Exemple #1
0
        private async Task <List <Claim> > GetIssueClaimsAsync(long userId, IReadOnlyCollection <string> requestedClaimTypes)
        {
            UserWithRole user = await _identityServer.UserOrFailAsync(userId);

            var principal = await _claimsFactory.CreateAsync(user.User);

            List <Claim> claims = principal
                                  .Claims
                                  .Where(claim => requestedClaimTypes.Contains(claim.Type))
                                  .ToList();

            return(AddClaims(claims, user));
        }
Exemple #2
0
        private List <Claim> AddClaims(List <Claim> claims, UserWithRole user)
        {
            claims.Add(new Claim(ClaimTypes.NameIdentifier, user.User.Id.ToString()));

            claims.Add(new Claim(JwtClaimTypes.GivenName, user.User.FirstName));
            claims.Add(new Claim(JwtClaimTypes.FamilyName, user.User.LastName));
            claims.Add(new Claim(JwtClaimTypes.Email, user.User.Email));
            claims.Add(new Claim(type: JwtClaimTypes.NickName, value: user.User.UserName));

            claims.Add(new Claim(ClaimTypes.Email, user.User.Email));
            claims.Add(new Claim(IdentityServerConstants.StandardScopes.Email, user.User.Email));

            claims.Add(new Claim(CustomClaimTypes.FirstName, user.User.FirstName));
            claims.Add(new Claim(CustomClaimTypes.LastName, user.User.LastName));
            claims.Add(new Claim(CustomClaimTypes.Username, user.User.UserName));

            claims.Add(new Claim(ClaimTypes.GivenName, user.User.FirstName));
            claims.Add(new Claim(ClaimTypes.Surname, user.User.LastName));

            // note: to dynamically add roles (ie. for users other than consumers - simply look them up by sub id
            // need this for role-based authorization
            // https://stackoverflow.com/questions/40844310/role-based-authorization-with-identityserver4
            claims.Add(new Claim(type: ClaimTypes.Role, value: user.Role.ToString()));

            var loggedInAsAnotherUser = _httpContextAccessor.HttpContext.Session.GetInt32(CustomClaimTypes.LoggedInAsAnotherPerson);

            if (loggedInAsAnotherUser != null)
            {
                claims.Add(new Claim(CustomClaimTypes.EmailConfirmed, false.ToString(), ClaimValueTypes.Boolean));
                claims.Add(new Claim(CustomClaimTypes.LoggedInAsAnotherPerson, true.ToString(), ClaimValueTypes.Boolean));
                _httpContextAccessor.HttpContext.Session.Remove(CustomClaimTypes.LoggedInAsAnotherPerson);
            }
            else
            {
                claims.Add(new Claim(CustomClaimTypes.EmailConfirmed, true.ToString(), ClaimValueTypes.Boolean));
            }

            return(claims);
        }