Untitled

import { Aurelia } from 'aurelia-framework';
import 'src/helpers/exceptionHelpers'
import config from "./auth-config";

export function configure(aurelia: Aurelia) {
    aurelia.use
        .standardConfiguration()
        .feature('src/resources')
        .developmentLogging()
        .plugin('aurelia-dialog')
        .plugin('aurelia-api', config => {
            // Register an authentication hosts
            config.registerEndpoint('auth', 'http://localhost:7987/auth/');
        })
        .plugin('aurelia-authentication', (baseConfig) => {
            baseConfig.configure(config);
        });

    aurelia.start().then(x => x.setRoot('src/app'));
}

var config = {
    endpoint: 'auth',             // use 'auth' endpoint for the auth server
    configureEndpoints: ['auth'], // add Authorization header to 'auth' endpoint

    // The API specifies that new users register at the POST /users enpoint
    signupUrl: null,
    // The API endpoint used in profile requests (inc. `find/get` and `update`)
    profileUrl: null,
    // Logins happen at the POST /sessions/create endpoint
    loginUrl: '',
    // The API serves its tokens with a key of id_token which differs from
    // aurelia-auth's standard
    accessTokenName: 'SessionId',
    // Once logged in, we want to redirect the user to the welcome view
    loginRedirect: '#/pending',
    // The SPA url to which the user is redirected after a successful logout
    logoutRedirect: '#/login',
    // The SPA route used when an unauthenticated user tries to access an SPA page that requires authentication
    loginRoute : '#/help'
};

export default config;

import { AuthService } from 'aurelia-authentication';
import { inject, computedFrom } from 'aurelia-framework';

@inject(AuthService)
export class Login {
    heading: string;
    auth: AuthService;
    userName: string;
    password: string;

    constructor(authService) {
        this.auth = authService;
        this.heading = 'Login';
    }

    login() {
        var credentials = {
            username: this.userName,
            password: this.password,
            grant_type: "password"
        };
        return this.auth.login(credentials,
                               { headers: { 'Content-Type': 'application/x-www-form-urlencoded' } }
        ).then(response => {
                console.log("success logged " + response);
            })
            .catch(err => {
                console.log("login failure");
            });
    };
}

public override void Configure(Container container)
    {
        var privateKey = RsaUtils.CreatePrivateKeyParams(RsaKeyLengths.Bit2048);
        var publicKey = privateKey.ToPublicRsaParameters();
        var privateKeyXml = privateKey.ToPrivateKeyXml();
        var publicKeyXml = privateKey.ToPublicKeyXml();

        SetConfig(new HostConfig
        {
#if DEBUG
            DebugMode = true,
            WebHostPhysicalPath = Path.GetFullPath(Path.Combine("~".MapServerPath(), "..", "..")),
#endif
        });
        container.RegisterAs<LDAPAuthProvider, IAuthProvider>();
        container.Register<ICacheClient>(new MemoryCacheClient { FlushOnDispose = false });
        container.RegisterAs<MemoryCacheClient, ICacheClient>();
        Plugins.Add(new AuthFeature(() => new AuthUserSession(),
            new[] {
                container.Resolve<IAuthProvider>(),
                new JwtAuthProvider {
                        HashAlgorithm = "RS256",
                        PrivateKeyXml = privateKeyXml,
                        RequireSecureConnection = false,
                    }
            })
        {
            HtmlRedirect = "~/#/pending",
            IncludeRegistrationService = false,
            IncludeAssignRoleServices = false,
            MaxLoginAttempts = Settings.Default.MaxLoginAttempts
        });
    }

public class LDAPAuthProvider : CredentialsAuthProvider
{
    private readonly IHoldingsManagerSettings _settings;

    public LDAPAuthProvider(IHoldingsManagerSettings settings)
    {
        _settings = settings;
    }
    public override bool TryAuthenticate(IServiceBase authService, string userName, string password)
    {
        //Check to see if the username/password combo is valid, an exception will be thrown if the username or password is wrong
        try
        {
            var entry = new DirectoryEntry($"LDAP://{_settings.Domain}", userName, password);
            var nativeObject = entry.NativeObject;
            using (var identity = new WindowsIdentity(userName))
            {
                var principal = new WindowsPrincipal(identity);
                return principal.IsInRole(_settings.AdminGroupName);
            }
        }
        catch (Exception)
        {
            //This means the username/password combo failed
            return false;
        }
    }

    public override IHttpResult OnAuthenticated(IServiceBase authService,
                                                IAuthSession session,
                                                IAuthTokens tokens,
                                                Dictionary<string, string> authInfo)
    {
        //Fill IAuthSession with data you want to retrieve in the app eg:
        session.DisplayName = "Testy McTesterson";
        //...

        //Call base method to Save Session and fire Auth/Session callbacks:
        return base.OnAuthenticated(authService, session, tokens, authInfo);

        //Alternatively avoid built-in behavior and explicitly save session with
        //authService.SaveSession(session, SessionExpiry);
        //return null;
    }
}