src/Umbraco.Core/Security/BackOfficeSignInManager.cs

using System;
using System.Diagnostics;
using System.Security.Claims;
using System.Threading.Tasks;
using Microsoft.AspNet.Identity;
using Microsoft.AspNet.Identity.Owin;
using Microsoft.Owin;
using Microsoft.Owin.Logging;
using Microsoft.Owin.Security;
using Umbraco.Core.Configuration;
using Umbraco.Core.Models.Identity;

namespace Umbraco.Core.Security
{
    public class BackOfficeSignInManager : SignInManager<BackOfficeIdentityUser, int>
    {
        private readonly ILogger _logger;
        private readonly IOwinRequest _request;

        public BackOfficeSignInManager(UserManager<BackOfficeIdentityUser, int> userManager, IAuthenticationManager authenticationManager, ILogger logger, IOwinRequest request)
            : base(userManager, authenticationManager)
        {
            if (logger == null) throw new ArgumentNullException("logger");
            if (request == null) throw new ArgumentNullException("request");
            _logger = logger;
            _request = request;
            AuthenticationType = Constants.Security.BackOfficeAuthenticationType;
        }

        public override Task<ClaimsIdentity> CreateUserIdentityAsync(BackOfficeIdentityUser user)
        {
            return user.GenerateUserIdentityAsync((BackOfficeUserManager)UserManager);
        }

        public static BackOfficeSignInManager Create(IdentityFactoryOptions<BackOfficeSignInManager> options, IOwinContext context, ILogger logger)
        {
            return new BackOfficeSignInManager(
                context.GetBackOfficeUserManager(), 
                context.Authentication,
                logger,
                context.Request);
        }

        /// <summary>
        /// Sign in the user in using the user name and password
        /// </summary>
        /// <param name="userName"/><param name="password"/><param name="isPersistent"/><param name="shouldLockout"/>
        /// <returns/>
        public override async Task<SignInStatus> PasswordSignInAsync(string userName, string password, bool isPersistent, bool shouldLockout)
        {
            var result = await base.PasswordSignInAsync(userName, password, isPersistent, shouldLockout);

            switch (result)
            {
                case SignInStatus.Success:
                    _logger.WriteCore(TraceEventType.Information, 0,
                        string.Format(
                            "User: {0} logged in from IP address {1}",
                            userName,
                            _request.RemoteIpAddress), null, null);
                    break;
                case SignInStatus.LockedOut:
                    _logger.WriteCore(TraceEventType.Information, 0,
                        string.Format(
                            "Login attempt failed for username {0} from IP address {1}, the user is locked",
                            userName,
                            _request.RemoteIpAddress), null, null);
                    break;
                case SignInStatus.RequiresVerification:
                    _logger.WriteCore(TraceEventType.Information, 0,
                        string.Format(
                            "Login attempt failed for username {0} from IP address {1}, the user requires verification",
                            userName,
                            _request.RemoteIpAddress), null, null);
                    break;
                case SignInStatus.Failure:
                    _logger.WriteCore(TraceEventType.Information, 0,
                        string.Format(
                            "Login attempt failed for username {0} from IP address {1}",
                            userName,
                            _request.RemoteIpAddress), null, null);
                    break;
                default:
                    throw new ArgumentOutOfRangeException();
            }

            return result;
        }

        /// <summary>
        /// Creates a user identity and then signs the identity using the AuthenticationManager
        /// </summary>
        /// <param name="user"></param>
        /// <param name="isPersistent"></param>
        /// <param name="rememberBrowser"></param>
        /// <returns></returns>
        public override async Task SignInAsync(BackOfficeIdentityUser user, bool isPersistent, bool rememberBrowser)
        {
            var userIdentity = await CreateUserIdentityAsync(user);

            // Clear any partial cookies from external or two factor partial sign ins
            AuthenticationManager.SignOut(
                Constants.Security.BackOfficeExternalAuthenticationType, 
                Constants.Security.BackOfficeTwoFactorAuthenticationType);

            var nowUtc = DateTime.Now.ToUniversalTime();
            
            if (rememberBrowser)
            {
                var rememberBrowserIdentity = AuthenticationManager.CreateTwoFactorRememberBrowserIdentity(ConvertIdToString(user.Id));
                AuthenticationManager.SignIn(new AuthenticationProperties()
                {
                    IsPersistent = isPersistent,
                    AllowRefresh = true,
                    IssuedUtc = nowUtc,
                    ExpiresUtc = nowUtc.AddMinutes(GlobalSettings.TimeOutInMinutes)
                }, userIdentity, rememberBrowserIdentity);
            }
            else
            {
                AuthenticationManager.SignIn(new AuthenticationProperties()
                {
                    IsPersistent = isPersistent,
                    AllowRefresh = true,
                    IssuedUtc = nowUtc,
                    ExpiresUtc = nowUtc.AddMinutes(GlobalSettings.TimeOutInMinutes)
                }, userIdentity);
            }

            _logger.WriteCore(TraceEventType.Information, 0,
                string.Format(
                    "Login attempt succeeded for username {0} from IP address {1}",
                    user.UserName,
                    _request.RemoteIpAddress), null, null);
        }
    }
}
Implements SignInManager, implements lock out policy for user manager, allows for better implementation of 2 factor auth for developers. Updates to latest owin libs. 2015-07-01 17:07:29 +02:00			`using System;`
Fixes: U4-6736 Log "logout" from Umbraco and also ensures logging is occuring on timeout, logout, login all with Identity stuff. 2015-07-23 12:03:50 +02:00			`using System.Diagnostics;`
Implements SignInManager, implements lock out policy for user manager, allows for better implementation of 2 factor auth for developers. Updates to latest owin libs. 2015-07-01 17:07:29 +02:00			`using System.Security.Claims;`
			`using System.Threading.Tasks;`
			`using Microsoft.AspNet.Identity;`
			`using Microsoft.AspNet.Identity.Owin;`
			`using Microsoft.Owin;`
Fixes: U4-6736 Log "logout" from Umbraco and also ensures logging is occuring on timeout, logout, login all with Identity stuff. 2015-07-23 12:03:50 +02:00			`using Microsoft.Owin.Logging;`
Implements SignInManager, implements lock out policy for user manager, allows for better implementation of 2 factor auth for developers. Updates to latest owin libs. 2015-07-01 17:07:29 +02:00			`using Microsoft.Owin.Security;`
			`using Umbraco.Core.Configuration;`
			`using Umbraco.Core.Models.Identity;`

			`namespace Umbraco.Core.Security`
			`{`
			`public class BackOfficeSignInManager : SignInManager<BackOfficeIdentityUser, int>`
			`{`
Fixes: U4-6736 Log "logout" from Umbraco and also ensures logging is occuring on timeout, logout, login all with Identity stuff. 2015-07-23 12:03:50 +02:00			`private readonly ILogger _logger;`
			`private readonly IOwinRequest _request;`

U4-8850 Configuring a custom BackOfficeUserManager type will not work if the type is not specifically BackOfficeUserManager 2016-08-12 12:20:00 +02:00			`public BackOfficeSignInManager(UserManager<BackOfficeIdentityUser, int> userManager, IAuthenticationManager authenticationManager, ILogger logger, IOwinRequest request)`
Implements SignInManager, implements lock out policy for user manager, allows for better implementation of 2 factor auth for developers. Updates to latest owin libs. 2015-07-01 17:07:29 +02:00			`: base(userManager, authenticationManager)`
			`{`
Fixes: U4-6736 Log "logout" from Umbraco and also ensures logging is occuring on timeout, logout, login all with Identity stuff. 2015-07-23 12:03:50 +02:00			`if (logger == null) throw new ArgumentNullException("logger");`
			`if (request == null) throw new ArgumentNullException("request");`
			`_logger = logger;`
			`_request = request;`
Implements SignInManager, implements lock out policy for user manager, allows for better implementation of 2 factor auth for developers. Updates to latest owin libs. 2015-07-01 17:07:29 +02:00			`AuthenticationType = Constants.Security.BackOfficeAuthenticationType;`
			`}`

			`public override Task<ClaimsIdentity> CreateUserIdentityAsync(BackOfficeIdentityUser user)`
			`{`
			`return user.GenerateUserIdentityAsync((BackOfficeUserManager)UserManager);`
			`}`

Fixes: U4-6736 Log "logout" from Umbraco and also ensures logging is occuring on timeout, logout, login all with Identity stuff. 2015-07-23 12:03:50 +02:00			`public static BackOfficeSignInManager Create(IdentityFactoryOptions<BackOfficeSignInManager> options, IOwinContext context, ILogger logger)`
Implements SignInManager, implements lock out policy for user manager, allows for better implementation of 2 factor auth for developers. Updates to latest owin libs. 2015-07-01 17:07:29 +02:00			`{`
Fixes: U4-6736 Log "logout" from Umbraco and also ensures logging is occuring on timeout, logout, login all with Identity stuff. 2015-07-23 12:03:50 +02:00			`return new BackOfficeSignInManager(`
U4-8850 Configuring a custom BackOfficeUserManager type will not work if the type is not specifically BackOfficeUserManager 2016-08-12 12:20:00 +02:00			`context.GetBackOfficeUserManager(),`
Fixes: U4-6736 Log "logout" from Umbraco and also ensures logging is occuring on timeout, logout, login all with Identity stuff. 2015-07-23 12:03:50 +02:00			`context.Authentication,`
			`logger,`
			`context.Request);`
			`}`

			`/// <summary>`
			`/// Sign in the user in using the user name and password`
			`/// </summary>`
			`/// <param name="userName"/><param name="password"/><param name="isPersistent"/><param name="shouldLockout"/>`
			`/// <returns/>`
removes some old notes 2016-07-12 13:36:08 +02:00			`public override async Task<SignInStatus> PasswordSignInAsync(string userName, string password, bool isPersistent, bool shouldLockout)`
Fixes: U4-6736 Log "logout" from Umbraco and also ensures logging is occuring on timeout, logout, login all with Identity stuff. 2015-07-23 12:03:50 +02:00			`{`
			`var result = await base.PasswordSignInAsync(userName, password, isPersistent, shouldLockout);`

			`switch (result)`
			`{`
			`case SignInStatus.Success:`
Cleans up the usages of auth cookies. OWIN is in charge of auth cookies but because we have Webforms, WebApi, MVC and OWIN, they all like to deal with cookies differently. OWIN should still be solely in charge of the auth cookies, so the auth extensions are cleaned up, the renewal now works by queuing the renewal and we have custom middleware detect if a force renewal has been queued and we renew the auth cookie there. Have obsoleted a few methods that should not be used that write auth tickets directly (this is purely for backwards compat with webforms). All of these changes now ensure that the auth cookie is renewed consistently between Webforms, WebApi, MVC and OWIN. Some changes also include ensuring that OWIN is used to sign out. 2015-11-19 18:12:21 +01:00			`_logger.WriteCore(TraceEventType.Information, 0,`
			`string.Format(`
			`"User: {0} logged in from IP address {1}",`
			`userName,`
			`_request.RemoteIpAddress), null, null);`
Fixes: U4-6736 Log "logout" from Umbraco and also ensures logging is occuring on timeout, logout, login all with Identity stuff. 2015-07-23 12:03:50 +02:00			`break;`
			`case SignInStatus.LockedOut:`
			`_logger.WriteCore(TraceEventType.Information, 0,`
			`string.Format(`
			`"Login attempt failed for username {0} from IP address {1}, the user is locked",`
			`userName,`
			`_request.RemoteIpAddress), null, null);`
			`break;`
			`case SignInStatus.RequiresVerification:`
			`_logger.WriteCore(TraceEventType.Information, 0,`
			`string.Format(`
			`"Login attempt failed for username {0} from IP address {1}, the user requires verification",`
			`userName,`
			`_request.RemoteIpAddress), null, null);`
			`break;`
			`case SignInStatus.Failure:`
			`_logger.WriteCore(TraceEventType.Information, 0,`
			`string.Format(`
			`"Login attempt failed for username {0} from IP address {1}",`
			`userName,`
			`_request.RemoteIpAddress), null, null);`
			`break;`
			`default:`
			`throw new ArgumentOutOfRangeException();`
			`}`

			`return result;`
Implements SignInManager, implements lock out policy for user manager, allows for better implementation of 2 factor auth for developers. Updates to latest owin libs. 2015-07-01 17:07:29 +02:00			`}`

			`/// <summary>`
			`/// Creates a user identity and then signs the identity using the AuthenticationManager`
			`/// </summary>`
			`/// <param name="user"></param>`
			`/// <param name="isPersistent"></param>`
			`/// <param name="rememberBrowser"></param>`
			`/// <returns></returns>`
			`public override async Task SignInAsync(BackOfficeIdentityUser user, bool isPersistent, bool rememberBrowser)`
			`{`
			`var userIdentity = await CreateUserIdentityAsync(user);`

			`// Clear any partial cookies from external or two factor partial sign ins`
			`AuthenticationManager.SignOut(`
			`Constants.Security.BackOfficeExternalAuthenticationType,`
			`Constants.Security.BackOfficeTwoFactorAuthenticationType);`

			`var nowUtc = DateTime.Now.ToUniversalTime();`

			`if (rememberBrowser)`
			`{`
			`var rememberBrowserIdentity = AuthenticationManager.CreateTwoFactorRememberBrowserIdentity(ConvertIdToString(user.Id));`
			`AuthenticationManager.SignIn(new AuthenticationProperties()`
			`{`
			`IsPersistent = isPersistent,`
			`AllowRefresh = true,`
			`IssuedUtc = nowUtc,`
			`ExpiresUtc = nowUtc.AddMinutes(GlobalSettings.TimeOutInMinutes)`
			`}, userIdentity, rememberBrowserIdentity);`
			`}`
			`else`
			`{`
			`AuthenticationManager.SignIn(new AuthenticationProperties()`
			`{`
			`IsPersistent = isPersistent,`
			`AllowRefresh = true,`
			`IssuedUtc = nowUtc,`
			`ExpiresUtc = nowUtc.AddMinutes(GlobalSettings.TimeOutInMinutes)`
			`}, userIdentity);`
			`}`
Fixes: U4-6736 Log "logout" from Umbraco and also ensures logging is occuring on timeout, logout, login all with Identity stuff. 2015-07-23 12:03:50 +02:00
			`_logger.WriteCore(TraceEventType.Information, 0,`
			`string.Format(`
			`"Login attempt succeeded for username {0} from IP address {1}",`
			`user.UserName,`
			`_request.RemoteIpAddress), null, null);`
Implements SignInManager, implements lock out policy for user manager, allows for better implementation of 2 factor auth for developers. Updates to latest owin libs. 2015-07-01 17:07:29 +02:00			`}`
			`}`
			`}`