");
var principal = new ClaimsPrincipal(identity);
await HttpContext.SignInAsync(CookieAuthenticationDefaults.AuthenticationScheme, principal,
new AuthenticationProperties { ExpiresUtc = DateTime.Now.AddMinutes(60), IsPersistent = true, AllowRefresh = false });
var isAuthenticated = principal.Identity.IsAuthenticated;
Redirect("~/wwwroot/index.html");## Heading ##
}
else
{
RedirectToPage("./Error");
}
MVC Controller
public async Task<IActionResult> SignIn()
{
var sessionId = HttpContext.Request.Query.FirstOrDefault().Value;
var session = await _httpService.ValidateSession(sessionId);
if (!string.IsNullOrEmpty(session?.UserId))
{
var claims = new List<Claim>()
{
new Claim(CustomClaimTypes.UserId, session.UserId),
new Claim(CustomClaimTypes.BuId, session.BuId),
new Claim(CustomClaimTypes.SecurityLevel, session.SecurityLevel)
};
var identity = new ClaimsIdentity(claims, "TNReadyEVP");
var principal = new ClaimsPrincipal(identity);
await HttpContext.SignInAsync(CookieAuthenticationDefaults.AuthenticationScheme, principal,
new AuthenticationProperties { ExpiresUtc = DateTime.Now.AddMinutes(20), IsPersistent = true, AllowRefresh = false });
var isAuthenticated = principal.Identity.IsAuthenticated;
}
else
{
return Forbid();
}
return View("~/wwwroot/index.html");
}
First I'd like to say that Core 2 is absolutely terrible at reporting errors. Sometimes it does, sometimes code will fail with no Exception report. Aside from that Core 2 is great.
Here's the answer, you'll see I changed the method signature to return IActionResult which enables the use of RedirectToPage and File.
public async Task<IActionResult> OnGetAsync()
{
var request = HttpContext.Request;
var sessionId = request.Query.FirstOrDefault().Value;
var session = await _httpService.ValidateSession(sessionId);
if (!string.IsNullOrEmpty(sessionId))
{
var claims = new List<Claim>()
{
new Claim(CustomClaimTypes.UserId, session.UserId),
new Claim(CustomClaimTypes.BuId, session.BuId),
new Claim(CustomClaimTypes.SecurityLevel, session.SecurityLevel)
};
var identity = new ClaimsIdentity(claims, "TNReadyEVP");
var principal = new ClaimsPrincipal(identity);
await HttpContext.SignInAsync(CookieAuthenticationDefaults.AuthenticationScheme, principal,
new AuthenticationProperties { ExpiresUtc = DateTime.Now.AddMinutes(60), IsPersistent = true, AllowRefresh = false });
var isAuthenticated = principal.Identity.IsAuthenticated;
return File("index.html", "text/html");
}
else
{
return RedirectToPage("Error");
}
}
I suspect the root of the problem is:
public async void OnGetAsync()
You are dispatching an asynchronous operation that is not being awaited, and the context will be disposed - see cannot access a disposed object asp net identitycore and aspnet Mvc issues 7011
FIX: Always use
public async Task OnGetAsync()
I echo above thoughts about need to report errors rather than sticking your head in the sand. In this case the failure of ASP.NET Core 2.2 to report the error means that you'll have lots of weird problems until you change the method signature.
Related
I need to create a unit test for this function that resides inside the HomeModel razor page
public async Task<IActionResult> OnGetCurrencyAsync(string currency, CancellationToken ct = default)
{
var returnUrl = Request.Headers["Referer"].ToString();
var path = new System.Uri(returnUrl).LocalPath;
if (string.IsNullOrWhiteSpace(path) || !Url.IsLocalUrl(path))
returnUrl = Url.Content("~/");
var session = await _currentUserService.GetOrInitializeSessionAsync(ct);
if (!currency.IsNullOrEmpty())
{
session.Currency = currency;
await _currentUserService.SetSession(session, ct);
}
return Redirect(returnUrl);
}
Till now I've created the following test
[Fact]
public async Task Test1()
{
var returnUrl = "https://localhost:44317/paris";
var currentuserService = new Mock<ICurrentUserService>();
var options = new Mock<IOptions<Core.Configuration.AppSettings>>();
var navigationMenu = new Mock<INavigationMenu>();
var productModelService = new Mock<IProductModelService>();
var userSavedProductRepository = new Mock<IUserSavedProductRepository>();
var userSavedProductService = new Mock<IUserSavedProductService>();
var homePage = new HomeModel(currentuserService.Object, options.Object, navigationMenu.Object, productModelService.Object, userSavedProductService.Object, userSavedProductRepository.Object);
var res = await homePage.OnGetCurrencyAsync("EUR", CancellationToken.None);
Assert.IsType<RedirectResult>(res);
var redirectResult = (RedirectResult)res;
Assert.True(returnUrl == redirectResult.Url);
}
But when I execute it, I got that .Request is null..
How can I correctly set it up?
The PageContext of the subject PageModel needs a HttpContext that contains the desired Request setup to satisfy the subject under test.
Reference: Razor Pages unit tests in ASP.NET Core: Unit tests of the page model methods
//Arrange
var returnUrl = "https://localhost:44317/paris";
//...code omitted for brevity
// use a default context to have access to a request
var httpContext = new DefaultHttpContext();
httpContext.Request.Headers["Referer"] = returnUrl; //<--
//these are needed as well for the page context
var modelState = new ModelStateDictionary();
var actionContext = new ActionContext(httpContext, new RouteData(), new PageActionDescriptor(), modelState);
var modelMetadataProvider = new EmptyModelMetadataProvider();
var viewData = new ViewDataDictionary(modelMetadataProvider, modelState);
// need page context for the page model
var pageContext = new PageContext(actionContext) {
ViewData = viewData
};
//create model with necessary dependencies applied
var homePage = new HomeModel(currentuserService.Object, options.Object, navigationMenu.Object, productModelService.Object, userSavedProductService.Object, userSavedProductRepository.Object) {
PageContext = pageContext, //<--
Url = new UrlHelper(actionContext)
};
//Act
//...omitted for brevity
I have a .NET Core 3.1 project using Identity. For the Login page handler I have added a line of code that after a user logs in, it updates a users location based on their IP address:
_locationRepository.UpdateUserLocationAsync(HttpContext.Connection.RemoteIpAddress);
Full Code
public async Task<IActionResult> OnPostAsync(string returnUrl = null)
{
returnUrl = returnUrl ?? Url.Content("~/");
if (ModelState.IsValid)
{
// This doesn't count login failures towards account lockout
// To enable password failures to trigger account lockout, set lockoutOnFailure: true
var result = await _signInManager.PasswordSignInAsync(Input.Email, Input.Password, Input.RememberMe, lockoutOnFailure: false);
if (result.Succeeded)
{
_locationRepo.UpdateUserLocation(HttpContext.Connection.RemoteIpAddress);
_logger.LogInformation("User logged in.");
return LocalRedirect(returnUrl);
}
if (result.RequiresTwoFactor)
{
return RedirectToPage("./LoginWith2fa", new { ReturnUrl = returnUrl, RememberMe = Input.RememberMe });
}
if (result.IsLockedOut)
{
_logger.LogWarning("User account locked out.");
return RedirectToPage("./Lockout");
}
else
{
ModelState.AddModelError(string.Empty, "Invalid login attempt.");
return Page();
}
}
// If we got this far, something failed, redisplay form
return Page();
}
My problem is when writing the unit test, I don't know how to properly mock the HttpContext. I keep getting a null reference exception regardless of what I have tried.
var httpContext = new Mock<HttpContext>();
httpContext.Setup(x => x.Connection.RemoteIpAddress).Returns(new IPAddress(16885952));
How do I mock the RemoteIpAddress?
Xunit + FakeItEasy
var mockHttpContextAccessor = new Fake<IHttpContextAccessor>();
var httpContext = new DefaultHttpContext()
{
Connection =
{
RemoteIpAddress = new IPAddress(16885952)
}
};
mockHttpContextAccessor.CallsTo(x => x.HttpContext)
.Returns(httpContext);
var extractedIpAddress = IpExtractor.GetIpAddress(httpContext);
//assert 192.168.1.1
Here is my solution
public static void MockIpAddress(this ControllerBase controller)
{
controller.ControllerContext = new ControllerContext()
{
HttpContext = new DefaultHttpContext()
{
Connection =
{
RemoteIpAddress = new System.Net.IPAddress(16885952)
}
}
};
}
The setup you have won't match any call. You need to mock the Connection as well:
var connectionMock = new Mock<Microsoft.AspNetCore.Http.ConnectionInfo>(MockBehavior.Strict);
connectionMock.SetupGet(c => c.RemoteIpAddress).Returns(new IPAddress(16885952));
var httpContext = new Mock<HttpContext>(MockBehavior.Strict);
httpContext.SetupGet(x => x.Connection).Returns(connectionMock.Object);
Set your MockBehavior to Strict to throw exceptions when calls are made to properties or methods that weren't set up properly.
I am implementing JWT refresh token, and setting different time expire for refresh token, but it is taking expire time same as access token
var refreshTokenId = Guid.NewGuid().ToString("n");
DateTime refreshTokenLifeTime = context.OwinContext.Get<DateTime>("as:clientRefreshTokenLifeTime");
To save in database
RefreshToken refreshToken = new RefreshToken();
refreshToken.Token = refreshTokenId;
refreshToken.PrivateKey = context.SerializeTicket();
refreshToken.ExpiryDate = refreshTokenLifeTime;
End saving Db
context.Ticket.Properties.IssuedUtc = DateTime.Now;
context.Ticket.Properties.ExpiresUtc = refreshTokenLifeTime;
context.SetToken(refreshTokenId);
context.SetToken(context.SerializeTicket());
Any help what I am doing wrong?
The refresh token does not extend the time of expiration, this is called sliding expiration and you cannot do it with access tokens. I have used the refresh token to update user Roles, not the expiration time.
Check this Link for Slidingexpiration
I used the below code to refresh token and persisting it
public class SimpleRefreshTokenProvider : IAuthenticationTokenProvider
{
public async Task CreateAsync(AuthenticationTokenCreateContext context)
{
var clientid = context.Ticket.Properties.Dictionary["as:client_id"];
if (string.IsNullOrEmpty(clientid))
{
return;
}
var refreshTokenId = Guid.NewGuid().ToString("n");
using (AuthRepository _repo = new AuthRepository())
{
var refreshTokenLifeTime = context.OwinContext.Get<string>("as:clientRefreshTokenLifeTime");
var token = new RefreshToken()
{
Id = Helper.GetHash(refreshTokenId),
ClientId = clientid,
Subject = context.Ticket.Identity.Name,
IssuedUtc = DateTime.UtcNow,
ExpiresUtc = DateTime.UtcNow.AddMinutes(Convert.ToDouble(refreshTokenLifeTime))
};
context.Ticket.Properties.IssuedUtc = token.IssuedUtc;
context.Ticket.Properties.ExpiresUtc = token.ExpiresUtc;
token.ProtectedTicket = context.SerializeTicket();
var result = await _repo.AddRefreshToken(token);
if (result)
{
context.SetToken(refreshTokenId);
}
}
}
public async Task ReceiveAsync(AuthenticationTokenReceiveContext context)
{
var allowedOrigin = context.OwinContext.Get<string>("as:clientAllowedOrigin");
context.OwinContext.Response.Headers.Add("Access-Control-Allow-Origin", new[] { allowedOrigin });
string hashedTokenId = Helper.GetHash(context.Token);
using (AuthRepository _repo = new AuthRepository())
{
var refreshToken = await _repo.FindRefreshToken(hashedTokenId);
if (refreshToken != null )
{
//Get protectedTicket from refreshToken class
context.DeserializeTicket(refreshToken.ProtectedTicket);
var result = await _repo.RemoveRefreshToken(hashedTokenId);
}
}
}
}
Now the request context contains all the claims stored previously for this user, and you need to add the logic which allows you to issue new claims or update the existing claims and contain them into the new access token generated before
you need the add the below code in the AuthorizationServerProvider Class you have.
public override Task GrantRefreshToken(OAuthGrantRefreshTokenContext context)
{
var originalClient = context.Ticket.Properties.Dictionary["as:client_id"];
var currentClient = context.ClientId;
if (originalClient != currentClient)
{
context.SetError("invalid_clientId", "Refresh token is issued to a different clientId.");
return Task.FromResult<object>(null);
}
// Change auth ticket for refresh token requests
var newIdentity = new ClaimsIdentity(context.Ticket.Identity);
newIdentity.AddClaim(new Claim("newClaim", "newValue"));
var newTicket = new AuthenticationTicket(newIdentity, context.Ticket.Properties);
context.Validated(newTicket);
return Task.FromResult<object>(null);
}
This is wrong
DateTime refreshTokenLifeTime = context.OwinContext.Get<DateTime>("as:clientRefreshTokenLifeTime");
you are reading the lifetime, not setting it to any new value.
I'm using OWIN for authentication in ASP.NET MVC 5.
My project works perfectly in localhost with IIS Express. The problem is when I upload the project in a web server.
I log in and the application works fine for a moment. Then, it seems as if the session has expired. The HttpContext.User.Identity.Name is empty.
This is my action filter:
public override void OnActionExecuting(ActionExecutingContext context)
{
if (string.IsNullOrEmpty(context.HttpContext.User.Identity.Name))
{
context.Result = new RedirectResult("authentication");
return;
}
}
and this is my login
public JsonResult Login(LoginModel input)
{
if (ModelState.IsValid)
{
if(_AuthenticationLogica.ChecarUsuario(input.User, input.Pass))
{
int idUser = _AuthenticationLogica.GetIdUser(input.User);
var identity = new ClaimsIdentity(new[] { new Claim(ClaimTypes.Name, input.Usuario), new Claim(ClaimTypes.Sid, idUsuario+"") },DefaultAuthenticationTypes.ApplicationCookie,ClaimTypes.Name, ClaimTypes.Role);
foreach (var item in _UsuariosLogica.GetPermissionUser(idUser))
{
identity.AddClaim(new Claim(ClaimTypes.Role, item.IdDerecho + ""));
}
var claimsPrincipal = new ClaimsPrincipal(identity);
// Set current principal
Thread.CurrentPrincipal = claimsPrincipal;
// if you want roles, just add as many as you want here (for loop maybe?)
identity.AddClaim(new Claim(ClaimTypes.Role, "guest"));
// tell OWIN the identity provider, optional
// identity.AddClaim(new Claim(IdentityProvider, "Simplest Auth"));
int id = _AuthenticationLogica.ObtenerIdUsuario("jcsoto");
Authentication.SignIn(new AuthenticationProperties
{
IsPersistent = true
}, identity);
FormsAuthentication.SetAuthCookie(input.Usuario, true);
return Json(new { Resultado = 0, Mensaje = "Ready", IdUser = idUser });
}
}
return Json(new { Resultado = 1, Mensaje = "User or pass wrong" });
}
I am setting up a multi tenant application and I am having issues creating a GraphServiceClient.
I have to following AuthorizationCodeReceived:
AuthorizationCodeReceived = async context =>
{
var tenantId =
context.AuthenticationTicket.Identity.FindFirst("http://schemas.microsoft.com/identity/claims/tenantid").Value;
var authenticationContext = new AuthenticationContext("https://login.microsoftonline.com/"+ tenantId);
await authenticationContext.AcquireTokenByAuthorizationCodeAsync(
context.Code,
new Uri("http://localhost:21925"),
new ClientCredential(ClientId, ClientSecret),
"https://graph.microsoft.com");
}
This works perfectly to authenticate the user. I am using fiddler, and I see that a new bearer token was given by login.microsoftonline.com/{tenantid}/oauth2/token
When creating a new Graph Service Client I use the following factory method:
public IGraphServiceClient CreateGraphServiceClient()
{
var client = new GraphServiceClient(
new DelegateAuthenticationProvider(
async requestMessage =>
{
string token;
var currentUserId = ClaimsPrincipal.Current.FindFirst("http://schemas.microsoft.com/identity/claims/objectidentifier").Value;
var currentUserHomeTenantId = ClaimsPrincipal.Current.FindFirst("http://schemas.microsoft.com/identity/claims/tenantid").Value;
var authenticationContext = new AuthenticationContext("https://login.microsoftonline.com/" + currentUserHomeTenantId + "/");
var clientCredential = new ClientCredential(_configuration.ClientId, _configuration.ClientSecret);
try
{
var authenticationResult = await authenticationContext.AcquireTokenSilentAsync(
GraphResourceId,
clientCredential,
new UserIdentifier(currentUserId, UserIdentifierType.UniqueId));
token = authenticationResult.AccessToken;
}
catch (AdalSilentTokenAcquisitionException e)
{
var result = await authenticationContext.AcquireTokenAsync(GraphResourceId, clientCredential);
token = result.AccessToken;
}
requestMessage.Headers.Authorization = new AuthenticationHeaderValue("bearer", token);
}));
return client;
}
This method always throws an AdalSilentAcquisitionException and the AcquireTokenAsync retrieves a new token.
With this token, I am not able to request 'Me' on the graph.
I get the following exception: message=Resource 'some guid' does not exist or one of its queried reference-property objects are not present.
However, if I am debugging and I change the token before it is passed to the header, with the value of the one I got previously right after login in (received from login.microsoftonline.com/{tenantid}/oauth2/token ) then the API call works.
Does anyone know what I am doing wrong? He can I get the acquiretokensilently working?
Update: I have updated the code samples. I have removed the custom cache, and now everything seems to work.
How can I make a custom cache based on the http sessions, making sure the AcquireTokenSilently works.
Preview of not working token cache:
public class WebTokenCache : TokenCache
{
private readonly HttpContext _httpContext;
private readonly string _cacheKey;
public WebTokenCache()
{
_httpContext = HttpContext.Current;
var claimsPrincipal = (ClaimsPrincipal) HttpContext.Current.User;
_cacheKey = BuildCacheKey(claimsPrincipal);
AfterAccess = AfterAccessNotification;
LoadFromCache();
}
private string BuildCacheKey(ClaimsPrincipal claimsPrincipal)
{
var clientId = claimsPrincipal.FindFirst("aud").Value;
return $"{claimsPrincipal.FindFirst("http://schemas.microsoft.com/identity/claims/objectidentifier").Value}_TokenCache";
}
private void LoadFromCache()
{
var token = _httpContext.Cache[_cacheKey];
if (token == null) return;
Deserialize((byte[]) token);
}
private void AfterAccessNotification(TokenCacheNotificationArgs args)
{
if (!HasStateChanged) return;
if (Count > 0)
{
_httpContext.Cache[_cacheKey] = Serialize();
}
else
{
_httpContext.Cache.Remove(_cacheKey);
}
HasStateChanged = false;
}
}
I am trying use the code above and it works well form me.
Please ensure that the GraphResourceId is https://graph.microsoft.com(This resource is requested first time in your startUp class) since the method AcquireTokenSilentAsync will try to retrieve the token from cache based on the resrouce.