Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Integrate Microsoft.Owin.Security #1667

Merged
merged 18 commits into from
Oct 22, 2013
Merged

Integrate Microsoft.Owin.Security #1667

merged 18 commits into from
Oct 22, 2013

Conversation

analogrelay
Copy link
Contributor

Fixes #1659

This just integrates Microsoft.Owin.Security in to existing username/password and API key auth to prep for OAuth.

Test Notes

  • Create some SHA1-password users before deployment (I'll send out instructions)
  • Log in with various users having PBKDF2 ("new") and SHA1 ("old") passwords, verify that SHA1 passwords are replaced (instructions to come)
  • Log off and try to directly hit a URL like "/account", verify redirect to login page and redirect back to "/account" after login
  • Upload packages through the GUI
  • Upload packages through NuGet push API
  • Use NuGet push with no API Key -> Get Username prompt
  • Use NuGet push with bogus API Key -> Get Forbidden response
  • Use NuGet push with API key that doesn't own package -> Get Forbidden response
  • Log in, then navigate to "http://[nuget site root]/" -> Redirects to SSL Homepage
  • Log off, verify that the following Cookies are NOT present: ".AspNet.Cookies", ".ForceSSL"

@analogrelay
Stashing Katana Auth work
a6bc135
@analogrelay
Started a new authentication service to pull auth-related stuff out o…
23c96a2 
…f UserService.

Also, as a demonstration of a cleaner service layer.
@analogrelay
Implemented AuthenticationService.AuthenticateUser
f8b9e78
@analogrelay
Stashing auth rearch
b5db150
@analogrelay
Moved things over to use UserSession instead of IPrincipal
f350b17
@analogrelay
Moved authentication logic to its own service
c74be6e
@analogrelay
Fixed up infrastructure
1146cc4
@analogrelay
Switched to default auth cookie name
07335b6
@analogrelay
C is for COOKIE AUTH!
617d078
@analogrelay
Fix issue with IStatisticsService bindings being null
4cf0eb4
@analogrelay
Added a glimpse tab to view auth info.
583f644
@analogrelay
Added API Key auth middleware
344ddee
@analogrelay
Updated ApiKey Auth module to be path-specific
2bfbed3
@analogrelay
Configured cookie and API key auth to play nicely
6627cfe
@analogrelay
Got it building with the new GetCurrentUser() helper
00079db
@analogrelay
Most unit tests passing
0bbc374
@analogrelay
Updated Facts.
a4bdacb
@analogrelay
Added middleware to force ssl when authenticated
27a8a4d
@analogrelay analogrelay merged commit 27a8a4d into dev Oct 22, 2013
@analogrelay analogrelay deleted the anurse/1659-owinsecurity branch December 9, 2013 23:46
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers
No reviews
Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.
1 participant
@analogrelay