Merge pull request #1839 from mvalipour/feature/support-session-store

Add support for cookie session store
IdentityServer · Oct 22, 2015 · f4d7be3 · f4d7be3
2 parents 926a677 + cbd0a61
commit f4d7be3
Show file tree

Hide file tree

Showing 6 changed files with 135 additions and 1 deletion.
diff --git a/source/Core/Configuration/AppBuilderExtensions/ConfigureCookieAuthenticationExtension.cs b/source/Core/Configuration/AppBuilderExtensions/ConfigureCookieAuthenticationExtension.cs
@@ -44,7 +44,8 @@ public static IAppBuilder ConfigureCookieAuthentication(this IAppBuilder app, Co
                 ExpireTimeSpan = options.ExpireTimeSpan,
                 SlidingExpiration = options.SlidingExpiration,
                 CookieSecure = GetCookieSecure(options.SecureMode),
-                TicketDataFormat = new TicketDataFormat(new DataProtectorAdapter(dataProtector, options.Prefix + Constants.PrimaryAuthenticationType))
+                TicketDataFormat = new TicketDataFormat(new DataProtectorAdapter(dataProtector, options.Prefix + Constants.PrimaryAuthenticationType)),
+                SessionStore = GetSessionStore(options.SessionStoreProvider)
             };
             app.UseCookieAuthentication(primary);
 
@@ -116,5 +117,10 @@ private static CookieSecureOption GetCookieSecure(CookieSecureMode cookieSecureM
                     throw new InvalidOperationException("Invalid CookieSecureMode");
             }
         }
+
+        private static IAuthenticationSessionStore GetSessionStore(IAuthenticationSessionStoreProvider provider)
+        {
+            return provider != null ? new AuthenticationSessionStoreWrapper(provider) : null;
+        }
     }
 }
diff --git a/source/Core/Configuration/AuthenticationSessionStoreWrapper.cs b/source/Core/Configuration/AuthenticationSessionStoreWrapper.cs
@@ -0,0 +1,38 @@
+namespace IdentityServer3.Core.Configuration
+{
+    using System.Threading.Tasks;
+
+    using Microsoft.Owin.Security;
+    using Microsoft.Owin.Security.Cookies;
+
+    internal class AuthenticationSessionStoreWrapper : IAuthenticationSessionStore
+    {
+        private readonly IAuthenticationSessionStoreProvider provider;
+
+        public AuthenticationSessionStoreWrapper(IAuthenticationSessionStoreProvider provider)
+        {
+            this.provider = provider;
+        }
+
+        public Task<string> StoreAsync(AuthenticationTicket ticket)
+        {
+            return this.provider.StoreAsync(new AuthenticationTicketModel(ticket));
+        }
+
+        public Task RenewAsync(string key, AuthenticationTicket ticket)
+        {
+            return this.provider.RenewAsync(key, new AuthenticationTicketModel(ticket));
+        }
+
+        public async Task<AuthenticationTicket> RetrieveAsync(string key)
+        {
+            var ticket = await this.provider.RetrieveAsync(key);
+            return ticket == null ? null : ticket.ToAuthenticationTicket();
+        }
+
+        public Task RemoveAsync(string key)
+        {
+            return this.provider.RemoveAsync(key);
+        }
+    }
+}
diff --git a/source/Core/Configuration/AuthenticationTicketModel.cs b/source/Core/Configuration/AuthenticationTicketModel.cs
@@ -0,0 +1,42 @@
+namespace IdentityServer3.Core.Configuration
+{
+    using System.Collections.Generic;
+    using System.Security.Claims;
+
+    using Microsoft.Owin.Security;
+
+    /// <summary>
+    /// A model class represending an authentication ticket
+    /// </summary>
+    public class AuthenticationTicketModel
+    {
+        /// <summary>
+        /// Instantiates an instance of authentication ticket
+        /// </summary>
+        public AuthenticationTicketModel(ClaimsIdentity identity, IDictionary<string, string> properties)
+        {
+            this.Identity = identity;
+            this.Properties = properties;
+        }
+
+        internal AuthenticationTicketModel(AuthenticationTicket ticket)
+            : this(ticket.Identity, ticket.Properties.Dictionary)
+        {
+        }
+
+        /// <summary>
+        /// The claims identity of the authentication ticket
+        /// </summary>
+        public ClaimsIdentity Identity { get; private set; }
+
+        /// <summary>
+        /// Authentication ticket properties
+        /// </summary>
+        public IDictionary<string, string> Properties { get; private set; }
+
+        internal AuthenticationTicket ToAuthenticationTicket()
+        {
+            return new AuthenticationTicket(this.Identity, new AuthenticationProperties(this.Properties));
+        }
+    }
+}
diff --git a/source/Core/Configuration/CookieOptions.cs b/source/Core/Configuration/CookieOptions.cs
@@ -100,5 +100,11 @@ public CookieOptions()
         /// The secure.
         /// </value>
         public CookieSecureMode SecureMode { get; set; }
+
+        /// <summary>
+        /// An optional container in which to store the identity across requests. When used, only a session identifier is sent
+        /// to the client. This can be used to mitigate potential problems with very large identities.
+        /// </summary>
+        public IAuthenticationSessionStoreProvider SessionStoreProvider { get; set; }
     }
 }
diff --git a/source/Core/Configuration/IAuthenticationSessionStoreProvider.cs b/source/Core/Configuration/IAuthenticationSessionStoreProvider.cs
@@ -0,0 +1,39 @@
+namespace IdentityServer3.Core.Configuration
+{
+    using System.Threading.Tasks;
+
+    /// <summary>
+    /// Providers the authentication session stores functions
+    /// </summary>
+    public interface IAuthenticationSessionStoreProvider
+    {
+        /// <summary>
+        /// Provides the remove functionality of session store
+        /// </summary>
+        /// <param name="key">Session key</param>
+        /// <returns>Async task</returns>
+        Task RemoveAsync(string key);
+
+        /// <summary>
+        /// Provides the renew functionality of session store
+        /// </summary>
+        /// <param name="key">Session key</param>
+        /// <param name="identity">Authentication ticket</param>
+        /// <returns>Async task</returns>
+        Task RenewAsync(string key, AuthenticationTicketModel identity);
+
+        /// <summary>
+        /// Provides the retrieve functionality of session store
+        /// </summary>
+        /// <param name="key">Session key</param>
+        /// <returns>Async task with authentication ticket result</returns>
+        Task<AuthenticationTicketModel> RetrieveAsync(string key);
+
+        /// <summary>
+        /// Provides the store functionality of session store
+        /// </summary>
+        /// <param name="ticket">Authentication ticket</param>
+        /// <returns>Async task with session key</returns>
+        Task<string> StoreAsync(AuthenticationTicketModel ticket);
+    }
+}
diff --git a/source/Core/Core.csproj b/source/Core/Core.csproj
@@ -130,9 +130,12 @@
     <Compile Include="Configuration\AppBuilderExtensions\ConfigureIdentityServerIssuerExtension.cs" />
     <Compile Include="Configuration\AppBuilderExtensions\ConfigureRequestIdExtension.cs" />
     <Compile Include="Configuration\AppBuilderExtensions\ConfigureHttpLoggingExtension.cs" />
+    <Compile Include="Configuration\AuthenticationSessionStoreWrapper.cs" />
+    <Compile Include="Configuration\AuthenticationTicketModel.cs" />
     <Compile Include="Configuration\CookieSecureMode.cs" />
     <Compile Include="Configuration\EventsOptions.cs" />
     <Compile Include="Configuration\InputLengthRestrictions.cs" />
+    <Compile Include="Configuration\IAuthenticationSessionStoreProvider.cs" />
     <Compile Include="Configuration\X509CertificateDataProtector.cs" />
     <Compile Include="Endpoints\Connect\RevocationEndpointController.cs" />
     <Compile Include="Endpoints\WelcomeController.cs" />