private static string GetDomainUsername(WindowsPrincipal principal)
{
var nameClaim = principal.FindFirst(ClaimTypes.Name);
var domainUsername = nameClaim.Value.ToLowerInvariant();
// Something like domain\username
return(domainUsername);
}
public static ClaimsIdentity Create(WindowsPrincipal principal, WindowsAuthenticationOptions options)
{
var claims = new List <Claim>();
string sub = null;
if (options.SubjectType == SubjectType.WindowsAccountName)
{
Logger.Debug("Using WindowsAccountName as subject");
sub = principal.Identity.Name;
}
else if (options.SubjectType == SubjectType.Sid)
{
Logger.Debug("Using primary SID as subject");
sub = principal.FindFirst(ClaimTypes.PrimarySid).Value;
}
claims.Add(new Claim("sub", sub));
if (options.EmitWindowsAccountNameAsName)
{
Logger.Debug("Emitting WindowsAccountName as name claim");
claims.Add(new Claim("name", principal.Identity.Name));
}
if (options.EmitGroups)
{
Logger.Debug("Using Windows groups as role claims");
claims.AddRange(CreateGroupClaims(principal));
}
claims.Add(new Claim(ClaimTypes.AuthenticationMethod, AuthenticationMethods.Windows));
claims.Add(AuthenticationInstantClaim.Now);
return(new ClaimsIdentity(claims, "Windows"));
}