|
public AddIdentities ( IEnumerable |
||
| identities | IEnumerable |
Enumeration of ClaimsIdentities to add. |
| return | void | |
/// <summary>
/// Add all ClaimsIdenities from an additional ClaimPrincipal to the ClaimsPrincipal
/// Merges a new claims principal, placing all new identities first, and eliminating
/// any empty unauthenticated identities from context.User
/// </summary>
/// <param name="identity"></param>
public static void AddUserPrincipal([NotNull] HttpContext context, [NotNull] ClaimsPrincipal principal)
{
var newPrincipal = new ClaimsPrincipal();
// New principal identities go first
newPrincipal.AddIdentities(principal.Identities);
// Then add any existing non empty or authenticated identities
var existingPrincipal = context.User;
if (existingPrincipal != null)
{
newPrincipal.AddIdentities(existingPrincipal.Identities.Where(i => i.IsAuthenticated || i.Claims.Count() > 0));
}
context.User = newPrincipal;
}
/// <summary>
/// Add all ClaimsIdentities from an additional ClaimPrincipal to the ClaimsPrincipal
/// Merges a new claims principal, placing all new identities first, and eliminating
/// any empty unauthenticated identities from context.User
/// </summary>
/// <param name="identity"></param>
public static ClaimsPrincipal MergeUserPrincipal(ClaimsPrincipal existingPrincipal, ClaimsPrincipal additionalPrincipal)
{
var newPrincipal = new ClaimsPrincipal();
// New principal identities go first
if (additionalPrincipal != null)
{
newPrincipal.AddIdentities(additionalPrincipal.Identities);
}
// Then add any existing non empty or authenticated identities
if (existingPrincipal != null)
{
newPrincipal.AddIdentities(existingPrincipal.Identities.Where(i => i.IsAuthenticated || i.Claims.Any()));
}
return newPrincipal;
}
/// <inheritdoc />
public virtual async Task OnAuthorizationAsync([NotNull] AuthorizationContext context)
{
// Build a ClaimsPrincipal with the Policy's required authentication types
if (Policy.ActiveAuthenticationSchemes != null && Policy.ActiveAuthenticationSchemes.Any())
{
var newPrincipal = new ClaimsPrincipal();
foreach (var scheme in Policy.ActiveAuthenticationSchemes)
{
var result = (await context.HttpContext.Authentication.AuthenticateAsync(scheme))?.Principal;
if (result != null)
{
newPrincipal.AddIdentities(result.Identities);
}
}
// If all schemes failed authentication, provide a default identity anyways
if (newPrincipal.Identity == null)
{
newPrincipal.AddIdentity(new ClaimsIdentity());
}
context.HttpContext.User = newPrincipal;
}
// Allow Anonymous skips all authorization
if (context.Filters.Any(item => item is IAllowAnonymous))
{
return;
}
var httpContext = context.HttpContext;
var authService = httpContext.RequestServices.GetRequiredService<IAuthorizationService>();
// Note: Default Anonymous User is new ClaimsPrincipal(new ClaimsIdentity())
if (httpContext.User == null ||
!httpContext.User.Identities.Any(i => i.IsAuthenticated) ||
!await authService.AuthorizeAsync(httpContext.User, context, Policy))
{
context.Result = new ChallengeResult(Policy.ActiveAuthenticationSchemes.ToArray());
}
}
private static async Task<AuthorizationCode> Version1(
BsonDocument doc,
IClientStore clientStore,
IScopeStore scopeStore)
{
var code = new AuthorizationCode();
code.CreationTime = doc.GetValueOrDefault("creationTime", code.CreationTime);
code.IsOpenId = doc.GetValueOrDefault("isOpenId", code.IsOpenId);
code.RedirectUri = doc.GetValueOrDefault("redirectUri", code.RedirectUri);
code.WasConsentShown = doc.GetValueOrDefault("wasConsentShown", code.WasConsentShown);
code.Nonce = doc.GetValueOrDefault("nonce", code.Nonce);
var claimsPrincipal = new ClaimsPrincipal();
IEnumerable<ClaimsIdentity> identities = doc.GetValueOrDefault("subject", sub =>
{
string authenticationType = sub.GetValueOrDefault("authenticationType", (string)null);
var claims = sub.GetNestedValueOrDefault("claimSet", ClaimSetSerializer.Deserialize, new Claim[] { });
ClaimsIdentity identity = authenticationType == null
? new ClaimsIdentity(claims)
: new ClaimsIdentity(claims, authenticationType);
return identity;
}, new ClaimsIdentity[] { });
claimsPrincipal.AddIdentities(identities);
code.Subject = claimsPrincipal;
var clientId = doc["_clientId"].AsString;
code.Client = await clientStore.FindClientByIdAsync(clientId);
if (code.Client == null)
{
throw new InvalidOperationException("Client not found when deserializing authorization code. Client id: " + clientId);
}
var scopes = doc.GetValueOrDefault(
"requestedScopes",
(IEnumerable<string>)new string[] { }).ToArray();
code.RequestedScopes = await scopeStore.FindScopesAsync(scopes);
if (scopes.Count() > code.RequestedScopes.Count())
{
throw new InvalidOperationException("Scopes not found when deserializing authorization code. Scopes: " + string.Join(", ",scopes.Except(code.RequestedScopes.Select(x=>x.Name))));
}
return code;
}
