public override async Task <ClaimsPrincipal> CreateAsync(TUser user)
{
if (user == null)
{
throw new ArgumentNullException("user");
}
var userId = await UserManager.GetUserIdAsync(user);
var userName = await UserManager.GetUserNameAsync(user);
var profile = _userProfileService.GetProfileByUserId(userId);
var id = new ClaimsIdentity(
options.Cookies.ApplicationCookie.AuthenticationScheme,
Options.ClaimsIdentity.UserNameClaimType,
Options.ClaimsIdentity.RoleClaimType
);
id.AddClaim(new Claim(Options.ClaimsIdentity.UserIdClaimType, userId));
id.AddClaim(new Claim(Options.ClaimsIdentity.UserNameClaimType, userName));
if (UserManager.SupportsUserSecurityStamp)
{
id.AddClaim(new Claim(Options.ClaimsIdentity.SecurityStampClaimType,
await UserManager.GetSecurityStampAsync(user)));
}
if (UserManager.SupportsUserRole)
{
var roles = await _claimsRepository.GetRolesAsync(user); // UserManager.GetRolesAsync(user);
foreach (var roleName in roles)
{
id.AddClaim(new Claim(Options.ClaimsIdentity.RoleClaimType, roleName));
}
}
ClaimsPrincipal principal = new ClaimsPrincipal(id);
if (principal.Identity is ClaimsIdentity)
{
ClaimsIdentity identity = (ClaimsIdentity)principal.Identity;
if (profile != null)
{
Claim displayNameClaim = new Claim("DisplayName", profile.FullName.AsFirstNameLastName);
if (!identity.HasClaim(displayNameClaim.Type, displayNameClaim.Value))
{
identity.AddClaim(displayNameClaim);
}
}
Claim emailClaim = new Claim(ClaimTypes.Email, user.Email);
if (!identity.HasClaim(emailClaim.Type, emailClaim.Value))
{
identity.AddClaim(emailClaim);
}
if (_usersService.IsUserInRole(user.Id, _usersService.AdminRoleId))
{
ClaimsLogic.AddSystemAdminClaims(id, userName, user.Id, "System Admin");
}
else if (_usersService.IsUserInRole(user.Id, _usersService.AffiliateRoleId))
{
ClaimsLogic.AddAffiliteClaims(id, userName,
user.Id, profile.FullName.AsFirstNameLastName);
}
else
{
var department = _departmentsService.GetDepartmentForUser(userName);
if (department == null)
{
return(null);
}
var group = _departmentGroupsService.GetGroupForUser(user.Id, department.DepartmentId);
var departmentAdmin = department.IsUserAnAdmin(user.Id);
var permissions = _permissionsService.GetAllPermissionsForDepartment(department.DepartmentId);
var roles = _personnelRolesService.GetRolesForUser(user.Id, department.DepartmentId);
ClaimsLogic.AddDepartmentClaim(id, department.DepartmentId,
departmentAdmin);
//ClaimsLogic.DepartmentName = department.Name;
DateTime signupDate;
if (department.CreatedOn.HasValue)
{
signupDate = department.CreatedOn.Value;
}
else
{
signupDate = DateTime.UtcNow;
}
//ClaimsLogic.DepartmentId = department.DepartmentId;
var name = user.UserName;
if (profile != null && !String.IsNullOrWhiteSpace(profile.LastName))
{
name = profile.FullName.AsFirstNameLastName;
}
ClaimsLogic.AddGeneralClaims(id, userName,
user.Id, name, department.DepartmentId, department.Name, user.Email,
signupDate);
bool isGroupAdmin = false;
if (group != null)
{
isGroupAdmin = group.IsUserGroupAdmin(user.Id);
}
if (departmentAdmin)
{
var groups = _departmentGroupsService.GetAllGroupsForDepartment(department.DepartmentId);
if (groups != null)
{
foreach (var departmentGroup in groups)
{
ClaimsLogic.AddGroupClaim(id, departmentGroup.DepartmentGroupId, true);
}
}
}
else
{
if (group != null)
{
ClaimsLogic.AddGroupClaim(id, group.DepartmentGroupId, isGroupAdmin);
}
}
ClaimsLogic.AddCallClaims(id, departmentAdmin, permissions, isGroupAdmin, roles);
ClaimsLogic.AddActionClaims(id);
ClaimsLogic.AddLogClaims(id, departmentAdmin, permissions, isGroupAdmin, roles);
ClaimsLogic.AddStaffingClaims(id);
ClaimsLogic.AddPersonnelClaims(id, departmentAdmin, permissions, isGroupAdmin, roles);
ClaimsLogic.AddUnitClaims(id, departmentAdmin);
ClaimsLogic.AddUnitLogClaims(id);
ClaimsLogic.AddMessageClaims(id, departmentAdmin, permissions, isGroupAdmin, roles);
ClaimsLogic.AddRoleClaims(id, departmentAdmin);
ClaimsLogic.AddProfileClaims(id);
ClaimsLogic.AddReportsClaims(id);
ClaimsLogic.AddGenericGroupClaims(id, departmentAdmin);
ClaimsLogic.AddDocumentsClaims(id, departmentAdmin, permissions, isGroupAdmin, roles);
ClaimsLogic.AddNotesClaims(id, departmentAdmin, permissions, isGroupAdmin, roles);
ClaimsLogic.AddScheduleClaims(id, departmentAdmin, permissions, isGroupAdmin, roles);
ClaimsLogic.AddShiftClaims(id, departmentAdmin, permissions, isGroupAdmin, roles);
ClaimsLogic.AddTrainingClaims(id, departmentAdmin, permissions, isGroupAdmin, roles);
ClaimsLogic.AddPIIClaims(id, departmentAdmin, permissions, isGroupAdmin, roles);
ClaimsLogic.AddInventoryClaims(id, departmentAdmin, permissions, isGroupAdmin, roles);
ClaimsLogic.AddConnectClaims(id, departmentAdmin);
ClaimsLogic.AddCommandClaims(id, departmentAdmin);
ClaimsLogic.AddProtocolClaims(id, departmentAdmin);
}
}
return(principal);
}
public async Task <ActionResult> ExternalLoginCallback(string returnUrl)
{
string userId = null; //to get userId
var isEmailConfirmed = false; //to check if email is confirmed
string userName = null; //to check if username exists in the database
var loginInfo = await AuthenticationManager.GetExternalLoginInfoAsync();
if (loginInfo == null)
{
return(RedirectToAction("Login"));
}
var userProviderKey = loginInfo.Login.ProviderKey;
userId = _readUser.GetUserIdByProviderKey(userProviderKey); //get userId
if (!String.IsNullOrEmpty(userId))
{
//check if email is confirmed
isEmailConfirmed = _readUser.IsUserEmailConfirmed(userId);
//get username
userName = _readUser.GetUserNameById(userId);
}
//if email hasn't been confirmed yet, don't allow members
//to log in.
if (!isEmailConfirmed && !String.IsNullOrEmpty(userName))
{
//return RedirectToAction("EmailConfirmationFailed", "Account");
return(RedirectToAction("EmailActivationFail", new { userId = userId }));
}
else
{
// Sign in the user with this external login provider if the user already has a login
var result = await SignInManager.ExternalSignInAsync(loginInfo, isPersistent : false);
switch (result)
{
case SignInStatus.Success:
return(RedirectToLocal(returnUrl));
case SignInStatus.LockedOut:
return(View("Lockout"));
case SignInStatus.RequiresVerification:
return(RedirectToAction("SendCode", new { ReturnUrl = returnUrl, RememberMe = false }));
case SignInStatus.Failure:
default:
// If the user does not have an account, then prompt the user to create an account
ViewBag.ReturnUrl = returnUrl;
ViewBag.LoginProvider = loginInfo.Login.LoginProvider;
var email = loginInfo.Email;
var firstName = "";
var lastName = "";
var providerInfo = loginInfo.Login.LoginProvider;
if (loginInfo.Login.LoginProvider == "Google" ||
loginInfo.Login.LoginProvider == "Facebook" ||
loginInfo.Login.LoginProvider == "LinkedIn")
{
var externalIdentity = AuthenticationManager.GetExternalIdentityAsync(DefaultAuthenticationTypes.ExternalCookie);
var emailClaim = externalIdentity.Result.Claims.FirstOrDefault(c => c.Type == ClaimTypes.Email);
var nameClaim = externalIdentity.Result.Claims.FirstOrDefault(c => c.Type == ClaimTypes.Name);
if (emailClaim != null)
{
email = emailClaim.Value;
}
if (nameClaim != null)
{
var name = nameClaim.Value;
var claimsLogic = new ClaimsLogic();
claimsLogic.SeparateNameToFirstNameAndLastName(ref name, out firstName, out lastName);
}
}
//else if (loginInfo.Login.LoginProvider == "Facebook")
//{
// var externalIdentity = AuthenticationManager.GetExternalIdentityAsync(DefaultAuthenticationTypes.ExternalCookie);
// var emailClaim = externalIdentity.Result.Claims.FirstOrDefault(c => c.Type == ClaimTypes.Email);
// var nameClaim = externalIdentity.Result.Claims.FirstOrDefault(c => c.Type == ClaimTypes.Name);
// if (emailClaim != null)
// email = emailClaim.Value;
// if (nameClaim != null)
// {
// var name = nameClaim.Value;
// var claimsLogic = new ClaimsLogic();
// claimsLogic.SeparateNameToFirstNameAndLastName(ref name, out firstName, out lastName);
// }
//}
//else if (loginInfo.Login.LoginProvider == "Linkedin")
//{
//}
var viewModel = new ExternalLoginConfirmationViewModel()
{
Email = email,
FirstName = firstName,
LastName = lastName,
LoginProviderInfo = providerInfo
};
return(View("ExternalLoginConfirmation", viewModel));
//return View("ExternalLoginConfirmation", new ExternalLoginConfirmationViewModel { Email = loginInfo.Email });
}
}
}
