Skip to content

Commit

Permalink
Custom allow list options for IP based 2fa selection
Browse files Browse the repository at this point in the history
  • Loading branch information
carlsixsmith-moj authored and samgibsonmoj committed Jun 10, 2024
1 parent 0dc0da7 commit aa0b061
Show file tree
Hide file tree
Showing 5 changed files with 59 additions and 6 deletions.
10 changes: 9 additions & 1 deletion src/Infrastructure/DependencyInjection.cs
Original file line number Diff line number Diff line change
Expand Up @@ -164,13 +164,21 @@ private static IServiceCollection AddAuthenticationService(
IConfiguration configuration
)
{

services.Configure<AllowlistOptions>(configuration.GetSection(nameof(AllowlistOptions)));

services
.AddIdentityCore<ApplicationUser>()
.AddRoles<ApplicationRole>()
.AddEntityFrameworkStores<ApplicationDbContext>()
.AddSignInManager()
//.AddSignInManager()
.AddClaimsPrincipalFactory<ApplicationUserClaimsPrincipalFactory>()
.AddDefaultTokenProviders();

services.AddScoped<SignInManager<ApplicationUser>, CustomSigninManager<ApplicationUser>>();
services.AddScoped<ISecurityStampValidator, SecurityStampValidator<ApplicationUser>>();


services.Configure<IdentityOptions>(options =>
{
var identitySettings = configuration
Expand Down
6 changes: 6 additions & 0 deletions src/Infrastructure/Services/Identity/AllowlistOptions.cs
Original file line number Diff line number Diff line change
@@ -0,0 +1,6 @@
namespace Cfo.Cats.Infrastructure.Services.Identity;

public class AllowlistOptions
{
public List<string> AllowedIPs { get; set; } = new();
}
33 changes: 33 additions & 0 deletions src/Infrastructure/Services/Identity/CustomSigninManager.cs
Original file line number Diff line number Diff line change
@@ -0,0 +1,33 @@
using Microsoft.AspNetCore.Authentication;
using Microsoft.AspNetCore.Http;

namespace Cfo.Cats.Infrastructure.Services.Identity;

public class CustomSigninManager<TUser>(UserManager<TUser> userManager, IHttpContextAccessor contextAccessor, IUserClaimsPrincipalFactory<TUser> claimsFactory, IOptions<IdentityOptions> optionsAccessor, ILogger<SignInManager<TUser>> logger, IAuthenticationSchemeProvider schemes, IUserConfirmation<TUser> confirmation, IHttpContextAccessor httpContextAccessor, IOptions<AllowlistOptions> allowlistOptions)
: SignInManager<TUser>(userManager, contextAccessor, claimsFactory, optionsAccessor, logger, schemes, confirmation)
where TUser : class
{
public override async Task<SignInResult> PasswordSignInAsync(string userName, string password, bool isPersistent, bool lockoutOnFailure)
{
var user = await UserManager.FindByNameAsync(userName);

if (user == null)
{
return SignInResult.Failed;
}

var ipAddress = httpContextAccessor.HttpContext!.Connection.RemoteIpAddress?.ToString();
if (string.IsNullOrWhiteSpace(ipAddress) == false && allowlistOptions.Value.AllowedIPs.Contains(ipAddress))
{
var result = await CheckPasswordSignInAsync(user, password, lockoutOnFailure);
if (result.Succeeded)
{
await SignInAsync(user, isPersistent);
}
return result;
}
return await base.PasswordSignInAsync(userName, password, isPersistent, lockoutOnFailure);
}


}
11 changes: 6 additions & 5 deletions src/Server.UI/appsettings.Development.json
Original file line number Diff line number Diff line change
@@ -1,7 +1,8 @@
{
/* "DatabaseSettings": {
"DbProvider": "sqlite",
"ConnectionString": "Data Source=./cats.db;"
},*/
"DetailedErrors": true
"DetailedErrors": true,
"AllowlistOptions": {
"AllowedIPs": [
"::1"
]
}
}
5 changes: 5 additions & 0 deletions src/Server.UI/appsettings.json
Original file line number Diff line number Diff line change
Expand Up @@ -49,5 +49,10 @@
"ApiKey": "",
"SmsTemplate": "",
"EmailTemplate": ""
},
"AllowlistOptions": {
"AllowedIPs": [

]
}
}

0 comments on commit aa0b061

Please sign in to comment.