Check claims (email) before creating a new cookie, without asp. core identity store using asp net core social login

Bipn Paul

I'm working on my hobby project where I'have implemented social login via Google.

now I want to prevent this so that only certain user can sign in into the app, As I found that there is no way to restrict this on google OAuth side, So I have added a table to store the email and role.

if the email address is not found in that table I want to prevent a user from signing.

            services
           .AddAuthentication(options =>
           {
               options.DefaultScheme = CookieAuthenticationDefaults.AuthenticationScheme;
           })
           .AddCookie()
           .AddGoogle(googleOption =>
           {

               googleOption.ClientId = Configuration["Authentication:Google:ClientID"]; ;
               googleOption.ClientSecret = Configuration["Authentication:Google:ClientSecret"];
               googleOption.Events.OnRemoteFailure = (context) =>
               {
                   context.HandleResponse();
                   return context.Response.WriteAsync("<script>window.close();</script>");
               };
               googleOption.Events = new Microsoft.AspNetCore.Authentication.OAuth.OAuthEvents
               {
                   OnTicketReceived = async ctx =>
                   {
                       string emailAddress = ctx.Principal.
                                               FindFirstValue("http://schemas.xmlsoap.org/ws/2005/05/identity/claims/emailaddress");
                       var db = ctx.HttpContext.RequestServices.GetRequiredService<DbContext>();
                       var roles = await db.EmailRoles.Where(c => c.Email == emailAddress).ToListAsync();
                       if (roles.Count > 1)                           
                       {
                           var claims = new List<Claim>();
                           foreach (var item in roles)
                           {
                               claims.Add(new Claim(ClaimTypes.Role, item.Role));
                           }
                           var appIdentity = new ClaimsIdentity(claims);
                           ctx.Principal.AddIdentity(appIdentity);
                       }
                   }
               };
           });

DaImTo

I think you are looking for OnCreatingTicket. this will allow you to test the users as their logging in. In this example only gmail.com emails would be allowed to login anyone else would be kicked out

 services.AddAuthentication(options =>
        {
            options.DefaultAuthenticateScheme = CookieAuthenticationDefaults.AuthenticationScheme;
            options.DefaultSignInScheme = CookieAuthenticationDefaults.AuthenticationScheme;
        })
        .AddCookie()
        .AddGoogle("Google", options =>
        {
            options.ClientId = Configuration["Authentication:Google:ClientId"];
            options.ClientSecret = Configuration["Authentication:Google:ClientSecret"];
            options.Events = new OAuthEvents
            {
                OnCreatingTicket = context =>
                {
                    string domain = context.User.Value<string>("domain");
                    if (domain != "gmail.com")
                        throw new GoogleAuthenticationException("You must sign in with a gmail.com email address");

                    return Task.CompletedTask;
                }
            };
        });

Collected from the Internet

Please contact [email protected] to delete if infringement.

edited at2020-12-7

Comments

0 comments

How to refresh CSRF token on login when using cookie authentication without identity in ASP .NET Core Web API

External Login without using identity asp.net core 2.0

Not able to get user group claims when using Azure AD as external login alongside Identity Core(ASP.NET Core 2.1)

How to check privileges in JWT using Claims in ASP.NET Core?

client specific claims identity server4 using asp.net core identity

Dynamic claims asp.net core identity no DB persistence

ASP .NET CORE 2.2 JWT & Claims identity Authentication for Website

Check claims (email) before creating a new cookie, without asp. core identity store using asp net core social login

Check claims (email) before creating a new cookie, without asp. core identity store using asp net core social login

pump.io port in URL

Failed to listen on localhost:8000 (reason: Cannot assign requested address)

How to import an asset in swift using Bundle.main.path() in a react-native native module

Inner Loop design for webscrapping

Can't pre-populate phone number and message body in SMS link on iPhones when SMS app is not running in the background

ggplotly no applicable method for 'plotly_build' applied to an object of class "NULL" if statements

mysql.connector.errors.InterfaceError: 2003: Can't connect to MySQL server on '127.0.0.1:3306' (111 Connection refused)

Removed zsh, but forgot to change shell back to bash, and now Ubuntu crashes (wsl)

Ambiguous use of 'init' with CFStringTransform and Swift 3

Resetting Value of <input type="time"> in Firefox

Execute ./script.sh with a crontab

Converting a class method to a property with a backing field

Spring Boot JPA PostgreSQL Web App - Internal Authentication Error

How to update azerothcore-wotlk docker container

How to set tab order for array of cluster,where cluster elements have different data types in LabVIEW?

Grails with Oracle thick OCI driver authenticate to Oracle with wrong user

How to pass data to the ng2-bs3-modal?

Making Array From Page Elements in jQuery

Retrieve Element Tag Value XML Using Bash

Laravel's ORM sync with timestamps doesn't update timestamps

Do animations stop css changes after animation completion?