public async Task Invoke(IDictionary<string, object> env) { object value; if (env.TryGetValue("server.User", out value)) { var windowsPrincipal = value as WindowsPrincipal; if (windowsPrincipal != null && windowsPrincipal.Identity.IsAuthenticated) { await _next(env); var request = new OwinRequest(env); var response = new OwinResponse(env); if (response.StatusCode == 401) { // We're going no add the identifier claim var nameClaim = windowsPrincipal.FindFirst(ClaimTypes.Name); // This is the domain name string name = nameClaim.Value; // If the name is something like DOMAIN\username then // grab the name part var parts = name.Split(new[] { '\\' }, 2); string shortName = parts.Length == 1 ? parts[0] : parts[parts.Length - 1]; // REVIEW: Do we want to preserve the other claims? // Normalize the claims here var claims = new List<Claim>(); claims.Add(new Claim(ClaimTypes.NameIdentifier, name)); claims.Add(new Claim(ClaimTypes.Name, shortName)); claims.Add(new Claim(ClaimTypes.AuthenticationMethod, "Windows")); var identity = new ClaimsIdentity(claims, Constants.JabbRAuthType); var claimsPrincipal = new ClaimsPrincipal(identity); response.SignIn(claimsPrincipal); response.StatusCode = 302; response.SetHeader("Location", request.PathBase + request.Path); } return; } } await _next(env); }