/// <summary>
/// The user is authentication so save their information in the user mapping database
/// so they can be retrieved later for access via the voice interation system
/// </summary>
/// <returns></returns>
public async Task <IActionResult> Index()
{
var objectIdentifierClaim = User.Claims.FirstOrDefault(x => x.Type == "http://schemas.microsoft.com/identity/claims/objectidentifier");
var upnClaim = User.Claims.FirstOrDefault(x => x.Type == ClaimTypes.Upn);
var givenNameClaim = User.Claims.FirstOrDefault(x => x.Type == ClaimTypes.GivenName);
var surnameClaim = User.Claims.FirstOrDefault(x => x.Type == ClaimTypes.Surname);
var claims = new List <Claim>()
{
objectIdentifierClaim, upnClaim, givenNameClaim, surnameClaim
};
if (!claims.TrueForAll(x => x != null))
{
// TODO this is bad
// should reject this
// also - this code should not be acessible
}
else
{
var simpleClaim = new SimpleClaim()
{
ObjectIdentifier = objectIdentifierClaim.Value, UserPrincipalName = upnClaim.Value, GivenName = givenNameClaim.Value, Surname = surnameClaim.Value
};
await _persistantStorageService.UpdateClaim(simpleClaim);
}
return(View());
}
public void ToComplexEntity_WhenSimpleEntity_ExpectCorrectMap()
{
// Arrange
var claimMappers = new ClaimMappers();
var simpleEntity = new SimpleClaim
{
Type = "Type",
Issuer = "Issuer",
ValueType = "ValueType",
Properties = new Dictionary<string, string>(),
Value = "Value",
OriginalIssuer = "OriginalIssuer"
};
// Act
var stopwatch = Stopwatch.StartNew();
var complexEntity = claimMappers.ToComplexEntity(simpleEntity);
stopwatch.Stop();
// Assert
this.WriteTimeElapsed(stopwatch);
Assert.That(complexEntity, Is.Not.Null);
Assert.That(complexEntity.Type, Is.EqualTo("Type"));
Assert.That(complexEntity.Issuer, Is.EqualTo("Issuer"));
Assert.That(complexEntity.ValueType, Is.EqualTo("ValueType"));
Assert.That(complexEntity.Properties, Is.Not.Null);
Assert.That(complexEntity.Value, Is.EqualTo("Value"));
Assert.That(complexEntity.OriginalIssuer, Is.EqualTo("OriginalIssuer"));
}
public async Task UpdateClaim(SimpleClaim simpleClaim)
{
var dbClaim = await _context.SimpleClaims
.FirstOrDefaultAsync(_ => _.UserPrincipalName == simpleClaim.UserPrincipalName);
if (dbClaim == null)
{
dbClaim = new SimpleClaimDb
{
UserPrincipalName = simpleClaim.UserPrincipalName
};
await _context.AddAsync(dbClaim);
}
dbClaim.GivenName = simpleClaim.GivenName;
dbClaim.ObjectIdentifier = simpleClaim.ObjectIdentifier;
dbClaim.Surname = simpleClaim.Surname;
await _context.SaveChangesAsync();
}
public async Task TestSimpleClaims()
{
var service = await _getStorageService();
var sc = new SimpleClaim
{
GivenName = Guid.NewGuid().ToString(),
ObjectIdentifier = Guid.NewGuid().ToString(),
Surname = Guid.NewGuid().ToString(),
UserPrincipalName = Guid.NewGuid().ToString()
};
await service.UpdateClaim(sc);
var result1 = await service.GetSimpleClaimAsync(sc.UserPrincipalName);
Assert.AreEqual(result1.GivenName, sc.GivenName);
Assert.AreEqual(result1.ObjectIdentifier, sc.ObjectIdentifier);
Assert.AreEqual(result1.Surname, sc.Surname);
Assert.AreEqual(result1.UserPrincipalName, sc.UserPrincipalName);
var sc2 = new SimpleClaim
{
GivenName = Guid.NewGuid().ToString(),
ObjectIdentifier = Guid.NewGuid().ToString(),
Surname = Guid.NewGuid().ToString(),
UserPrincipalName = sc.UserPrincipalName
};
await service.UpdateClaim(sc2);
var result2 = await service.GetSimpleClaimAsync(sc2.UserPrincipalName);
Assert.AreEqual(result2.GivenName, sc2.GivenName);
Assert.AreEqual(result2.ObjectIdentifier, sc2.ObjectIdentifier);
Assert.AreEqual(result2.Surname, sc2.Surname);
Assert.AreEqual(result2.UserPrincipalName, sc2.UserPrincipalName);
}
//TODO: this is an example
private async Task <AuthenticationTicket> CreateTicketAsync(
OpenIdConnectRequest request,
AuthenticateResult authResult = null)
{
AuthenticationProperties properties = authResult.Properties;
var userId = authResult.Principal.Claims.FirstOrDefault(_ => _.Type == OpenIdConnectConstants.Claims.Subject)?.Value;
if (userId == null)
{
return(null);
}
// string userPrincipalName = _sessionStateService.Get<string>("UserPrincipalName");
SimpleClaim simpleClaim = new SimpleClaim()
{
ObjectIdentifier = userId,
UserPrincipalName = "SomeUPN",
GivenName = "Joe",
Surname = "Citizen"
};
// Create a new ClaimsPrincipal containing the claims that
// will be used to create an id_token, a token or a code.
//var principal = await _signInManager.CreateUserPrincipalAsync(user);
var identity = new ClaimsIdentity(
OpenIdConnectServerDefaults.AuthenticationScheme,
OpenIdConnectConstants.Claims.Name,
OpenIdConnectConstants.Claims.Role);
// Add a "sub" claim containing the user identifier, and attach
// the "access_token" destination to allow OpenIddict to store it
// in the access token, so it can be retrieved from your controllers.
identity.AddClaim(OpenIdConnectConstants.Claims.Subject, simpleClaim.ObjectIdentifier,
OpenIdConnectConstants.Destinations.IdentityToken);
identity.AddClaim(OpenIdConnectConstants.Claims.Name, simpleClaim.GivenName,
OpenIdConnectConstants.Destinations.IdentityToken);
identity.AddClaim(OpenIdConnectConstants.Claims.GivenName, simpleClaim.GivenName,
OpenIdConnectConstants.Destinations.IdentityToken);
identity.AddClaim(OpenIdConnectConstants.Claims.FamilyName, simpleClaim.Surname,
OpenIdConnectConstants.Destinations.IdentityToken);
identity.AddClaim(ClaimTypes.Upn, simpleClaim.UserPrincipalName,
OpenIdConnectConstants.Destinations.IdentityToken);
// ... add other claims, if necessary.
var principal = new ClaimsPrincipal(identity);
// Create a new authentication ticket holding the user identity.
var ticket = new AuthenticationTicket(principal, properties,
OpenIdConnectServerDefaults.AuthenticationScheme);
if (!request.IsAuthorizationCodeGrantType())
{
// Set the list of scopes granted to the client application.
// Note: the offline_access scope must be granted
// to allow OpenIddict to return a refresh token.
ticket.SetScopes(new[]
{
OpenIdConnectConstants.Scopes.OpenId,
OpenIdConnectConstants.Scopes.Email,
OpenIdConnectConstants.Scopes.Profile,
OpenIdConnectConstants.Scopes.OfflineAccess,
OpenIddictConstants.Scopes.Roles
}.Intersect(request.GetScopes()));
}
ticket.SetResources("resource_server");
// Note: by default, claims are NOT automatically included in the access and identity tokens.
// To allow OpenIddict to serialize them, you must attach them a destination, that specifies
// whether they should be included in access tokens, in identity tokens or in both.
foreach (var claim in ticket.Principal.Claims)
{
// Never include the security stamp in the access and identity tokens, as it's a secret value.
if (claim.Type == _identityOptions.Value.ClaimsIdentity.SecurityStampClaimType)
{
continue;
}
var destinations = new List <string>
{
OpenIdConnectConstants.Destinations.AccessToken
};
// Only add the iterated claim to the id_token if the corresponding scope was granted to the client application.
// The other claims will only be added to the access_token, which is encrypted when using the default format.
if ((claim.Type == OpenIdConnectConstants.Claims.Name && ticket.HasScope(OpenIdConnectConstants.Scopes.Profile)) ||
(claim.Type == OpenIdConnectConstants.Claims.Email && ticket.HasScope(OpenIdConnectConstants.Scopes.Email)) ||
(claim.Type == OpenIdConnectConstants.Claims.Role && ticket.HasScope(OpenIddictConstants.Claims.Roles)))
{
destinations.Add(OpenIdConnectConstants.Destinations.IdentityToken);
}
claim.SetDestinations(destinations);
}
return(ticket);
}
public void TestFixtureSetup()
{
var database = RedisHelpers.ConnectionMultiplexer.GetDatabase();
var claim1 = new SimpleClaim { Type = "Type1", Value = "Value1" };
var claim2 = new SimpleClaim { Type = "Type2", Value = "Value2" };
var client = new SimpleClient
{
Claims = new List<SimpleClaim> { claim1, claim2 },
DataBag = new Dictionary<string, object> { { "AppId", 12 } }
};
var token = new SimpleToken
{
Claims = new List<SimpleClaim> { claim1, claim2 },
Client = client,
Type = "Type",
CreationTime = new DateTimeOffset(new DateTime(2016, 1, 1)),
Version = 1,
Issuer = "Issuer",
Lifetime = 120,
Audience = "Audience"
};
var settings = new JsonSettingsFactory(new CustomMappersConfiguration { ClientMapper = CustomMapperFactory.CreateClientMapper<CustomClient>() }).Create();
var serialized = JsonConvert.SerializeObject(token, settings);
database.StringSet("DEFAULT_THS_Existing", serialized);
database.StringSet("DEFAULT_THS_Delete", serialized);
}
