/// <summary> /// Invoked whenever WeChat succesfully authenticates a user /// </summary> /// <param name="context">Contains information about the login session as well as the user <see cref="System.Security.Claims.ClaimsIdentity"/>.</param> /// <returns>A <see cref="Task"/> representing the completed operation.</returns> public virtual Task Authenticated(WeChatAuthenticatedContext context) { return(OnAuthenticated(context)); }
protected override async Task <AuthenticationTicket> AuthenticateCoreAsync() { AuthenticationProperties properties = null; try { #region code + token string code = null; string state = null; IReadableStringCollection query = Request.Query; IList <string> values = query.GetValues("code"); if (values != null && values.Count == 1) { code = values[0]; } values = query.GetValues("state"); if (values != null && values.Count == 1) { var stateKey = values[0]; //load state state = StateKeeper.Pop(stateKey); } properties = Options.StateDataFormat.Unprotect(state); if (properties == null) { return(null); } // OAuth2 10.12 CSRF if (!ValidateCorrelationId(properties, _logger)) { return(new AuthenticationTicket(null, properties)); } if (code == null) { // Null if the remote server returns an error. return(new AuthenticationTicket(null, properties)); } var tokenResult = OAuthApi.GetAccessToken(Uri.EscapeDataString(Options.AppId), Uri.EscapeDataString(Options.AppSecret), Uri.EscapeDataString(code)); if (tokenResult == null || string.IsNullOrEmpty(tokenResult.access_token)) { _logger.WriteWarning("Access token was not found"); return(new AuthenticationTicket(null, properties)); } #endregion #region pull user info UserInfoJson userInfo = null; OAuthUserInfo oauthUserInfo = null; WeChatAuthenticatedContext context; if (Options.ScopeType == ScopeTypes.UserInfo) { oauthUserInfo = OAuthApi.GetUserInfo(Options.AppId, tokenResult.openid, Senparc.Weixin.Language.zh_CN); } else if (Options.IsLoadUserInfo || Options.UseUnionIdAsIdentity) { userInfo = UserApi.Info(Options.AppId, tokenResult.openid); } context = new WeChatAuthenticatedContext(Context, userInfo, oauthUserInfo, tokenResult.access_token, tokenResult.expires_in); context.Identity = new ClaimsIdentity(Options.AuthenticationType, ClaimsIdentity.DefaultNameClaimType, ClaimsIdentity.DefaultRoleClaimType); //identify by unionid or openid if (Options.UseUnionIdAsIdentity) { //union id context.Identity.AddClaim(new Claim(ClaimTypes.NameIdentifier, userInfo?.unionid ?? oauthUserInfo?.unionid, ClaimValueTypes.String, Options.AuthenticationType)); } else { //open id context.Identity.AddClaim(new Claim(ClaimTypes.NameIdentifier, tokenResult.openid, ClaimValueTypes.String, Options.AuthenticationType)); } //open id context.Identity.AddClaim(new Claim(WeChatClaimTypes.OpenId, tokenResult.openid, ClaimValueTypes.String, Options.AuthenticationType)); //union id if (!string.IsNullOrEmpty(userInfo?.unionid ?? oauthUserInfo?.unionid)) { context.Identity.AddClaim(new Claim(WeChatClaimTypes.UnionId, userInfo?.unionid ?? oauthUserInfo?.unionid, ClaimValueTypes.String, Options.AuthenticationType)); } //nickname if (!string.IsNullOrEmpty(userInfo?.nickname ?? oauthUserInfo?.nickname)) { context.Identity.AddClaim(new Claim(WeChatClaimTypes.NickName, userInfo?.nickname ?? oauthUserInfo?.nickname, ClaimValueTypes.String, Options.AuthenticationType)); } //city if (!string.IsNullOrEmpty(userInfo?.city ?? oauthUserInfo?.city)) { context.Identity.AddClaim(new Claim(WeChatClaimTypes.City, userInfo?.city ?? oauthUserInfo?.city, ClaimValueTypes.String, Options.AuthenticationType)); } //province if (!string.IsNullOrEmpty(userInfo?.province ?? oauthUserInfo?.province)) { context.Identity.AddClaim(new Claim(WeChatClaimTypes.Province, userInfo.province, ClaimValueTypes.String, Options.AuthenticationType)); } //country if (!string.IsNullOrEmpty(userInfo?.country ?? oauthUserInfo?.country)) { context.Identity.AddClaim(new Claim(WeChatClaimTypes.Country, userInfo?.country ?? oauthUserInfo?.country, ClaimValueTypes.String, Options.AuthenticationType)); } //headimage if (!string.IsNullOrEmpty(userInfo?.headimgurl ?? oauthUserInfo?.headimgurl)) { context.Identity.AddClaim(new Claim(WeChatClaimTypes.HeadImageUrl, userInfo?.headimgurl ?? oauthUserInfo?.headimgurl, ClaimValueTypes.String, Options.AuthenticationType)); } //sex if ((userInfo?.sex ?? 0) > 0) { context.Identity.AddClaim(new Claim(WeChatClaimTypes.Sex, userInfo.sex == 1 ? "M" : "F", ClaimValueTypes.String, Options.AuthenticationType)); } else if ((oauthUserInfo?.sex ?? 0) > 0) { context.Identity.AddClaim(new Claim(WeChatClaimTypes.Sex, oauthUserInfo.sex == 1 ? "M" : "F", ClaimValueTypes.String, Options.AuthenticationType)); } //privilege if (oauthUserInfo?.privilege != null && oauthUserInfo.privilege.Length > 0) { context.Identity.AddClaim(new Claim(WeChatClaimTypes.privilege, string.Join(",", oauthUserInfo.privilege), ClaimValueTypes.String, Options.AuthenticationType)); } //group if (userInfo?.groupid != null) { context.Identity.AddClaim(new Claim(WeChatClaimTypes.GroupId, userInfo.groupid.ToString(), ClaimValueTypes.Integer32, Options.AuthenticationType)); } //subscribed if (userInfo?.subscribe != null) { context.Identity.AddClaim(new Claim(WeChatClaimTypes.Subscribed, userInfo.subscribe == 0 ? "False" : "True", ClaimValueTypes.Boolean, Options.AuthenticationType)); if (userInfo.subscribe == 1) { //subscribed time if (userInfo?.subscribe_time != null) { context.Identity.AddClaim(new Claim(WeChatClaimTypes.SubscribedTime, DateTime.Now.AddMilliseconds(-userInfo.subscribe_time).ToString(), ClaimValueTypes.DateTime, Options.AuthenticationType)); } } } //loaded time context.Identity.AddClaim(new Claim(WeChatClaimTypes.LoadedTime, DateTime.Now.ToString(), ClaimValueTypes.DateTime, Options.AuthenticationType)); context.Properties = properties; #endregion await Options.Provider.Authenticated(context); return(new AuthenticationTicket(context.Identity, context.Properties)); } catch (Exception ex) { _logger.WriteError("Authentication failed", ex); return(new AuthenticationTicket(null, properties)); } }