Beispiel #1
0
        private static string GetDomainUsername(WindowsPrincipal principal)
        {
            var nameClaim      = principal.FindFirst(ClaimTypes.Name);
            var domainUsername = nameClaim.Value.ToLowerInvariant();

            // Something like domain\username
            return(domainUsername);
        }
        public static ClaimsIdentity Create(WindowsPrincipal principal, WindowsAuthenticationOptions options)
        {
            var    claims = new List <Claim>();
            string sub    = null;

            if (options.SubjectType == SubjectType.WindowsAccountName)
            {
                Logger.Debug("Using WindowsAccountName as subject");

                sub = principal.Identity.Name;
            }
            else if (options.SubjectType == SubjectType.Sid)
            {
                Logger.Debug("Using primary SID as subject");

                sub = principal.FindFirst(ClaimTypes.PrimarySid).Value;
            }

            claims.Add(new Claim("sub", sub));

            if (options.EmitWindowsAccountNameAsName)
            {
                Logger.Debug("Emitting WindowsAccountName as name claim");

                claims.Add(new Claim("name", principal.Identity.Name));
            }

            if (options.EmitGroups)
            {
                Logger.Debug("Using Windows groups as role claims");

                claims.AddRange(CreateGroupClaims(principal));
            }

            claims.Add(new Claim(ClaimTypes.AuthenticationMethod, AuthenticationMethods.Windows));
            claims.Add(AuthenticationInstantClaim.Now);

            return(new ClaimsIdentity(claims, "Windows"));
        }