public async Task <string> ImpersonateUserAsync(string userName, OAuthAuthorizationServerOptions serverAuthOptions, ClaimsPrincipal principal)
{
var originalUsername = principal.Claims.Any(c => c.Type == DataLayerConstants.ClaimUserImpersonation && c.Value == true.ToString()) ? principal.Claims.First(c => c.Type == DataLayerConstants.ClaimOriginalUsername).Value : principal.Identity.Name;
var impersonatedUser = await _userManager.FindByNameAsync(userName);
var impersonatedIdentity = await _userManager.CreateIdentityAsync(impersonatedUser, OAuthDefaults.AuthenticationType);
if (impersonatedUser.UserName != originalUsername)
{
if (impersonatedIdentity.Claims.Any(c => c.Type == DataLayerConstants.ClaimUserImpersonation && c.Value == true.ToString()))
{
var primarySidClaim = impersonatedIdentity.Claims.FirstOrDefault(c => c.Type == ClaimTypes.PrimarySid);
impersonatedIdentity.RemoveClaim(primarySidClaim);
impersonatedIdentity.AddClaim(new Claim(ClaimTypes.PrimarySid, string.Empty));
}
else
{
impersonatedIdentity.AddClaim(new Claim(DataLayerConstants.ClaimUserImpersonation, true.ToString()));
impersonatedIdentity.AddClaim(new Claim(DataLayerConstants.ClaimOriginalUsername, originalUsername));
impersonatedIdentity.AddClaim(new Claim(ClaimTypes.PrimarySid, string.Empty));
}
}
var ticket = new AuthenticationTicket(impersonatedIdentity, new AuthenticationProperties());
var currentUtc = new OwinDate.SystemClock().UtcNow;
ticket.Properties.IssuedUtc = currentUtc;
ticket.Properties.ExpiresUtc = currentUtc.Add(serverAuthOptions.AccessTokenExpireTimeSpan);
return(serverAuthOptions.AccessTokenFormat.Protect(ticket));
}