AuthSessionProvider
Members
Namespace: ASPSecurityKit
Assembly: ASPSecurityKit.dll
Summary
Provides an implementation for IAuthSessionProvider to manage authenticated sessions and obtaining/validating auth identity tokens.
Constructors
#ctor(userService,settings,identityRepository,browser,securityContext,sessionService,authCookieProvider,securityUtility,errorResource)
Summary
Initializes a new instance of the AuthSessionProvider class.
Parameters
| Name | Type | Description |
|---|---|---|
| userService | ASPSecurityKit.IUserService | The user service. |
| settings | ASPSecurityKit.ISecuritySettings | The security settings. |
| identityRepository | ASPSecurityKit.IIdentityRepository | The identity repository. |
| browser | ASPSecurityKit.IBrowser | The browser. |
| securityContext | ASPSecurityKit.ISecurityContext | The security context. |
| sessionService | ASPSecurityKit.ISessionService | The session service. |
| authCookieProvider | ASPSecurityKit.ISecurityUtility | The auth cookie provider. |
| securityUtility | ASPSecurityKit.AuthProviders.IAuthCookieProvider | The security utility. |
| errorResource | ASPSecurityKit.IErrorMessageResourceProvider | The error resource. |
Properties
UserService
Summary
Gets the user service.
Value
The user service.
Settings
Summary
Gets the security settings.
Value
The security settings.
IdentityRepository
Summary
Gets the identity repository.
Value
The identity repository.
Browser
Summary
Gets the browser info object.
Value
The browser info object.
SecurityContext
Summary
Gets the security context.
Value
The security context.
SessionService
Summary
Gets the session service.
Value
The session service.
SecurityUtility
Summary
Gets the security utility.
Value
The security utility.
Methods
GetValidAuthDetails(authUrn,requestService)
Summary
Gets the identity token details for the specified authUrn after validating such things as expiration, firewall, applicability for current request etc.
Returns
The identity token details for the specified authUrn.
Parameters
| Name | Type | Description |
|---|---|---|
| authUrn | System.String | An urn in the format [idTokenType]:[idToken] for instance apikey:[apiKeyGuid]. |
| requestService | ASPSecurityKit.IRequestService | The request service. |
Remarks
First, the identity details object is obtained by calling GetAuth. It’s then validated using IsAuthValid and if validation succeeds, SlideExpiration is invoked.
Login(username,password,rememberMe,letSuspended)
Summary
Authenticates the user and sets up a new db userSession object upon success.
Returns
A LoginResult instance. Check out the other overload Login for more details.
Parameters
| Name | Type | Description |
|---|---|---|
| username | System.String | The username. |
| password | System.String | The password. |
| rememberMe | System.Boolean | if set to true sets up a long-lived session. |
| letSuspended | System.Boolean | If set to true a suspended user is permitted to login; otherwise login is denied. |
Remarks
This method calls the other overload Login with createCookie parameter as false. Use this method for API requests and return appropriate auth details (sessionId/secret) to the calling client so it can sign subsequent API calls.
Login(username,password,rememberMe,letSuspended,createAuthCookie)
Summary
Authenticates the user and sets up a new db userSession object upon success.
Returns
A LoginResult instance with Result equals Success and Auth populated with identity details if login was successful; otherwise a reason of failure. To learn more about the possible reasons of failure, check out Login.
Parameters
| Name | Type | Description |
|---|---|---|
| username | System.String | The username. |
| password | System.String | The password. |
| rememberMe | System.Boolean | if set to true sets up a long-lived session. |
| letSuspended | System.Boolean | If set to true a suspended user is permitted to login; otherwise login is denied. |
| createAuthCookie | System.Boolean | If set to true an auth cookie will be created and added to the response. |
Remarks
This method makes call to Login for login. Additionally, it also sets up a persistent db userSession using CreateNewUserSession. A persistent db userSession entity is required for such things as multi-factor authentication. If calling from a regular (non-ajax) http post as in MVC controller’s actions, you can additionally indicate it to generate an auth Cookie for the new session. Subsequent requests with this cookie will automatically authenticate the request with the same user session identity.
Logout()
Summary
Clears the session data related to the current authenticated user and marks the associated db session object as expired.
Parameters
This method has no parameters.
LoadSession(auth)
Summary
Loads an existing session from cache or creates a new empty session for the specified identity token.
Parameters
| Name | Type | Description |
|---|---|---|
| auth | ASPSecurityKit.IAuthDetails | The identity token details object. |
Remarks
Don’t confuse ‘session’ here with ‘userSession’. The former is a general temporary session applicable to any type of authenticated identity token (APIKey/UserSession/etc.) and is only persisted on the cache for faster reload in subsequent calls. while the latter refers to user session which is a persisted db entity and is created upon user login. Note to implementers: you need not load user details when creating a new session. It’s the job of consuming code to check if session is already filled; if not so, it must call user.load.
IsMFAEnabled(requestService,auth)
Summary
Determines whether multi-factor authentication is enabled for the specified request and identity token.
Returns
true if multi-factor authentication is enabled for the specified request and identity token; otherwise, false.
Parameters
| Name | Type | Description |
|---|---|---|
| requestService | ASPSecurityKit.IRequestService | The request service. |
| auth | ASPSecurityKit.IAuthDetails | The identity token details object. |
Remarks
MFA is considered disabled if GetMFAWhitelistedIPRanges is not null and GetCallerIp is part of GetMFAWhitelistedIPRanges because such networks don’t allow MFA (likely because of ‘no mobile-phone allowed’ policy at the associated offices).
IsAuthValid(auth,requestService)
Summary
Determines whether or not the specified identity token is valid for the given request.
Returns
true if the specified identity token is valid for the given request; otherwise, false.
Parameters
| Name | Type | Description |
|---|---|---|
| auth | ASPSecurityKit.IAuthDetails | The identity token details object. |
| requestService | ASPSecurityKit.IRequestService | The request service. |
Remarks
To learn more about the validations performed by this method, visit https://ASPSecurityKit.net/docs/authentication-schemes/#validating-identity-tokens
GetValidAuthDetailsAsync(authUrn,requestService)
Summary
Gets the identity token details for the specified authUrn after validating such things as expiration, firewall, applicability for current request etc.
Returns
The identity token details for the specified authUrn.
Parameters
| Name | Type | Description |
|---|---|---|
| authUrn | System.String | An urn in the format [idTokenType]:[idToken] for instance apikey:[apiKeyGuid]. |
| requestService | ASPSecurityKit.IRequestService | The request service. |
Remarks
First, the identity details object is obtained by calling GetAuth. It’s then validated using IsAuthValid and if validation succeeds, SlideExpiration is invoked.
GetValidAuthDetailsAsync(authUrn,requestService,cancellationToken)
Summary
Gets the identity token details for the specified authUrn after validating such things as expiration, firewall, applicability for current request etc.
Returns
The identity token details for the specified authUrn.
Parameters
| Name | Type | Description |
|---|---|---|
| authUrn | System.String | An urn in the format [idTokenType]:[idToken] for instance apikey:[apiKeyGuid]. |
| requestService | ASPSecurityKit.IRequestService | The request service. |
| cancellationToken | System.Threading.CancellationToken | The cancellation token. |
Remarks
First, the identity details object is obtained by calling GetAuth. It’s then validated using IsAuthValid and if validation succeeds, SlideExpiration is invoked.
LoginAsync(username,password,rememberMe,letSuspended)
Summary
Authenticates the user and sets up a new db userSession object upon success.
Returns
A LoginResult instance. Check out the other overload Login for more details.
Parameters
| Name | Type | Description |
|---|---|---|
| username | System.String | The username. |
| password | System.String | The password. |
| rememberMe | System.Boolean | if set to true sets up a long-lived session. |
| letSuspended | System.Boolean | If set to true a suspended user is permitted to login; otherwise login is denied. |
Remarks
This method calls the other overload Login with createCookie parameter as false. Use this method for API requests and return appropriate auth details (sessionId/secret) to the calling client so it can sign subsequent API calls.
LoginAsync(username,password,rememberMe,letSuspended,cancellationToken)
Summary
Authenticates the user and sets up a new db userSession object upon success.
Returns
A LoginResult instance. Check out the other overload Login for more details.
Parameters
| Name | Type | Description |
|---|---|---|
| username | System.String | The username. |
| password | System.String | The password. |
| rememberMe | System.Boolean | if set to true sets up a long-lived session. |
| letSuspended | System.Boolean | If set to true a suspended user is permitted to login; otherwise login is denied. |
| cancellationToken | System.Threading.CancellationToken | The cancellation token. |
Remarks
This method calls the other overload Login with createCookie parameter as false. Use this method for API requests and return appropriate auth details (sessionId/secret) to the calling client so it can sign subsequent API calls.
LoginAsync(username,password,rememberMe,letSuspended,createAuthCookie)
Summary
Authenticates the user and sets up a new db userSession object upon success.
Returns
A LoginResult instance with Result equals Success and Auth populated with identity details if login was successful; otherwise a reason of failure. To learn more about the possible reasons of failure, check out Login.
Parameters
| Name | Type | Description |
|---|---|---|
| username | System.String | The username. |
| password | System.String | The password. |
| rememberMe | System.Boolean | if set to true sets up a long-lived session. |
| letSuspended | System.Boolean | If set to true a suspended user is permitted to login; otherwise login is denied. |
| createAuthCookie | System.Boolean | If set to true an auth cookie will be created and added to the response. |
Remarks
This method makes call to Login for login. Additionally, it also sets up a persistent db userSession using CreateNewUserSession. A persistent db userSession entity is required for such things as multi-factor authentication. If calling from a regular (non-ajax) http post as in MVC controller’s actions, you can additionally indicate it to generate an auth Cookie for the new session. Subsequent requests with this cookie will automatically authenticate the request with the same user session identity.
LoginAsync(username,password,rememberMe,letSuspended,createAuthCookie,cancellationToken)
Summary
Authenticates the user and sets up a new db userSession object upon success.
Returns
A LoginResult instance with Result equals Success and Auth populated with identity details if login was successful; otherwise a reason of failure. To learn more about the possible reasons of failure, check out Login.
Parameters
| Name | Type | Description |
|---|---|---|
| username | System.String | The username. |
| password | System.String | The password. |
| rememberMe | System.Boolean | if set to true sets up a long-lived session. |
| letSuspended | System.Boolean | If set to true a suspended user is permitted to login; otherwise login is denied. |
| createAuthCookie | System.Boolean | If set to true an auth cookie will be created and added to the response. |
| cancellationToken | System.Threading.CancellationToken | The cancellation token. |
Remarks
This method makes call to Login for login. Additionally, it also sets up a persistent db userSession using CreateNewUserSession. A persistent db userSession entity is required for such things as multi-factor authentication. If calling from a regular (non-ajax) http post as in MVC controller’s actions, you can additionally indicate it to generate an auth Cookie for the new session. Subsequent requests with this cookie will automatically authenticate the request with the same user session identity.
LogoutAsync()
Summary
Clears the session data related to the current authenticated user and marks the associated db session object as expired.
Parameters
This method has no parameters.
LogoutAsync(cancellationToken)
Summary
Clears the session data related to the current authenticated user and marks the associated db session object as expired.
Parameters
| Name | Type | Description |
|---|---|---|
| cancellationToken | System.Threading.CancellationToken | The cancellation token. |
LoadSessionAsync(auth)
Summary
Loads an existing session from cache or creates a new empty session for the specified identity token.
Parameters
| Name | Type | Description |
|---|---|---|
| auth | ASPSecurityKit.IAuthDetails | The identity token details object. |
Remarks
Don’t confuse ‘session’ here with ‘userSession’. The former is a general temporary session applicable to any type of authenticated identity token (APIKey/UserSession/etc.) and is only persisted on the cache for faster reload in subsequent calls. while the latter refers to user session which is a persisted db entity and is created upon user login. Note to implementers: you need not load user details when creating a new session. It’s the job of consuming code to check if session is already filled; if not so, it must call user.load.
LoadSessionAsync(auth,cancellationToken)
Summary
Loads an existing session from cache or creates a new empty session for the specified identity token.
Parameters
| Name | Type | Description |
|---|---|---|
| auth | ASPSecurityKit.IAuthDetails | The identity token details object. |
| cancellationToken | System.Threading.CancellationToken | The cancellation token. |
Remarks
Don’t confuse ‘session’ here with ‘userSession’. The former is a general temporary session applicable to any type of authenticated identity token (APIKey/UserSession/etc.) and is only persisted on the cache for faster reload in subsequent calls. while the latter refers to user session which is a persisted db entity and is created upon user login. Note to implementers: you need not load user details when creating a new session. It’s the job of consuming code to check if session is already filled; if not so, it must call user.load.
IsMFAEnabledAsync(requestService,auth)
Summary
Determines whether multi-factor authentication is enabled for the specified request and identity token.
Returns
true if multi-factor authentication is enabled for the specified request and identity token; otherwise, false.
Parameters
| Name | Type | Description |
|---|---|---|
| requestService | ASPSecurityKit.IRequestService | The request service. |
| auth | ASPSecurityKit.IAuthDetails | The identity token details object. |
Remarks
MFA is considered disabled if GetMFAWhitelistedIPRanges is not null and GetCallerIp is part of GetMFAWhitelistedIPRanges because such networks don’t allow MFA (likely because of ‘no mobile-phone allowed’ policy at the associated offices).
IsMFAEnabledAsync(requestService,auth,cancellationToken)
Summary
Determines whether multi-factor authentication is enabled for the specified request and identity token.
Returns
true if multi-factor authentication is enabled for the specified request and identity token; otherwise, false.
Parameters
| Name | Type | Description |
|---|---|---|
| requestService | ASPSecurityKit.IRequestService | The request service. |
| auth | ASPSecurityKit.IAuthDetails | The identity token details object. |
| cancellationToken | System.Threading.CancellationToken | The cancellation token. |
Remarks
MFA is considered disabled if GetMFAWhitelistedIPRanges is not null and GetCallerIp is part of GetMFAWhitelistedIPRanges because such networks don’t allow MFA (likely because of ‘no mobile-phone allowed’ policy at the associated offices).
IsAuthValidAsync(auth,requestService)
Summary
Determines whether or not the specified identity token is valid for the given request.
Returns
true if the specified identity token is valid for the given request; otherwise, false.
Parameters
| Name | Type | Description |
|---|---|---|
| auth | ASPSecurityKit.IAuthDetails | The identity token details object. |
| requestService | ASPSecurityKit.IRequestService | The request service. |
Remarks
To learn more about the validations performed by this method, visit https://ASPSecurityKit.net/docs/authentication-schemes/#validating-identity-tokens
IsAuthValidAsync(auth,requestService,cancellationToken)
Summary
Determines whether or not the specified identity token is valid for the given request.
Returns
true if the specified identity token is valid for the given request; otherwise, false.
Parameters
| Name | Type | Description |
|---|---|---|
| auth | ASPSecurityKit.IAuthDetails | The identity token details object. |
| requestService | ASPSecurityKit.IRequestService | The request service. |
| cancellationToken | System.Threading.CancellationToken | The cancellation token. |
Remarks
To learn more about the validations performed by this method, visit https://ASPSecurityKit.net/docs/authentication-schemes/#validating-identity-tokens