public bool Evaluate(EvaluationContext evaluationContext, ref object state)
{
// get the authenticated client identity
var client = GetClientIdentity(evaluationContext);
string tenantName;
string userName = client.Name;
if (userName.Contains("\\"))
{
var parts = userName.Split('\\');
tenantName = parts[0];
userName = parts[1];
}
else
{
throw new Exception("Cannot determine tenant and username.");
}
_oauth2AuthenticationSettings.Username = userName;
_oauth2AuthenticationSettings.TenantName = tenantName;
var accessTokenResponse = BearerTokenHelper.RetrieveBearTokenFromCache(_oauth2AuthenticationSettings);
var claims = ClaimsWebApiHelper.GetClaims(_oauth2AuthenticationSettings, accessTokenResponse.AccessToken);
((System.Security.Claims.ClaimsIdentity)client).AddClaims(claims);
// set the custom principal
evaluationContext.Properties["Principal"] = new GenericPrincipal(client, null);
return(true);
}
private static IEnumerable <Claim> GetClaimsForUser(string userName, string tenantName)
{
try
{
_oauth2AuthenticationSettings.Username = userName;
_oauth2AuthenticationSettings.TenantName = tenantName;
var accessTokenResponse = BearerTokenHelper.RetrieveBearTokenFromCache(_oauth2AuthenticationSettings);
var claims = ClaimsWebApiHelper.GetClaims(_oauth2AuthenticationSettings, accessTokenResponse.AccessToken);
return(claims);
}
catch (Exception ex)
{
_logger.WriteLogEntry(tenantName, null, MethodBase.GetCurrentMethod().Name + " " + ex.ToString() + " " + ex.Message, LogLevelType.Error, ex);
throw;
}
}
