Skip to content

Commit

Permalink
replace AllowAnonymous for SignumAllowAnonymous
Browse files Browse the repository at this point in the history
  • Loading branch information
@olmobrutall
olmobrutall committed Jul 10, 2019
1 parent 4945a6a commit 1ad8c24
Show file tree
Hide file tree
Showing 2 changed files with 14 additions and 1 deletion.
3 changes: 2 additions & 1 deletion Signum.React/ApiControllers/ReflectionController.cs
View file
Original file line number Diff line number Diff line change
Expand Up @@ -4,12 +4,13 @@
using Signum.Engine.Basics;
using Microsoft.AspNetCore.Mvc;
using Microsoft.AspNetCore.Authorization;
using Signum.React.Filters;

namespace Signum.React.ApiControllers
{
public class ReflectionController : ControllerBase
{
[HttpGet("api/reflection/types"), AllowAnonymous]
[HttpGet("api/reflection/types"), SignumAllowAnonymous]
public Dictionary<string, TypeInfoTS> Types()
{
return ReflectionServer.GetTypeInfoTS();
Expand Down
12 changes: 12 additions & 0 deletions Signum.React/Filters/SignumAllowAnonymousAttribute.cs
View file
Original file line number Diff line number Diff line change
@@ -0,0 +1,12 @@
using System;
using System.Collections.Generic;
using System.Linq;
using System.Threading.Tasks;

namespace Signum.React.Filters
{
[System.AttributeUsage(AttributeTargets.Class | AttributeTargets.Method, Inherited = false)]
public sealed class SignumAllowAnonymousAttribute : Attribute
{
}
}

2 comments on commit 1ad8c24

@olmobrutall
Copy link
Collaborator Author

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Windows Authentication with Single Sign-On.

The good news is that Signum framework has now support for Single Sign-On. 😄

In the Client side: you need to call AuthClient.registerWindowsAuthenticator in your Main.tsx before AuthClient.registerUserTicketAuthenticator (or just replace it).

In the Server side you need to register the ActiveDirectoryAuthorizer

    //in Starter.Start
    AuthLogic.Start(sb, "System", null);
    AuthLogic.Authorizer = new ActiveDirectoryAuthorizer(() => Configuration.Value.ActiveDirectory);

  //In ApplicationConfigurationEntity
  public ActiveDirectoryConfigurationEmbedded ActiveDirectory { get; set; }

In IIS you need to install and enable Windows authentication in IIS as explained here. https://docs.microsoft.com/en-us/aspnet/core/security/authentication/windowsauth?view=aspnetcore-2.2&tabs=visual-studio

The current implementation supports both Windows Authentication mode:

/*in lauchsettings.json*/
"iisSettings": {
    "windowsAuthentication": true,
    "anonymousAuthentication": false, <---
    "iisExpress": {
        "applicationUrl": "http://localhost:52171/",
        "sslPort": 44308
    }
}

And mixed mode

/*in lauchsettings.json*/
"iisSettings": {
    "windowsAuthentication": true,
    "anonymousAuthentication": true, <---
    "iisExpress": {
        "applicationUrl": "http://localhost:52171/",
        "sslPort": 44308
    }
}

Replace AllowAnonymous by SignumAllowAnonymous 💣

In order to support mixed mode, the action AuthController.LoginWindowsAuthentication requires the attribute Microsoft.AspNetCore.Authorization.AuthorizeAttribute (to create the challenge response that forces the browser to provide windows information).

Additionally this method needs to skip the SignumAuthenticationFilter pipeline that provides every request with a UserEntity. This was traditionally done in Signum with the Microsoft.AspNetCore.Authorization.AllowAnonymousAttribute but, as explained here, this has the effect of disabling Microsft's AuthorizeAttribute.

The solution is a run-time breaking change 💣 . There is a new SignumAllowAnonymousAttribute that disables SignumAuthenticationFilter, and all the controllers that previously use AllowAnonymous should now use the new attribute. This includes custom actions for public portals or file downloads.

Example here: signumsoftware/extensions@aae765a

@MehdyKarimpour
Copy link
Contributor

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Asweome!

Please sign in to comment.