Merge pull request #15876 from abpframework/CookieAuthenticationOptionsExtensions

Check the token when refreshing the blazor server page.
3 years ago · e12da63226
parent 0b08f85ec4 4d534b942e
commit e12da63226
3 changed files with 65 additions and 5 deletions
--- a/framework/src/Volo.Abp.AspNetCore.Components.Server/Microsoft/AspNetCore/Authentication/Cookies/CookieAuthenticationOptionsExtensions.cs
+++ b/framework/src/Volo.Abp.AspNetCore.Components.Server/Microsoft/AspNetCore/Authentication/Cookies/CookieAuthenticationOptionsExtensions.cs
@ -0,0 +1,56 @@
+using System;
+using IdentityModel.Client;
+using Microsoft.AspNetCore.Authentication.OpenIdConnect;
+using Microsoft.Extensions.DependencyInjection;
+using Microsoft.Extensions.Options;
+
+namespace Microsoft.AspNetCore.Authentication.Cookies;
+
+public static class CookieAuthenticationOptionsExtensions
+{
+    /// <summary>
+    /// Introspect access token on validating the principal.
+    /// </summary>
+    /// <param name="options"></param>
+    /// <param name="oidcAuthenticationScheme"></param>
+    /// <returns></returns>
+    public static CookieAuthenticationOptions IntrospectAccessToken(this CookieAuthenticationOptions options, string oidcAuthenticationScheme = "oidc")
+    {
+        var originalHandler = options.Events.OnValidatePrincipal;
+        options.Events.OnValidatePrincipal = async principalContext =>
+        {
+            originalHandler?.Invoke(principalContext);
+
+            if (principalContext.Principal != null && principalContext.Principal.Identity != null && principalContext.Principal.Identity.IsAuthenticated)
+            {
+                var accessToken = principalContext.Properties.GetTokenValue("access_token");
+                if (!accessToken.IsNullOrWhiteSpace())
+                {
+                    var openIdConnectOptions = principalContext.HttpContext.RequestServices.GetRequiredService<IOptionsMonitor<OpenIdConnectOptions>>().Get(oidcAuthenticationScheme);
+                    if (openIdConnectOptions.Configuration == null && openIdConnectOptions.ConfigurationManager != null)
+                    {
+                        openIdConnectOptions.Configuration = await openIdConnectOptions.ConfigurationManager.GetConfigurationAsync(principalContext.HttpContext.RequestAborted);
+                    }
+
+                    var response = await openIdConnectOptions.Backchannel.IntrospectTokenAsync(new TokenIntrospectionRequest
+                    {
+                        Address = openIdConnectOptions.Configuration?.IntrospectionEndpoint ?? openIdConnectOptions.Authority.EnsureEndsWith('/') + "connect/introspect",
+                        ClientId = openIdConnectOptions.ClientId,
+                        ClientSecret = openIdConnectOptions.ClientSecret,
+                        Token = accessToken
+                    });
+
+                    if (response.IsActive)
+                    {
+                        return;
+                    }
+                }
+
+                principalContext.RejectPrincipal();
+                await principalContext.HttpContext.SignOutAsync(principalContext.Scheme.Name);
+            }
+        };
+
+        return options;
+    }
+}
--- a/framework/src/Volo.Abp.AspNetCore.Components.Server/Volo.Abp.AspNetCore.Components.Server.csproj
+++ b/framework/src/Volo.Abp.AspNetCore.Components.Server/Volo.Abp.AspNetCore.Components.Server.csproj
@ -12,11 +12,13 @@
    </PropertyGroup>

    <ItemGroup>
-      <ProjectReference Include="..\Volo.Abp.AspNetCore.Components.Web\Volo.Abp.AspNetCore.Components.Web.csproj" />
-      <ProjectReference Include="..\Volo.Abp.AspNetCore.Mvc.Contracts\Volo.Abp.AspNetCore.Mvc.Contracts.csproj" />
-      <ProjectReference Include="..\Volo.Abp.EventBus\Volo.Abp.EventBus.csproj" />
-      <ProjectReference Include="..\Volo.Abp.Http.Client\Volo.Abp.Http.Client.csproj" />
-      <ProjectReference Include="..\Volo.Abp.AspNetCore.SignalR\Volo.Abp.AspNetCore.SignalR.csproj" />
+        <ProjectReference Include="..\Volo.Abp.AspNetCore.Components.Web\Volo.Abp.AspNetCore.Components.Web.csproj" />
+        <ProjectReference Include="..\Volo.Abp.AspNetCore.Mvc.Contracts\Volo.Abp.AspNetCore.Mvc.Contracts.csproj" />
+        <ProjectReference Include="..\Volo.Abp.EventBus\Volo.Abp.EventBus.csproj" />
+        <ProjectReference Include="..\Volo.Abp.Http.Client\Volo.Abp.Http.Client.csproj" />
+        <ProjectReference Include="..\Volo.Abp.AspNetCore.SignalR\Volo.Abp.AspNetCore.SignalR.csproj" />
+        <PackageReference Include="Microsoft.AspNetCore.Authentication.OpenIdConnect" Version="$(MicrosoftAspNetCorePackageVersion)" />
+        <PackageReference Include="IdentityModel" Version="6.0.0" />
    </ItemGroup>

 </Project>
--- a/templates/app/aspnet-core/src/MyCompanyName.MyProjectName.Blazor.Server.Tiered/MyProjectNameBlazorModule.cs
+++ b/templates/app/aspnet-core/src/MyCompanyName.MyProjectName.Blazor.Server.Tiered/MyProjectNameBlazorModule.cs
@ -4,6 +4,7 @@ using Blazorise.Bootstrap5;
 using Blazorise.Icons.FontAwesome;
 using Medallion.Threading;
 using Medallion.Threading.Redis;
+using Microsoft.AspNetCore.Authentication.Cookies;
 using Microsoft.AspNetCore.Builder;
 using Microsoft.AspNetCore.DataProtection;
 using Microsoft.AspNetCore.Hosting;
@ -163,6 +164,7 @@ public class MyProjectNameBlazorModule : AbpModule
            .AddCookie("Cookies", options =>
            {
                options.ExpireTimeSpan = TimeSpan.FromDays(365);
+                options.IntrospectAccessToken();
            })
            .AddAbpOpenIdConnect("oidc", options =>
            {