Class SemanticAuthentication

Namespace

The.Security

Assembly

Instagile.dll

Wraps another authenticator, attaching semantic meaning to the username. Semantic alternates are stored in ASP.NET Identity-compatible claims.

public sealed class SemanticAuthentication : IAuthentication

Inheritance

object

SemanticAuthentication

Implements

IAuthentication

Inherited Members

object.Equals(object)

object.Equals(object, object)

object.GetHashCode()

object.GetType()

object.ReferenceEquals(object, object)

object.ToString()

Remarks

Requires DB access before remote authentication, so it's not suitable for client-server apps. As such the implementation of sign/encrypt is a bit futile, although it would work if that was overcome (perhaps by replacing the lookup with an RPC).

Constructors

SemanticAuthentication(IAuthentication, Semantics)

Wraps another authenticator, attaching semantic meaning to the username. Semantic alternates are stored in ASP.NET Identity-compatible claims.

public SemanticAuthentication(IAuthentication inner, Semantics semantics = Semantics.Any)

Parameters

inner IAuthentication

semantics Semantics

Remarks

Requires DB access before remote authentication, so it's not suitable for client-server apps. As such the implementation of sign/encrypt is a bit futile, although it would work if that was overcome (perhaps by replacing the lookup with an RPC).

Fields

EmailAddressClaim

public const string EmailAddressClaim = "identity.email.address"

Field Value

string

EmailConfirmedClaim

public const string EmailConfirmedClaim = "identity.email.confirmed"

Field Value

string

PhoneConfirmedClaim

public const string PhoneConfirmedClaim = "identity.phone.confirmed"

Field Value

string

PhoneNumberClaim

public const string PhoneNumberClaim = "identity.phone.number"

Field Value

string

Properties

CanEncrypt

true if the authenticator supports secured key exchange

public bool CanEncrypt { get; }

Property Value

bool

Remarks

this is used to establish shared secrets. implementations could be based on public key cryptography, diffie-helmann, or out of band methods

CanLookup

true if the authenticator supports looking up an IUserAccount for an authenticator-specific username

public bool CanLookup { get; }

Property Value

bool

CanSign

true if the authenticator supports digital signatures (not necessarily cryptographic)

public bool CanSign { get; }

Property Value

bool

Remarks

signature doesn't have to be based on the operation; it can use some other capability like ambient windows logon

IsAuthoritative

If true, the returned identity should be accepted without server verification

public bool IsAuthoritative { get; }

Property Value

bool

Remarks

May depend on ambient state - don't cache the result. As well as enabling automatic login, this is used by SecurityService to decide whether it's ok to perform purely-local authentication without calling IEntityStore.Connect.

Realm

Describes identities within the purview of this authenticator

public string Realm { get; }

Property Value

string

RequiresCredentials

Expects non-empty Credentials in order to perform client-side identity operations

public bool RequiresCredentials { get; }

Property Value

bool

Methods

FindAccountAsync(IEntityContext, Credentials)

Look up a user account based on the identity components of the supplied credentials.

public Task<IUserAccount?> FindAccountAsync(IEntityContext context, Credentials credentials)

Parameters

context IEntityContext

credentials Credentials

Returns

Task<IUserAccount>

Remarks

Does not validate or normalise credentials.

SetEmailAddressAsync(IUserAccount, string)

public static Task SetEmailAddressAsync(IUserAccount account, string emailAddress)

Parameters

account IUserAccount

emailAddress string

Returns

Task

SetPhoneNumberAsync(IUserAccount, string)

public static Task SetPhoneNumberAsync(IUserAccount account, string phoneNumber)

Parameters

account IUserAccount

phoneNumber string

Returns

Task