IAuthSessionProvider
Members
Namespace: ASPSecurityKit
Assembly: ASPSecurityKit.dll
Summary
Provides an interface to manage authenticated sessions.
Methods
GetValidAuthDetails(authUrn,requestService)
Summary
Gets the identity token details for the specified authUrn after validating such things as expiration, firewall, applicability for current request etc.
Returns
The identity token details for the specified authUrn.
Parameters
| Name | Type | Description |
|---|---|---|
| authUrn | System.String | An urn in the format [idTokenType]:[idToken] for instance apikey:[apiKeyGuid]. |
| requestService | ASPSecurityKit.IRequestService | The request service. |
Login(username,password,rememberMe,letSuspended)
Summary
Authenticates the user and sets up a new db userSession object upon success.
Returns
A LoginResult instance. Check out the other overload Login for more details.
Parameters
| Name | Type | Description |
|---|---|---|
| username | System.String | The username. |
| password | System.String | The password. |
| rememberMe | System.Boolean | if set to true sets up a long-lived session. |
| letSuspended | System.Boolean | If set to true a suspended user is permitted to login; otherwise login is denied. |
Remarks
This method calls the other overload Login with createCookie parameter as false. Use this method for API requests and return appropriate auth details (sessionId/secret) to the calling client so it can sign subsequent API calls.
Login(username,password,rememberMe,letSuspended,createAuthCookie)
Summary
Authenticates the user and sets up a new db userSession object upon success.
Returns
A LoginResult instance with Result equals Success and Auth populated with identity details if login was successful; otherwise a reason of failure. To learn more about the possible reasons of failure, check out Login.
Parameters
| Name | Type | Description |
|---|---|---|
| username | System.String | The username. |
| password | System.String | The password. |
| rememberMe | System.Boolean | if set to true sets up a long-lived session. |
| letSuspended | System.Boolean | If set to true a suspended user is permitted to login; otherwise login is denied. |
| createAuthCookie | System.Boolean | If set to true an auth cookie will be created and added to the response. |
Remarks
This method makes call to Login for login. Additionally, it also sets up a persistent db userSession using CreateNewUserSession. A persistent db userSession entity is required for such things as multi-factor authentication. If calling from a regular (non-ajax) http post as in MVC controller’s actions, you can additionally indicate it to generate an auth Cookie for the new session. Subsequent requests with this cookie will automatically authenticate the request with the same user session identity.
Logout()
Summary
Clears the session data related to the current authenticated user and marks the associated db session object as expired.
Parameters
This method has no parameters.
LoadSession(auth)
Summary
Loads an existing session from cache or creates a new empty session for the specified identity token.
Parameters
| Name | Type | Description |
|---|---|---|
| auth | ASPSecurityKit.IAuthDetails | The identity token details object. |
Remarks
Don’t confuse ‘session’ here with ‘userSession’. The former is a general temporary session applicable to any type of authenticated identity token (APIKey/UserSession/etc.) and is only persisted on the cache for faster reload in subsequent calls. while the latter refers to user session which is a persisted db entity and is created upon user login. Note to implementers: you need not load user details when creating a new session. It’s the job of consuming code to check if session is already filled; if not so, it must call user.load.
IsMFAEnabled(requestService,auth)
Summary
Determines whether multi-factor authentication is enabled for the specified request and identity token.
Returns
true if multi-factor authentication is enabled for the specified request and identity token; otherwise, false.
Parameters
| Name | Type | Description |
|---|---|---|
| requestService | ASPSecurityKit.IRequestService | The request service. |
| auth | ASPSecurityKit.IAuthDetails | The identity token details object. |
GetValidAuthDetailsAsync(authUrn,requestService)
Summary
Gets the identity token details for the specified authUrn after validating such things as expiration, firewall, applicability for current request etc.
Returns
The identity token details for the specified authUrn.
Parameters
| Name | Type | Description |
|---|---|---|
| authUrn | System.String | An urn in the format [idTokenType]:[idToken] for instance apikey:[apiKeyGuid]. |
| requestService | ASPSecurityKit.IRequestService | The request service. |
GetValidAuthDetailsAsync(authUrn,requestService,cancellationToken)
Summary
Gets the identity token details for the specified authUrn after validating such things as expiration, firewall, applicability for current request etc.
Returns
The identity token details for the specified authUrn.
Parameters
| Name | Type | Description |
|---|---|---|
| authUrn | System.String | An urn in the format [idTokenType]:[idToken] for instance apikey:[apiKeyGuid]. |
| requestService | ASPSecurityKit.IRequestService | The request service. |
| cancellationToken | System.Threading.CancellationToken | The cancellation token. |
LoginAsync(username,password,rememberMe,letSuspended)
Summary
Authenticates the user and sets up a new db userSession object upon success.
Returns
A LoginResult instance. Check out the other overload Login for more details.
Parameters
| Name | Type | Description |
|---|---|---|
| username | System.String | The username. |
| password | System.String | The password. |
| rememberMe | System.Boolean | if set to true sets up a long-lived session. |
| letSuspended | System.Boolean | If set to true a suspended user is permitted to login; otherwise login is denied. |
Remarks
This method calls the other overload Login with createCookie parameter as false. Use this method for API requests and return appropriate auth details (sessionId/secret) to the calling client so it can sign subsequent API calls.
LoginAsync(username,password,rememberMe,letSuspended,cancellationToken)
Summary
Authenticates the user and sets up a new db userSession object upon success.
Returns
A LoginResult instance. Check out the other overload Login for more details.
Parameters
| Name | Type | Description |
|---|---|---|
| username | System.String | The username. |
| password | System.String | The password. |
| rememberMe | System.Boolean | if set to true sets up a long-lived session. |
| letSuspended | System.Boolean | If set to true a suspended user is permitted to login; otherwise login is denied. |
| cancellationToken | System.Threading.CancellationToken | The cancellation token. |
Remarks
This method calls the other overload Login with createCookie parameter as false. Use this method for API requests and return appropriate auth details (sessionId/secret) to the calling client so it can sign subsequent API calls.
LoginAsync(username,password,rememberMe,letSuspended,createAuthCookie)
Summary
Authenticates the user and sets up a new db userSession object upon success.
Returns
A LoginResult instance with Result equals Success and Auth populated with identity details if login was successful; otherwise a reason of failure. To learn more about the possible reasons of failure, check out Login.
Parameters
| Name | Type | Description |
|---|---|---|
| username | System.String | The username. |
| password | System.String | The password. |
| rememberMe | System.Boolean | if set to true sets up a long-lived session. |
| letSuspended | System.Boolean | If set to true a suspended user is permitted to login; otherwise login is denied. |
| createAuthCookie | System.Boolean | If set to true an auth cookie will be created and added to the response. |
Remarks
This method makes call to Login for login. Additionally, it also sets up a persistent db userSession using CreateNewUserSession. A persistent db userSession entity is required for such things as multi-factor authentication. If calling from a regular (non-ajax) http post as in MVC controller’s actions, you can additionally indicate it to generate an auth Cookie for the new session. Subsequent requests with this cookie will automatically authenticate the request with the same user session identity.
LoginAsync(username,password,rememberMe,letSuspended,createAuthCookie,cancellationToken)
Summary
Authenticates the user and sets up a new db userSession object upon success.
Returns
A LoginResult instance with Result equals Success and Auth populated with identity details if login was successful; otherwise a reason of failure. To learn more about the possible reasons of failure, check out Login.
Parameters
| Name | Type | Description |
|---|---|---|
| username | System.String | The username. |
| password | System.String | The password. |
| rememberMe | System.Boolean | if set to true sets up a long-lived session. |
| letSuspended | System.Boolean | If set to true a suspended user is permitted to login; otherwise login is denied. |
| createAuthCookie | System.Boolean | If set to true an auth cookie will be created and added to the response. |
| cancellationToken | System.Threading.CancellationToken | The cancellation token. |
Remarks
This method makes call to Login for login. Additionally, it also sets up a persistent db userSession using CreateNewUserSession. A persistent db userSession entity is required for such things as multi-factor authentication. If calling from a regular (non-ajax) http post as in MVC controller’s actions, you can additionally indicate it to generate an auth Cookie for the new session. Subsequent requests with this cookie will automatically authenticate the request with the same user session identity.
LogoutAsync()
Summary
Clears the session data related to the current authenticated user and marks the associated db session object as expired.
Parameters
This method has no parameters.
LogoutAsync(cancellationToken)
Summary
Clears the session data related to the current authenticated user and marks the associated db session object as expired.
Parameters
| Name | Type | Description |
|---|---|---|
| cancellationToken | System.Threading.CancellationToken | The cancellation token. |
LoadSessionAsync(auth)
Summary
Loads an existing session from cache or creates a new empty session for the specified identity token.
Parameters
| Name | Type | Description |
|---|---|---|
| auth | ASPSecurityKit.IAuthDetails | The identity token details object. |
Remarks
Don’t confuse ‘session’ here with ‘userSession’. The former is a general temporary session applicable to any type of authenticated identity token (APIKey/UserSession/etc.) and is only persisted on the cache for faster reload in subsequent calls. while the latter refers to user session which is a persisted db entity and is created upon user login. Note to implementers: you need not load user details when creating a new session. It’s the job of consuming code to check if session is already filled; if not so, it must call user.load.
LoadSessionAsync(auth,cancellationToken)
Summary
Loads an existing session from cache or creates a new empty session for the specified identity token.
Parameters
| Name | Type | Description |
|---|---|---|
| auth | ASPSecurityKit.IAuthDetails | The identity token details object. |
| cancellationToken | System.Threading.CancellationToken | The cancellation token. |
Remarks
Don’t confuse ‘session’ here with ‘userSession’. The former is a general temporary session applicable to any type of authenticated identity token (APIKey/UserSession/etc.) and is only persisted on the cache for faster reload in subsequent calls. while the latter refers to user session which is a persisted db entity and is created upon user login. Note to implementers: you need not load user details when creating a new session. It’s the job of consuming code to check if session is already filled; if not so, it must call user.load.
IsMFAEnabledAsync(requestService,auth)
Summary
Determines whether multi-factor authentication is enabled for the specified request and identity token.
Returns
true if multi-factor authentication is enabled for the specified request and identity token; otherwise, false.
Parameters
| Name | Type | Description |
|---|---|---|
| requestService | ASPSecurityKit.IRequestService | The request service. |
| auth | ASPSecurityKit.IAuthDetails | The identity token details object. |
IsMFAEnabledAsync(requestService,auth,cancellationToken)
Summary
Determines whether multi-factor authentication is enabled for the specified request and identity token.
Returns
true if multi-factor authentication is enabled for the specified request and identity token; otherwise, false.
Parameters
| Name | Type | Description |
|---|---|---|
| requestService | ASPSecurityKit.IRequestService | The request service. |
| auth | ASPSecurityKit.IAuthDetails | The identity token details object. |
| cancellationToken | System.Threading.CancellationToken | The cancellation token. |