Add identity first iteration
This commit is contained in:
@ -0,0 +1,27 @@
|
||||
using Hcs.WebApp.Data;
|
||||
using Microsoft.AspNetCore.Identity;
|
||||
using Microsoft.AspNetCore.Mvc;
|
||||
using System.Security.Claims;
|
||||
|
||||
namespace Hcs.WebApp.Identity
|
||||
{
|
||||
internal static class IdentityComponentsEndpointRouteBuilderExtensions
|
||||
{
|
||||
public static IEndpointConventionBuilder MapAdditionalIdentityEndpoints(this IEndpointRouteBuilder endpoints)
|
||||
{
|
||||
ArgumentNullException.ThrowIfNull(endpoints);
|
||||
|
||||
var accountGroup = endpoints.MapGroup("/account");
|
||||
accountGroup.MapPost("/logout", async (
|
||||
ClaimsPrincipal user,
|
||||
SignInManager<AppUser> signInManager,
|
||||
[FromForm] string returnUrl) =>
|
||||
{
|
||||
await signInManager.SignOutAsync();
|
||||
return TypedResults.LocalRedirect($"~/{returnUrl}");
|
||||
});
|
||||
|
||||
return accountGroup;
|
||||
}
|
||||
}
|
||||
}
|
||||
62
Hcs.WebApp/Identity/IdentityRedirectManager.cs
Normal file
62
Hcs.WebApp/Identity/IdentityRedirectManager.cs
Normal file
@ -0,0 +1,62 @@
|
||||
using Microsoft.AspNetCore.Components;
|
||||
using System.Diagnostics.CodeAnalysis;
|
||||
|
||||
namespace Hcs.WebApp.Identity
|
||||
{
|
||||
internal sealed class IdentityRedirectManager(NavigationManager navigationManager)
|
||||
{
|
||||
public const string STATUS_COOKIE_NAME = "Identity.StatusMessage";
|
||||
|
||||
private static readonly CookieBuilder statusCookieBuilder = new()
|
||||
{
|
||||
SameSite = SameSiteMode.Strict,
|
||||
HttpOnly = true,
|
||||
IsEssential = true,
|
||||
MaxAge = TimeSpan.FromSeconds(5),
|
||||
};
|
||||
|
||||
private string CurrentPath => navigationManager.ToAbsoluteUri(navigationManager.Uri).GetLeftPart(UriPartial.Path);
|
||||
|
||||
[DoesNotReturn]
|
||||
public void RedirectTo(string? uri)
|
||||
{
|
||||
uri ??= "";
|
||||
|
||||
if (!Uri.IsWellFormedUriString(uri, UriKind.Relative))
|
||||
{
|
||||
uri = navigationManager.ToBaseRelativePath(uri);
|
||||
}
|
||||
|
||||
navigationManager.NavigateTo(uri);
|
||||
|
||||
throw new InvalidOperationException($"{nameof(IdentityRedirectManager)} может быть использован только при статичном рендеринге");
|
||||
}
|
||||
|
||||
[DoesNotReturn]
|
||||
public void RedirectTo(string uri, Dictionary<string, object?> queryParameters)
|
||||
{
|
||||
var uriWithoutQuery = navigationManager.ToAbsoluteUri(uri).GetLeftPart(UriPartial.Path);
|
||||
var newUri = navigationManager.GetUriWithQueryParameters(uriWithoutQuery, queryParameters);
|
||||
RedirectTo(newUri);
|
||||
}
|
||||
|
||||
[DoesNotReturn]
|
||||
public void RedirectToWithStatus(string uri, string message, HttpContext context)
|
||||
{
|
||||
context.Response.Cookies.Append(STATUS_COOKIE_NAME, message, statusCookieBuilder.Build(context));
|
||||
RedirectTo(uri);
|
||||
}
|
||||
|
||||
[DoesNotReturn]
|
||||
public void RedirectToCurrentPage()
|
||||
{
|
||||
RedirectTo(CurrentPath);
|
||||
}
|
||||
|
||||
[DoesNotReturn]
|
||||
public void RedirectToCurrentPageWithStatus(string message, HttpContext context)
|
||||
{
|
||||
RedirectToWithStatus(CurrentPath, message, context);
|
||||
}
|
||||
}
|
||||
}
|
||||
@ -0,0 +1,45 @@
|
||||
using Hcs.WebApp.Data;
|
||||
using Microsoft.AspNetCore.Components.Authorization;
|
||||
using Microsoft.AspNetCore.Components.Server;
|
||||
using Microsoft.AspNetCore.Identity;
|
||||
using Microsoft.Extensions.Options;
|
||||
using System.Security.Claims;
|
||||
|
||||
namespace Hcs.WebApp.Identity
|
||||
{
|
||||
internal sealed class IdentityRevalidatingAuthenticationStateProvider(
|
||||
ILoggerFactory loggerFactory,
|
||||
IServiceScopeFactory scopeFactory,
|
||||
IOptions<IdentityOptions> options) : RevalidatingServerAuthenticationStateProvider(loggerFactory)
|
||||
{
|
||||
protected override TimeSpan RevalidationInterval => TimeSpan.FromMinutes(30);
|
||||
|
||||
protected override async Task<bool> ValidateAuthenticationStateAsync(
|
||||
AuthenticationState authenticationState, CancellationToken cancellationToken)
|
||||
{
|
||||
await using var scope = scopeFactory.CreateAsyncScope();
|
||||
|
||||
var userManager = scope.ServiceProvider.GetRequiredService<UserManager<AppUser>>();
|
||||
return await ValidateSecurityStampAsync(userManager, authenticationState.User);
|
||||
}
|
||||
|
||||
private async Task<bool> ValidateSecurityStampAsync(UserManager<AppUser> userManager, ClaimsPrincipal principal)
|
||||
{
|
||||
var user = await userManager.GetUserAsync(principal);
|
||||
if (user is null)
|
||||
{
|
||||
return false;
|
||||
}
|
||||
else if (!userManager.SupportsUserSecurityStamp)
|
||||
{
|
||||
return true;
|
||||
}
|
||||
else
|
||||
{
|
||||
var principalStamp = principal.FindFirstValue(options.Value.ClaimsIdentity.SecurityStampClaimType);
|
||||
var userStamp = await userManager.GetSecurityStampAsync(user);
|
||||
return principalStamp == userStamp;
|
||||
}
|
||||
}
|
||||
}
|
||||
}
|
||||
18
Hcs.WebApp/Identity/IdentityUserAccessor.cs
Normal file
18
Hcs.WebApp/Identity/IdentityUserAccessor.cs
Normal file
@ -0,0 +1,18 @@
|
||||
using Hcs.WebApp.Data;
|
||||
using Microsoft.AspNetCore.Identity;
|
||||
|
||||
namespace Hcs.WebApp.Identity
|
||||
{
|
||||
internal sealed class IdentityUserAccessor(UserManager<AppUser> userManager, IdentityRedirectManager redirectManager)
|
||||
{
|
||||
public async Task<AppUser> GetRequiredUserAsync(HttpContext context)
|
||||
{
|
||||
var user = await userManager.GetUserAsync(context.User);
|
||||
if (user is null)
|
||||
{
|
||||
redirectManager.RedirectToWithStatus("account/invalid_user", $"Ошибка: Не удалось загрузить пользователя с идентификатором '{userManager.GetUserId(context.User)}'", context);
|
||||
}
|
||||
return user;
|
||||
}
|
||||
}
|
||||
}
|
||||
Reference in New Issue
Block a user