public override async Task <ClaimsPrincipal> CreateAsync(TUser user) { if (user == null) { throw new ArgumentNullException("user"); } var userId = await UserManager.GetUserIdAsync(user); var userName = await UserManager.GetUserNameAsync(user); var profile = _userProfileService.GetProfileByUserId(userId); var id = new ClaimsIdentity( options.Cookies.ApplicationCookie.AuthenticationScheme, Options.ClaimsIdentity.UserNameClaimType, Options.ClaimsIdentity.RoleClaimType ); id.AddClaim(new Claim(Options.ClaimsIdentity.UserIdClaimType, userId)); id.AddClaim(new Claim(Options.ClaimsIdentity.UserNameClaimType, userName)); if (UserManager.SupportsUserSecurityStamp) { id.AddClaim(new Claim(Options.ClaimsIdentity.SecurityStampClaimType, await UserManager.GetSecurityStampAsync(user))); } if (UserManager.SupportsUserRole) { var roles = await _claimsRepository.GetRolesAsync(user); // UserManager.GetRolesAsync(user); foreach (var roleName in roles) { id.AddClaim(new Claim(Options.ClaimsIdentity.RoleClaimType, roleName)); } } ClaimsPrincipal principal = new ClaimsPrincipal(id); if (principal.Identity is ClaimsIdentity) { ClaimsIdentity identity = (ClaimsIdentity)principal.Identity; if (profile != null) { Claim displayNameClaim = new Claim("DisplayName", profile.FullName.AsFirstNameLastName); if (!identity.HasClaim(displayNameClaim.Type, displayNameClaim.Value)) { identity.AddClaim(displayNameClaim); } } Claim emailClaim = new Claim(ClaimTypes.Email, user.Email); if (!identity.HasClaim(emailClaim.Type, emailClaim.Value)) { identity.AddClaim(emailClaim); } if (_usersService.IsUserInRole(user.Id, _usersService.AdminRoleId)) { ClaimsLogic.AddSystemAdminClaims(id, userName, user.Id, "System Admin"); } else if (_usersService.IsUserInRole(user.Id, _usersService.AffiliateRoleId)) { ClaimsLogic.AddAffiliteClaims(id, userName, user.Id, profile.FullName.AsFirstNameLastName); } else { var department = _departmentsService.GetDepartmentForUser(userName); if (department == null) { return(null); } var group = _departmentGroupsService.GetGroupForUser(user.Id, department.DepartmentId); var departmentAdmin = department.IsUserAnAdmin(user.Id); var permissions = _permissionsService.GetAllPermissionsForDepartment(department.DepartmentId); var roles = _personnelRolesService.GetRolesForUser(user.Id, department.DepartmentId); ClaimsLogic.AddDepartmentClaim(id, department.DepartmentId, departmentAdmin); //ClaimsLogic.DepartmentName = department.Name; DateTime signupDate; if (department.CreatedOn.HasValue) { signupDate = department.CreatedOn.Value; } else { signupDate = DateTime.UtcNow; } //ClaimsLogic.DepartmentId = department.DepartmentId; var name = user.UserName; if (profile != null && !String.IsNullOrWhiteSpace(profile.LastName)) { name = profile.FullName.AsFirstNameLastName; } ClaimsLogic.AddGeneralClaims(id, userName, user.Id, name, department.DepartmentId, department.Name, user.Email, signupDate); bool isGroupAdmin = false; if (group != null) { isGroupAdmin = group.IsUserGroupAdmin(user.Id); } if (departmentAdmin) { var groups = _departmentGroupsService.GetAllGroupsForDepartment(department.DepartmentId); if (groups != null) { foreach (var departmentGroup in groups) { ClaimsLogic.AddGroupClaim(id, departmentGroup.DepartmentGroupId, true); } } } else { if (group != null) { ClaimsLogic.AddGroupClaim(id, group.DepartmentGroupId, isGroupAdmin); } } ClaimsLogic.AddCallClaims(id, departmentAdmin, permissions, isGroupAdmin, roles); ClaimsLogic.AddActionClaims(id); ClaimsLogic.AddLogClaims(id, departmentAdmin, permissions, isGroupAdmin, roles); ClaimsLogic.AddStaffingClaims(id); ClaimsLogic.AddPersonnelClaims(id, departmentAdmin, permissions, isGroupAdmin, roles); ClaimsLogic.AddUnitClaims(id, departmentAdmin); ClaimsLogic.AddUnitLogClaims(id); ClaimsLogic.AddMessageClaims(id, departmentAdmin, permissions, isGroupAdmin, roles); ClaimsLogic.AddRoleClaims(id, departmentAdmin); ClaimsLogic.AddProfileClaims(id); ClaimsLogic.AddReportsClaims(id); ClaimsLogic.AddGenericGroupClaims(id, departmentAdmin); ClaimsLogic.AddDocumentsClaims(id, departmentAdmin, permissions, isGroupAdmin, roles); ClaimsLogic.AddNotesClaims(id, departmentAdmin, permissions, isGroupAdmin, roles); ClaimsLogic.AddScheduleClaims(id, departmentAdmin, permissions, isGroupAdmin, roles); ClaimsLogic.AddShiftClaims(id, departmentAdmin, permissions, isGroupAdmin, roles); ClaimsLogic.AddTrainingClaims(id, departmentAdmin, permissions, isGroupAdmin, roles); ClaimsLogic.AddPIIClaims(id, departmentAdmin, permissions, isGroupAdmin, roles); ClaimsLogic.AddInventoryClaims(id, departmentAdmin, permissions, isGroupAdmin, roles); ClaimsLogic.AddConnectClaims(id, departmentAdmin); ClaimsLogic.AddCommandClaims(id, departmentAdmin); ClaimsLogic.AddProtocolClaims(id, departmentAdmin); } } return(principal); }
public async Task <ActionResult> ExternalLoginCallback(string returnUrl) { string userId = null; //to get userId var isEmailConfirmed = false; //to check if email is confirmed string userName = null; //to check if username exists in the database var loginInfo = await AuthenticationManager.GetExternalLoginInfoAsync(); if (loginInfo == null) { return(RedirectToAction("Login")); } var userProviderKey = loginInfo.Login.ProviderKey; userId = _readUser.GetUserIdByProviderKey(userProviderKey); //get userId if (!String.IsNullOrEmpty(userId)) { //check if email is confirmed isEmailConfirmed = _readUser.IsUserEmailConfirmed(userId); //get username userName = _readUser.GetUserNameById(userId); } //if email hasn't been confirmed yet, don't allow members //to log in. if (!isEmailConfirmed && !String.IsNullOrEmpty(userName)) { //return RedirectToAction("EmailConfirmationFailed", "Account"); return(RedirectToAction("EmailActivationFail", new { userId = userId })); } else { // Sign in the user with this external login provider if the user already has a login var result = await SignInManager.ExternalSignInAsync(loginInfo, isPersistent : false); switch (result) { case SignInStatus.Success: return(RedirectToLocal(returnUrl)); case SignInStatus.LockedOut: return(View("Lockout")); case SignInStatus.RequiresVerification: return(RedirectToAction("SendCode", new { ReturnUrl = returnUrl, RememberMe = false })); case SignInStatus.Failure: default: // If the user does not have an account, then prompt the user to create an account ViewBag.ReturnUrl = returnUrl; ViewBag.LoginProvider = loginInfo.Login.LoginProvider; var email = loginInfo.Email; var firstName = ""; var lastName = ""; var providerInfo = loginInfo.Login.LoginProvider; if (loginInfo.Login.LoginProvider == "Google" || loginInfo.Login.LoginProvider == "Facebook" || loginInfo.Login.LoginProvider == "LinkedIn") { var externalIdentity = AuthenticationManager.GetExternalIdentityAsync(DefaultAuthenticationTypes.ExternalCookie); var emailClaim = externalIdentity.Result.Claims.FirstOrDefault(c => c.Type == ClaimTypes.Email); var nameClaim = externalIdentity.Result.Claims.FirstOrDefault(c => c.Type == ClaimTypes.Name); if (emailClaim != null) { email = emailClaim.Value; } if (nameClaim != null) { var name = nameClaim.Value; var claimsLogic = new ClaimsLogic(); claimsLogic.SeparateNameToFirstNameAndLastName(ref name, out firstName, out lastName); } } //else if (loginInfo.Login.LoginProvider == "Facebook") //{ // var externalIdentity = AuthenticationManager.GetExternalIdentityAsync(DefaultAuthenticationTypes.ExternalCookie); // var emailClaim = externalIdentity.Result.Claims.FirstOrDefault(c => c.Type == ClaimTypes.Email); // var nameClaim = externalIdentity.Result.Claims.FirstOrDefault(c => c.Type == ClaimTypes.Name); // if (emailClaim != null) // email = emailClaim.Value; // if (nameClaim != null) // { // var name = nameClaim.Value; // var claimsLogic = new ClaimsLogic(); // claimsLogic.SeparateNameToFirstNameAndLastName(ref name, out firstName, out lastName); // } //} //else if (loginInfo.Login.LoginProvider == "Linkedin") //{ //} var viewModel = new ExternalLoginConfirmationViewModel() { Email = email, FirstName = firstName, LastName = lastName, LoginProviderInfo = providerInfo }; return(View("ExternalLoginConfirmation", viewModel)); //return View("ExternalLoginConfirmation", new ExternalLoginConfirmationViewModel { Email = loginInfo.Email }); } } }