AuthSessionProvider

Namespace: ASPSecurityKit
Assembly: ASPSecurityKit.dll

Summary

Provides an implementation for IAuthSessionProvider to manage authenticated sessions and obtaining/validating auth identity tokens.

Constructors

#ctor(userService,settings,identityRepository,browser,securityContext,sessionService,authCookieProvider,securityUtility,errorResource)

Summary

Initializes a new instance of the AuthSessionProvider class.

Parameters
Name Type Description
userService ASPSecurityKit.IUserService The user service.
settings ASPSecurityKit.ISecuritySettings The security settings.
identityRepository ASPSecurityKit.IIdentityRepository The identity repository.
browser ASPSecurityKit.IBrowser The browser.
securityContext ASPSecurityKit.ISecurityContext The security context.
sessionService ASPSecurityKit.ISessionService The session service.
authCookieProvider ASPSecurityKit.ISecurityUtility The auth cookie provider.
securityUtility ASPSecurityKit.AuthProviders.IAuthCookieProvider The security utility.
errorResource ASPSecurityKit.IErrorMessageResourceProvider The error resource.

Properties

UserService

Summary

Gets the user service.

Value

The user service.

Settings

Summary

Gets the security settings.

Value

The security settings.

IdentityRepository

Summary

Gets the identity repository.

Value

The identity repository.

Browser

Summary

Gets the browser info object.

Value

The browser info object.

SecurityContext

Summary

Gets the security context.

Value

The security context.

SessionService

Summary

Gets the session service.

Value

The session service.

SecurityUtility

Summary

Gets the security utility.

Value

The security utility.

Methods

GetValidAuthDetails(authUrn,requestService)

Summary

Gets the identity token details for the specified authUrn after validating such things as expiration, firewall, applicability for current request etc.

Returns

The identity token details for the specified authUrn.

Parameters
Name Type Description
authUrn System.String An urn in the format [idTokenType]:[idToken] for instance apikey:[apiKeyGuid].
requestService ASPSecurityKit.IRequestService The request service.
Remarks

First, the identity details object is obtained by calling GetAuth. It’s then validated using IsAuthValid and if validation succeeds, SlideExpiration is invoked.

Login(username,password,rememberMe,letSuspended)

Summary

Authenticates the user and sets up a new db userSession object upon success.

Returns

A LoginResult instance. Check out the other overload Login for more details.

Parameters
Name Type Description
username System.String The username.
password System.String The password.
rememberMe System.Boolean if set to true sets up a long-lived session.
letSuspended System.Boolean If set to true a suspended user is permitted to login; otherwise login is denied.
Remarks

This method calls the other overload Login with createCookie parameter as false. Use this method for API requests and return appropriate auth details (sessionId/secret) to the calling client so it can sign subsequent API calls.

Login(username,password,rememberMe,letSuspended,createAuthCookie)

Summary

Authenticates the user and sets up a new db userSession object upon success.

Returns

A LoginResult instance with Result equals Success and Auth populated with identity details if login was successful; otherwise a reason of failure. To learn more about the possible reasons of failure, check out Login.

Parameters
Name Type Description
username System.String The username.
password System.String The password.
rememberMe System.Boolean if set to true sets up a long-lived session.
letSuspended System.Boolean If set to true a suspended user is permitted to login; otherwise login is denied.
createAuthCookie System.Boolean If set to true an auth cookie will be created and added to the response.
Remarks

This method makes call to Login for login. Additionally, it also sets up a persistent db userSession using CreateNewUserSession. A persistent db userSession entity is required for such things as multi-factor authentication. If calling from a regular (non-ajax) http post as in MVC controller’s actions, you can additionally indicate it to generate an auth Cookie for the new session. Subsequent requests with this cookie will automatically authenticate the request with the same user session identity.

Logout()

Summary

Clears the session data related to the current authenticated user and marks the associated db session object as expired.

Parameters

This method has no parameters.

LoadSession(auth)

Summary

Loads an existing session from cache or creates a new empty session for the specified identity token.

Parameters
Name Type Description
auth ASPSecurityKit.IAuthDetails The identity token details object.
Remarks

Don’t confuse ‘session’ here with ‘userSession’. The former is a general temporary session applicable to any type of authenticated identity token (APIKey/UserSession/etc.) and is only persisted on the cache for faster reload in subsequent calls. while the latter refers to user session which is a persisted db entity and is created upon user login. Note to implementers: you need not load user details when creating a new session. It’s the job of consuming code to check if session is already filled; if not so, it must call user.load.

IsMFAEnabled(requestService,auth)

Summary

Determines whether multi-factor authentication is enabled for the specified request and identity token.

Returns

true if multi-factor authentication is enabled for the specified request and identity token; otherwise, false.

Parameters
Name Type Description
requestService ASPSecurityKit.IRequestService The request service.
auth ASPSecurityKit.IAuthDetails The identity token details object.
Remarks

MFA is considered disabled if GetMFAWhitelistedIPRanges is not null and GetCallerIp is part of GetMFAWhitelistedIPRanges because such networks don’t allow MFA (likely because of ‘no mobile-phone allowed’ policy at the associated offices).

IsAuthValid(auth,requestService)

Summary

Determines whether or not the specified identity token is valid for the given request.

Returns

true if the specified identity token is valid for the given request; otherwise, false.

Parameters
Name Type Description
auth ASPSecurityKit.IAuthDetails The identity token details object.
requestService ASPSecurityKit.IRequestService The request service.
Remarks

To learn more about the validations performed by this method, visit https://ASPSecurityKit.net/docs/article/authentication-schemes/#validating-identity-tokens

GetValidAuthDetailsAsync(authUrn,requestService)

Summary

Gets the identity token details for the specified authUrn after validating such things as expiration, firewall, applicability for current request etc.

Returns

The identity token details for the specified authUrn.

Parameters
Name Type Description
authUrn System.String An urn in the format [idTokenType]:[idToken] for instance apikey:[apiKeyGuid].
requestService ASPSecurityKit.IRequestService The request service.
Remarks

First, the identity details object is obtained by calling GetAuth. It’s then validated using IsAuthValid and if validation succeeds, SlideExpiration is invoked.

GetValidAuthDetailsAsync(authUrn,requestService,cancellationToken)

Summary

Gets the identity token details for the specified authUrn after validating such things as expiration, firewall, applicability for current request etc.

Returns

The identity token details for the specified authUrn.

Parameters
Name Type Description
authUrn System.String An urn in the format [idTokenType]:[idToken] for instance apikey:[apiKeyGuid].
requestService ASPSecurityKit.IRequestService The request service.
cancellationToken System.Threading.CancellationToken The cancellation token.
Remarks

First, the identity details object is obtained by calling GetAuth. It’s then validated using IsAuthValid and if validation succeeds, SlideExpiration is invoked.

LoginAsync(username,password,rememberMe,letSuspended)

Summary

Authenticates the user and sets up a new db userSession object upon success.

Returns

A LoginResult instance. Check out the other overload Login for more details.

Parameters
Name Type Description
username System.String The username.
password System.String The password.
rememberMe System.Boolean if set to true sets up a long-lived session.
letSuspended System.Boolean If set to true a suspended user is permitted to login; otherwise login is denied.
Remarks

This method calls the other overload Login with createCookie parameter as false. Use this method for API requests and return appropriate auth details (sessionId/secret) to the calling client so it can sign subsequent API calls.

LoginAsync(username,password,rememberMe,letSuspended,cancellationToken)

Summary

Authenticates the user and sets up a new db userSession object upon success.

Returns

A LoginResult instance. Check out the other overload Login for more details.

Parameters
Name Type Description
username System.String The username.
password System.String The password.
rememberMe System.Boolean if set to true sets up a long-lived session.
letSuspended System.Boolean If set to true a suspended user is permitted to login; otherwise login is denied.
cancellationToken System.Threading.CancellationToken The cancellation token.
Remarks

This method calls the other overload Login with createCookie parameter as false. Use this method for API requests and return appropriate auth details (sessionId/secret) to the calling client so it can sign subsequent API calls.

LoginAsync(username,password,rememberMe,letSuspended,createAuthCookie)

Summary

Authenticates the user and sets up a new db userSession object upon success.

Returns

A LoginResult instance with Result equals Success and Auth populated with identity details if login was successful; otherwise a reason of failure. To learn more about the possible reasons of failure, check out Login.

Parameters
Name Type Description
username System.String The username.
password System.String The password.
rememberMe System.Boolean if set to true sets up a long-lived session.
letSuspended System.Boolean If set to true a suspended user is permitted to login; otherwise login is denied.
createAuthCookie System.Boolean If set to true an auth cookie will be created and added to the response.
Remarks

This method makes call to Login for login. Additionally, it also sets up a persistent db userSession using CreateNewUserSession. A persistent db userSession entity is required for such things as multi-factor authentication. If calling from a regular (non-ajax) http post as in MVC controller’s actions, you can additionally indicate it to generate an auth Cookie for the new session. Subsequent requests with this cookie will automatically authenticate the request with the same user session identity.

LoginAsync(username,password,rememberMe,letSuspended,createAuthCookie,cancellationToken)

Summary

Authenticates the user and sets up a new db userSession object upon success.

Returns

A LoginResult instance with Result equals Success and Auth populated with identity details if login was successful; otherwise a reason of failure. To learn more about the possible reasons of failure, check out Login.

Parameters
Name Type Description
username System.String The username.
password System.String The password.
rememberMe System.Boolean if set to true sets up a long-lived session.
letSuspended System.Boolean If set to true a suspended user is permitted to login; otherwise login is denied.
createAuthCookie System.Boolean If set to true an auth cookie will be created and added to the response.
cancellationToken System.Threading.CancellationToken The cancellation token.
Remarks

This method makes call to Login for login. Additionally, it also sets up a persistent db userSession using CreateNewUserSession. A persistent db userSession entity is required for such things as multi-factor authentication. If calling from a regular (non-ajax) http post as in MVC controller’s actions, you can additionally indicate it to generate an auth Cookie for the new session. Subsequent requests with this cookie will automatically authenticate the request with the same user session identity.

LogoutAsync()

Summary

Clears the session data related to the current authenticated user and marks the associated db session object as expired.

Parameters

This method has no parameters.

LogoutAsync(cancellationToken)

Summary

Clears the session data related to the current authenticated user and marks the associated db session object as expired.

Parameters
Name Type Description
cancellationToken System.Threading.CancellationToken The cancellation token.

LoadSessionAsync(auth)

Summary

Loads an existing session from cache or creates a new empty session for the specified identity token.

Parameters
Name Type Description
auth ASPSecurityKit.IAuthDetails The identity token details object.
Remarks

Don’t confuse ‘session’ here with ‘userSession’. The former is a general temporary session applicable to any type of authenticated identity token (APIKey/UserSession/etc.) and is only persisted on the cache for faster reload in subsequent calls. while the latter refers to user session which is a persisted db entity and is created upon user login. Note to implementers: you need not load user details when creating a new session. It’s the job of consuming code to check if session is already filled; if not so, it must call user.load.

LoadSessionAsync(auth,cancellationToken)

Summary

Loads an existing session from cache or creates a new empty session for the specified identity token.

Parameters
Name Type Description
auth ASPSecurityKit.IAuthDetails The identity token details object.
cancellationToken System.Threading.CancellationToken The cancellation token.
Remarks

Don’t confuse ‘session’ here with ‘userSession’. The former is a general temporary session applicable to any type of authenticated identity token (APIKey/UserSession/etc.) and is only persisted on the cache for faster reload in subsequent calls. while the latter refers to user session which is a persisted db entity and is created upon user login. Note to implementers: you need not load user details when creating a new session. It’s the job of consuming code to check if session is already filled; if not so, it must call user.load.

IsMFAEnabledAsync(requestService,auth)

Summary

Determines whether multi-factor authentication is enabled for the specified request and identity token.

Returns

true if multi-factor authentication is enabled for the specified request and identity token; otherwise, false.

Parameters
Name Type Description
requestService ASPSecurityKit.IRequestService The request service.
auth ASPSecurityKit.IAuthDetails The identity token details object.
Remarks

MFA is considered disabled if GetMFAWhitelistedIPRanges is not null and GetCallerIp is part of GetMFAWhitelistedIPRanges because such networks don’t allow MFA (likely because of ‘no mobile-phone allowed’ policy at the associated offices).

IsMFAEnabledAsync(requestService,auth,cancellationToken)

Summary

Determines whether multi-factor authentication is enabled for the specified request and identity token.

Returns

true if multi-factor authentication is enabled for the specified request and identity token; otherwise, false.

Parameters
Name Type Description
requestService ASPSecurityKit.IRequestService The request service.
auth ASPSecurityKit.IAuthDetails The identity token details object.
cancellationToken System.Threading.CancellationToken The cancellation token.
Remarks

MFA is considered disabled if GetMFAWhitelistedIPRanges is not null and GetCallerIp is part of GetMFAWhitelistedIPRanges because such networks don’t allow MFA (likely because of ‘no mobile-phone allowed’ policy at the associated offices).

IsAuthValidAsync(auth,requestService)

Summary

Determines whether or not the specified identity token is valid for the given request.

Returns

true if the specified identity token is valid for the given request; otherwise, false.

Parameters
Name Type Description
auth ASPSecurityKit.IAuthDetails The identity token details object.
requestService ASPSecurityKit.IRequestService The request service.
Remarks

To learn more about the validations performed by this method, visit https://ASPSecurityKit.net/docs/article/authentication-schemes/#validating-identity-tokens

IsAuthValidAsync(auth,requestService,cancellationToken)

Summary

Determines whether or not the specified identity token is valid for the given request.

Returns

true if the specified identity token is valid for the given request; otherwise, false.

Parameters
Name Type Description
auth ASPSecurityKit.IAuthDetails The identity token details object.
requestService ASPSecurityKit.IRequestService The request service.
cancellationToken System.Threading.CancellationToken The cancellation token.
Remarks

To learn more about the validations performed by this method, visit https://ASPSecurityKit.net/docs/article/authentication-schemes/#validating-identity-tokens