/// <summary> /// Create an authorization context /// </summary> public IClaimsPrincipal CreateClaimsPrincipal(IEnumerable <IClaimsIdentity> otherIdentities = null) { if (!this.IsAuthenticated) { throw new SecurityException("Principal is not authenticated"); } try { // System claims List <IClaim> claims = new List <IClaim>( ) { new SanteDBClaim(SanteDBClaimTypes.AuthenticationMethod, this.m_authenticationType ?? "LOCAL"), new SanteDBClaim(SanteDBClaimTypes.Sid, this.m_securityUser.Key.ToString()), new SanteDBClaim(SanteDBClaimTypes.NameIdentifier, this.m_securityUser.Key.ToString()), new SanteDBClaim(SanteDBClaimTypes.Actor, this.m_securityUser.UserClass.ToString()), }; if (!this.Claims.Any(o => o.Type == SanteDBClaimTypes.Name)) { claims.Add(new SanteDBClaim(SanteDBClaimTypes.Name, this.m_securityUser.UserName)); } if (!this.Claims.Any(o => o.Type == SanteDBClaimTypes.DefaultRoleClaimType)) { claims.AddRange(this.m_roles.Select(r => new SanteDBClaim(SanteDBClaimTypes.DefaultRoleClaimType, r.Name))); } if (this.m_securityUser.PasswordExpiration.HasValue && this.m_securityUser.PasswordExpiration < DateTime.Now) { claims.Add(new SanteDBClaim(SanteDBClaimTypes.PurposeOfUse, PurposeOfUseKeys.SecurityAdmin.ToString())); claims.Add(new SanteDBClaim(SanteDBClaimTypes.SanteDBScopeClaim, PermissionPolicyIdentifiers.LoginPasswordOnly)); claims.Add(new SanteDBClaim(SanteDBClaimTypes.SanteDBScopeClaim, PermissionPolicyIdentifiers.ReadMetadata)); } if (this.m_securityUser.Email != null) { claims.Add(new SanteDBClaim(SanteDBClaimTypes.Email, this.m_securityUser.Email)); } if (this.m_securityUser.PhoneNumber != null) { claims.Add(new SanteDBClaim(SanteDBClaimTypes.Telephone, this.m_securityUser.PhoneNumber)); } this.AddClaims(claims); var identities = new IClaimsIdentity[] { this }; if (otherIdentities != null) { identities = identities.Union(otherIdentities).ToArray(); } // TODO: Demographic data for the user var retVal = new SanteDBClaimsPrincipal( identities ); s_traceSource.TraceInfo("Created security principal from identity {0} > {1}", this, AdoClaimsIdentity.PrincipalToString(retVal)); return(retVal); } catch (Exception e) { s_traceSource.TraceEvent(EventLevel.Error, e.ToString()); throw new Exception("Creating principal from identity failed", e); } }