Update auth

EmployeePaycheck/EmployeePaycheck.csproj

@@ -11,6 +11,7 @@
     <PackageReference Include="Microsoft.Identity.Web" Version="2.12.4" />
     <PackageReference Include="Microsoft.Identity.Web.UI" Version="2.12.4" />
     <PackageReference Include="Microsoft.Extensions.Localization" Version="7.0.8" />
+    <PackageReference Include="Microsoft.AspNetCore.Authentication.OpenIdConnect" Version="7.0.8" />
     <PackageReference Include="NetEscapades.AspNetCore.SecurityHeaders" Version="0.19.0" />
     <PackageReference Include="NetEscapades.AspNetCore.SecurityHeaders.TagHelpers" Version="0.19.0" />
   </ItemGroup>

EmployeePaycheck/Pages/Paycheck/PaycheckDetailsS3.cshtml.cs

@@ -1,10 +1,11 @@
 using Microsoft.AspNetCore.Mvc;
 using Microsoft.AspNetCore.Authorization;
 using Microsoft.AspNetCore.Mvc.RazorPages;
+using Microsoft.AspNetCore.Authentication.Cookies;
 
 namespace EmployeePaycheck.Pages.Paycheck;
 
-[AllowAnonymous]
+[Authorize(AuthenticationSchemes = CookieAuthenticationDefaults.AuthenticationScheme)]
 public class PaycheckDetailsS3Model : PageModel
 {
     [BindProperty(SupportsGet = true)]

EmployeePaycheck/Pages/Paycheck/PaycheckVerifyEmployeeS2.cshtml

@@ -37,7 +37,7 @@
 <div id="pinCodeText" style="display: none"></div>
 
 <form method="post" id="verifyEmployeePaycheck" action="" novalidate>
-    <input type="hidden" required id="statePresented" />
+    <input type="hidden" required id="statePresented" name="statePresented"/>
 </form>
 
 <script src="qrcode.min.js" nonce="@nonce"></script>

EmployeePaycheck/Pages/Paycheck/PaycheckVerifyEmployeeS2.cshtml.cs

@@ -1,12 +1,24 @@
 using Microsoft.AspNetCore.Mvc;
 using Microsoft.AspNetCore.Authorization;
 using Microsoft.AspNetCore.Mvc.RazorPages;
+using Microsoft.Extensions.Caching.Distributed;
+using VerifierInsuranceCompany.Services;
+using System.Security.Claims;
+using Microsoft.AspNetCore.Authentication;
+using Microsoft.AspNetCore.Authentication.Cookies;
 
 namespace EmployeePaycheck.Pages.Paycheck;
 
 [AllowAnonymous]
 public class PaycheckVerifyEmployeeS2Model : PageModel
 {
+    protected readonly IDistributedCache _distributedCache;
+
+    public PaycheckVerifyEmployeeS2Model(IDistributedCache distributedCache)
+    {
+        _distributedCache = distributedCache;
+    }
+
     [BindProperty(SupportsGet = true)]
     public string? PaycheckId { get; set; }
 
@@ -21,8 +33,39 @@ public IActionResult OnGet()
         return Page();
     }
 
-    public IActionResult OnPost()
+    public async Task<IActionResult> OnPostAsync()
     {
+        if (StatePresented == null)
+        {
+            ModelState.AddModelError("StatePresented", "no vc");
+            return Page();
+        }
+
+        var credentialData = CacheData.GetFromCache(StatePresented, _distributedCache);
+
+        var claims = new List<Claim> {
+            new Claim("DisplayName", credentialData!.Employee.DisplayName, ClaimValueTypes.String, "damienbodsharepoint"),
+            new Claim("JobTitle", credentialData!.Employee.JobTitle, ClaimValueTypes.String, "damienbodsharepoint"),
+            new Claim("PreferredLanguage", credentialData!.Employee.PreferredLanguage, ClaimValueTypes.String, "damienbodsharepoint"),
+            new Claim("RevocationId", credentialData!.Employee.RevocationId, ClaimValueTypes.String, "damienbodsharepoint"),
+            new Claim("GivenName", credentialData!.Employee.GivenName, ClaimValueTypes.String, "damienbodsharepoint"),
+            new Claim("Mail", credentialData!.Employee.Mail, ClaimValueTypes.String, "damienbodsharepoint"),
+            new Claim("Surname", credentialData!.Employee.Surname, ClaimValueTypes.String, "damienbodsharepoint"),
+        };
+
+        var userIdentity = new ClaimsIdentity(claims, "entraemployee");
+
+        var userPrincipal = new ClaimsPrincipal(userIdentity);
+
+        await HttpContext.SignInAsync(CookieAuthenticationDefaults.AuthenticationScheme,
+            userPrincipal,
+            new AuthenticationProperties
+            {
+                ExpiresUtc = DateTime.UtcNow.AddMinutes(20),
+                IsPersistent = false,
+                AllowRefresh = false
+            });
+
         return Redirect($"~/Paycheck/PaycheckDetailsS3/{PaycheckId}");
     }
 }

EmployeePaycheck/Program.cs

@@ -1,3 +1,5 @@
+using Microsoft.AspNetCore.Authentication.Cookies;
+using Microsoft.AspNetCore.Authentication.OpenIdConnect;
 using VerifierInsuranceCompany;
 
 namespace EmployeePaycheck;
@@ -16,6 +18,12 @@ public static void Main(string[] args)
         builder.Services.AddHttpClient();
         builder.Services.AddDistributedMemoryCache();
 
+        builder.Services.AddAuthentication(options =>
+        {
+            options.DefaultScheme = CookieAuthenticationDefaults.AuthenticationScheme;
+        })
+        .AddCookie();
+
         // Add services to the container.
         builder.Services.AddRazorPages();
 
@@ -36,6 +44,7 @@ public static void Main(string[] args)
 
         app.UseRouting();
 
+        app.UseAuthentication();
         app.UseAuthorization();
 
         app.MapControllers();

EmployeePaycheck/wwwroot/verifier.js

@@ -48,11 +48,9 @@ signIn.addEventListener('click', () => {
                 if (respMsg.status == 'presentation_verified') {
                     //document.getElementById('message').innerHTML = respMsg.message;
                     //document.getElementById('payload').innerHTML = "Payload: " + JSON.stringify(respMsg.payload);
-                    //document.getElementById('subject').innerHTML = respMsg.name + " is a Verified Employee";
 
-                    document.getElementById('message').innerHTML = '';
                     document.getElementById('statePresented').value = respPresentationReq.id;
-
+                    document.getElementById('message').innerHTML = '';
                     document.getElementById('subject').innerHTML = "Verified Employee";
                     clearInterval(checkStatus);
                 }