public virtual async Task DecorateAsync(AuthenticateResult authenticateResult, string authenticationScheme, IClaimBuilderCollection claims, AuthenticationProperties properties)
{
try
{
if (authenticateResult == null)
{
throw new ArgumentNullException(nameof(authenticateResult));
}
if (claims == null)
{
throw new ArgumentNullException(nameof(claims));
}
if (!this.IsActiveLoginAuthenticationScheme(authenticationScheme))
{
return;
}
var identityProviderClaim = claims.FindFirstIdentityProviderClaim();
if (identityProviderClaim == null)
{
identityProviderClaim = new ClaimBuilder
{
Type = ExtendedClaimTypes.IdentityProvider,
};
claims.Add(identityProviderClaim);
}
identityProviderClaim.Issuer = identityProviderClaim.OriginalIssuer = null;
identityProviderClaim.Value = this.IdentityProvider;
var originalIdentityProviderClaim = authenticateResult.Principal.Claims.FindFirstIdentityProviderClaim();
if (originalIdentityProviderClaim != null)
{
claims.Add(new ClaimBuilder(originalIdentityProviderClaim)
{
Type = this.OriginalIdentityProviderClaimType
});
}
await Task.CompletedTask.ConfigureAwait(false);
}
catch (Exception exception)
{
const string message = "Could not decorate active-login-callback.";
this.Logger.LogErrorIfEnabled(exception, message);
throw new InvalidOperationException(message, exception);
}
}
public override async Task DecorateAsync(AuthenticateResult authenticateResult, string authenticationScheme, IClaimBuilderCollection claims, AuthenticationProperties properties)
{
if (authenticateResult == null)
{
throw new ArgumentNullException(nameof(authenticateResult));
}
if (authenticateResult.Principal == null)
{
throw new ArgumentException("The principal-property of the authenticate-result can not be null.", nameof(authenticateResult));
}
if (claims == null)
{
throw new ArgumentNullException(nameof(claims));
}
foreach (var claim in authenticateResult.Principal.Claims)
{
if (!this.ClaimTypeExclusions.Contains(claim.Type))
{
claims.Add(new ClaimBuilder(claim));
}
}
await base.DecorateAsync(authenticateResult, authenticationScheme, claims, properties).ConfigureAwait(false);
}
protected internal virtual void AddAuthenticationSchemeAsIdentityProviderClaimIfNecessary(string authenticationScheme, IClaimBuilderCollection claims)
{
if (authenticationScheme == null)
{
throw new ArgumentNullException(nameof(authenticationScheme));
}
if (claims == null)
{
throw new ArgumentNullException(nameof(claims));
}
if (!this.IncludeAuthenticationSchemeAsIdentityProviderClaim)
{
return;
}
var identityProviderClaim = claims.FindFirstIdentityProviderClaim();
if (identityProviderClaim != null)
{
return;
}
claims.Add(ExtendedClaimTypes.IdentityProvider, authenticationScheme);
}
public override async Task DecorateAsync(AuthenticateResult authenticateResult, string authenticationScheme, IClaimBuilderCollection claims, AuthenticationProperties properties)
{
if(authenticateResult == null)
throw new ArgumentNullException(nameof(authenticateResult));
if(authenticateResult.Principal == null)
throw new ArgumentException("The principal-property of the authenticate-result can not be null.", nameof(authenticateResult));
if(claims == null)
throw new ArgumentNullException(nameof(claims));
foreach(var mapping in this.ClaimInclusionsMap.Values)
{
if(!this.TryGetSpecialSourceClaim(authenticateResult.Principal, mapping.Source, out var claim))
{
var sourceClaim = this.GetSourceClaim(authenticateResult.Principal, mapping.Source);
if(sourceClaim != null)
claim = new ClaimBuilder(sourceClaim);
}
if(claim == null)
continue;
if(mapping.Destination != null)
claim.Type = mapping.Destination;
claims.Add(claim);
}
await base.DecorateAsync(authenticateResult, authenticationScheme, claims, properties).ConfigureAwait(false);
}
protected internal virtual void BuildClaims(X509Certificate2 certificate, IClaimBuilderCollection claimsBuilder)
{
if (certificate == null)
{
throw new ArgumentNullException(nameof(certificate));
}
if (claimsBuilder == null)
{
throw new ArgumentNullException(nameof(claimsBuilder));
}
claimsBuilder.Add(ClaimTypes.Dns, certificate.GetNameInfo(X509NameType.DnsName, false));
claimsBuilder.Add(ClaimTypes.Email, certificate.GetNameInfo(X509NameType.EmailName, false));
claimsBuilder.Add("issuer", certificate.Issuer);
claimsBuilder.Add(ClaimTypes.Name, certificate.GetNameInfo(X509NameType.SimpleName, false));
claimsBuilder.Add(ClaimTypes.NameIdentifier, certificate.Thumbprint, ClaimValueTypes.Base64Binary);
claimsBuilder.Add(ClaimTypes.SerialNumber, certificate.SerialNumber);
claimsBuilder.Add(ClaimTypes.Thumbprint, certificate.Thumbprint, ClaimValueTypes.Base64Binary);
claimsBuilder.Add(ClaimTypes.Upn, certificate.GetNameInfo(X509NameType.UpnName, false));
claimsBuilder.Add(ClaimTypes.Uri, certificate.GetNameInfo(X509NameType.UrlName, false));
claimsBuilder.Add(ClaimTypes.X500DistinguishedName, certificate.SubjectName.Name);
}
public static void Add(this IClaimBuilderCollection claimBuilderCollection, string issuer, string originalIssuer, string type, string value, string valueType)
{
if (claimBuilderCollection == null)
{
throw new ArgumentNullException(nameof(claimBuilderCollection));
}
var claimBuilder = claimBuilderCollection.CreateItem();
claimBuilder.Issuer = issuer;
claimBuilder.OriginalIssuer = originalIssuer;
claimBuilder.Type = type;
claimBuilder.Value = value;
claimBuilder.ValueType = valueType;
claimBuilderCollection.Add(claimBuilder);
}
public override async Task DecorateAsync(AuthenticateResult authenticateResult, string authenticationScheme, IClaimBuilderCollection claims, AuthenticationProperties properties)
{
try
{
if (authenticateResult == null)
{
throw new ArgumentNullException(nameof(authenticateResult));
}
if (authenticateResult.Principal == null)
{
throw new ArgumentException("The principal-property of the authenticate-result can not be null.", nameof(authenticateResult));
}
if (!(authenticateResult.Principal is WindowsPrincipal))
{
throw new ArgumentException("The principal is not a windows-principal.", nameof(authenticateResult));
}
await base.DecorateAsync(authenticateResult, authenticationScheme, claims, properties).ConfigureAwait(false);
if (this.AuthenticationOptions.Value.Windows.IncludeRoleClaims)
{
if (!(authenticateResult.Principal.Identity is WindowsIdentity windowsIdentity))
{
this.Logger.LogWarningIfEnabled("The principal-identity is not a windows-identity. Roles will not be added as claims.");
return;
}
// ReSharper disable All
foreach (var role in windowsIdentity.Groups.Translate(typeof(NTAccount)).Cast <NTAccount>().Select(ntAccount => ntAccount.Value).OrderBy(value => value))
{
claims.Add(authenticationScheme, ClaimTypes.Role, role, ClaimValueTypes.String);
}
// ReSharper restore All
}
}
catch (Exception exception)
{
const string message = "Could not decorate windows-authentication.";
this.Logger.LogErrorIfEnabled(exception, message);
throw new InvalidOperationException(message, exception);
}
}
public static void Add(this IClaimBuilderCollection claimBuilderCollection, string type, string value)
{
claimBuilderCollection.Add(type, value, null);
}
public static void Add(this IClaimBuilderCollection claimBuilderCollection, string issuer, string type, string value, string valueType)
{
claimBuilderCollection.Add(issuer, null, type, value, valueType);
}
