public async Task <string> ImpersonateUserAsync(string userName, OAuthAuthorizationServerOptions serverAuthOptions, ClaimsPrincipal principal)
{
var originalUsername = principal.Claims.Any(c => c.Type == DataLayerConstants.ClaimUserImpersonation && c.Value == true.ToString()) ? principal.Claims.First(c => c.Type == DataLayerConstants.ClaimOriginalUsername).Value : principal.Identity.Name;
var impersonatedUser = await _userManager.FindByNameAsync(userName);
var impersonatedIdentity = await _userManager.CreateIdentityAsync(impersonatedUser, OAuthDefaults.AuthenticationType);
if (impersonatedUser.UserName != originalUsername)
{
if (impersonatedIdentity.Claims.Any(c => c.Type == DataLayerConstants.ClaimUserImpersonation && c.Value == true.ToString()))
{
var primarySidClaim = impersonatedIdentity.Claims.FirstOrDefault(c => c.Type == ClaimTypes.PrimarySid);
impersonatedIdentity.RemoveClaim(primarySidClaim);
impersonatedIdentity.AddClaim(new Claim(ClaimTypes.PrimarySid, string.Empty));
}
else
{
impersonatedIdentity.AddClaim(new Claim(DataLayerConstants.ClaimUserImpersonation, true.ToString()));
impersonatedIdentity.AddClaim(new Claim(DataLayerConstants.ClaimOriginalUsername, originalUsername));
impersonatedIdentity.AddClaim(new Claim(ClaimTypes.PrimarySid, string.Empty));
}
}
var ticket = new AuthenticationTicket(impersonatedIdentity, new AuthenticationProperties());
var currentUtc = new OwinDate.SystemClock().UtcNow;
ticket.Properties.IssuedUtc = currentUtc;
ticket.Properties.ExpiresUtc = currentUtc.Add(serverAuthOptions.AccessTokenExpireTimeSpan);
return(serverAuthOptions.AccessTokenFormat.Protect(ticket));
}
public async Task <IHttpActionResult> SignIn(LoginViewModel model)
{
if (!ModelState.IsValid)
{
return(BadRequest());
}
var user = await _userManager.FindAsync(model.UserName, model.Password);
if (user == null)
{
return(BadRequest());
}
Authentication.SignOut(DefaultAuthenticationTypes.ExternalCookie);
ClaimsIdentity oAuthIdentity = await _userManager.CreateIdentityAsync(user, OAuthDefaults.AuthenticationType);
ClaimsIdentity cookieIdentity = await _userManager.CreateIdentityAsync(user, CookieAuthenticationDefaults.AuthenticationType);
AuthenticationProperties properties = await CreateInitialRefreshToken(model.ClientId, user, oAuthIdentity);
properties.IsPersistent = model.IsPersistance;
Authentication.SignIn(properties, oAuthIdentity, cookieIdentity);
await _userManager.AddLoginAsync(user.Id, new UserLoginInfo(AuthenticationConstants.InternalLoginProvider, user.Id));
return(Ok());
}
public override Task <ClaimsIdentity> CreateUserIdentityAsync(ApplicationUser user)
{
return(_userManager.CreateIdentityAsync(user, OAuthDefaults.AuthenticationType));
}
