/// <summary>
/// Generate Token from user information
/// </summary>
/// <param name="Id">User id</param>
/// <param name="username">UserName</param>
/// <returns>TokenResponse</returns>
public TokenResponse GenerateUserToken(long Id, string username)
{
var now = DateTime.UtcNow;
var claims = new Claim[]
{
new Claim("id", Id.ToString()),
new Claim("name", username),
new Claim(JwtRegisteredClaimNames.Iat, ToUnixEpochDate(now).ToString(), ClaimValueTypes.Integer64)
};
// Create the JWT and write it to a string
var jwt = new JwtSecurityToken(
issuer: this.options.Issuer,
audience: this.options.Audience,
claims: claims,
notBefore: now,
expires: now.Add(this.options.Expiration),
signingCredentials: this.options.SigningCredentials ?? TokenProvider.DefaultSigningCredentials());
var encodedJwt = new JwtSecurityTokenHandler().WriteToken(jwt);
return new TokenResponse
{
access_token = encodedJwt,
expires_in = (ulong)this.options.Expiration.TotalSeconds
};
}
public void Should_remove_claim()
{
var user = TestData.GetTestUserJohn();
var claimToDelete = new Claim(ClaimTypes.Email, "*****@*****.**");
var task = _target.RemoveClaimAsync(user, claimToDelete);
task.Wait();
var db = Database.Open();
var claims = db.AspNetUserClaims.FindAllByUserId(TestData.John_UserId).ToList();
Assert.That(claims.Count, Is.EqualTo(1));
bool foundClaim=false;
foreach (var claim in claims)
{
if (claim.ClaimType == ClaimTypes.Email)
{
foundClaim = true;
}
}
Assert.That(foundClaim, Is.False);;
}
static void Main(string[] args)
{
// NOTE: The below is a sample of how we may construct a ClaimsPrincipal instance over two ClaimsIdentity instances:
// one for the tenant identity and the the other for the user idenetity. When a request come to the web server, we can determine the
// tenant's identity at the very early stages of the request lifecycle. Then, we can try to authenticate the user based on the
// information passed through the request headers (this could be bearer token, basic auth, etc.).
const string tenantId = "f35fe69d-7aef-4f1a-b645-0de4176cd441";
const string tenantName = "bigcompany";
IEnumerable<Claim> tenantClaims = new Claim[]
{
new Claim(ClaimTypes.NameIdentifier, tenantId, ClaimValueTypes.String, AuthServerName),
new Claim(ClaimTypes.Name, tenantName, ClaimValueTypes.String, AuthServerName)
};
const string userId = "d4903f71-ca06-4671-a3df-14f7e02a0008";
const string userName = "******";
const string twitterToken = "30807826f0d74ed29d69368ea5faee2638b0e931566b4e4092c1aca9b4db04fe";
const string facebookToken = "35037356a183470691504cd163ce2f835419978ed81c4b7781ae3bbefdea176a";
IEnumerable<Claim> userClaims = new Claim[]
{
new Claim(ClaimTypes.NameIdentifier, userId, ClaimValueTypes.String, AuthServerName),
new Claim(ClaimTypes.Name, userName, ClaimValueTypes.String, AuthServerName),
new Claim("token", twitterToken, ClaimValueTypes.String, AuthServerName, "Twitter"),
new Claim("token", facebookToken, ClaimValueTypes.String, AuthServerName, "Facebook")
};
ClaimsIdentity tenantIdentity = new ClaimsIdentity(tenantClaims, TenantAuthType, ClaimTypes.Name, ClaimTypes.Role);
ClaimsIdentity userIdentity = new ClaimsIdentity(userClaims, UserAuthType, ClaimTypes.Name, ClaimTypes.Role);
ClaimsPrincipal principal = new ClaimsPrincipal(new[] { tenantIdentity, userIdentity });
}
public static ClaimsPrincipal CreateWithUserId(long authorId)
{
var claim = new Claim(ToBeImplementedClaims.IdClaim, authorId.ToString());
var identity = new ClaimsIdentity(Enumerable.Repeat(claim, 1));
var claimsprincipal = new ClaimsPrincipal(identity);
return claimsprincipal;
}
public Task RemoveClaimAsync(IdentityUser user, System.Security.Claims.Claim claim)
{
if (user == null)
{
throw new ArgumentNullException("user");
}
if (claim == null)
{
throw new ArgumentNullException("claim");
}
var u = _unitOfWork.UserRepository.FindById(user.Id);
if (u == null)
{
throw new ArgumentException("IdentityUser does not correspond to a User entity.", "user");
}
var c = u.Claims.FirstOrDefault(x => x.ClaimType == claim.Type && x.ClaimValue == claim.Value);
u.Claims.Remove(c);
_unitOfWork.UserRepository.Update(u);
return(_unitOfWork.SaveChangesAsync());
}
private void Setup()
{
var myClaim = new Claim("http://myclaims/customer", "add");
var currentIdentity = new CorpIdentity("stevenh", myClaim);
var principal = new ClaimsPrincipal(currentIdentity);
Thread.CurrentPrincipal = principal;
}
public virtual Task<ClaimsIdentity> CreateAsync(User user, string authenticationType, IEnumerable<string> userRoles, IEnumerable<Claim> userClaims)
{
var claimsIdentity = new ClaimsIdentity(authenticationType, this.UserNameClaimType, this.RoleClaimType);
claimsIdentity.AddClaim(new Claim(this.UserIdClaimType, user.Id, DefaultClaimValueType));
claimsIdentity.AddClaim(new Claim(this.UserNameClaimType, user.UserName, DefaultClaimValueType));
claimsIdentity.AddClaim(new Claim(IdentityProviderClaimType, DefaultIdentityProviderClaimValue, DefaultClaimValueType));
// TODO: Support Security Stamp.
var claim = new Claim(this.SecurityStampClaimType, user.SecurityStamp);
claimsIdentity.AddClaim(claim);
// TODO: Support User Roles, Ensure Roles are loaded.
if (userRoles != null)
{
foreach (var userRole in userRoles)
{
claimsIdentity.AddClaim(new Claim(this.RoleClaimType, userRole, DefaultClaimValueType));
}
}
// TODO: Support User Claims.
if (userClaims != null)
{
foreach (var userClaim in userClaims)
{
claimsIdentity.AddClaim(userClaim);
}
}
return Task.FromResult(claimsIdentity);
}
private static Saml2NameIdentifier ProcessLogoutNameIdentifier(Claim claim)
{
var fields = DelimitedString.Split(claim.Value);
var saml2NameIdentifier = new Saml2NameIdentifier(fields[4]);
if (!string.IsNullOrEmpty(fields[0]))
{
saml2NameIdentifier.NameQualifier = fields[0];
}
if (!string.IsNullOrEmpty(fields[1]))
{
saml2NameIdentifier.SPNameQualifier = fields[1];
}
if (!string.IsNullOrEmpty(fields[2]))
{
saml2NameIdentifier.Format = new Uri(fields[2]);
}
if (!string.IsNullOrEmpty(fields[3]))
{
saml2NameIdentifier.SPProvidedId = fields[3];
}
return saml2NameIdentifier;
}
public override async Task GrantResourceOwnerCredentials(OAuthGrantResourceOwnerCredentialsContext context)
{
var userManager = context.OwinContext.GetUserManager<ApplicationUserManager>();
FarmerUser user = await userManager.FindAsync(context.UserName, context.Password);
if (user == null)
{
context.SetError("invalid_grant", "The user name or password is incorrect.");
return;
}
ClaimsIdentity oAuthIdentity = await user.GenerateUserIdentityAsync(userManager,
OAuthDefaults.AuthenticationType);
ClaimsIdentity cookiesIdentity = await user.GenerateUserIdentityAsync(userManager,
CookieAuthenticationDefaults.AuthenticationType);
var claim = new Claim(ClaimTypes.Role, "User");
oAuthIdentity.AddClaim(claim);
cookiesIdentity.AddClaim(claim);
if (user.Email.Equals("*****@*****.**"))
{
oAuthIdentity.AddClaim(new Claim(ClaimTypes.Role, "Admin"));
cookiesIdentity.AddClaim(new Claim(ClaimTypes.Role, "Admin"));
}
AuthenticationProperties properties = CreateProperties(user.UserName);
AuthenticationTicket ticket = new AuthenticationTicket(oAuthIdentity, properties);
context.Validated(ticket);
context.Request.Context.Authentication.SignIn(cookiesIdentity);
}
public Task AddClaimAsync(IdentityUser user, System.Security.Claims.Claim claim)
{
if (user == null)
{
throw new ArgumentNullException("user");
}
if (claim == null)
{
throw new ArgumentNullException("claim");
}
var u = _unitOfWork.UserRepository.FindById(user.Id);
if (u == null)
{
throw new ArgumentException("IdentityUser does not correspond to a User entity.", "user");
}
var c = new Domain.Entities.Claim
{
ClaimType = claim.Type,
ClaimValue = claim.Value,
User = u
};
u.Claims.Add(c);
_unitOfWork.UserRepository.Update(u);
return(_unitOfWork.SaveChangesAsync());
}
private async Task <IEnumerable <Account> > GetAccountsWithClaims(SecurityClaim claim, CancellationToken cancellationToken)
{
var foundClaim = await _claimService.GetClaim(claim.Type, cancellationToken);
if (foundClaim == null)
{
return(default);
public Task AddClaimAsync(IdentityUser user, System.Security.Claims.Claim claim)
{
if (user == null)
{
throw new ArgumentNullException("user");
}
if (claim == null)
{
throw new ArgumentNullException("claim");
}
var u = _repositoryUser.GetById(user.Id);
if (u == null)
{
throw new ArgumentException("IdentityUser does not correspond to a User entity.", "user");
}
var c = new Entities.Claim
{
ClaimType = claim.Type,
ClaimValue = claim.Value,
User = u
};
u.Claims.Add(c);
return(Task.Factory.StartNew(() => _repositoryUser.Update(u)));
}
public Task AddClaimAsync(IdentityUser user, System.Security.Claims.Claim claim)
{
if (user == null)
{
throw new ArgumentNullException("user");
}
if (claim == null)
{
throw new ArgumentNullException("claim");
}
User user1 = this._userRepository.FindById(user.Id, false);
if (user1 == null)
{
throw new ArgumentException("IdentityUser does not correspond to a User entity.", "user");
}
Domain.Entities.Account.Claim claim1 = new Domain.Entities.Account.Claim()
{
ClaimType = claim.Type,
ClaimValue = claim.Value,
User = user1
};
user1.Claims.Add(claim1);
this._userRepository.Update(user1);
return(this._unitOfWork.CommitAsync());
}
private static bool ClaimsAuthorizedClient(Claim claim, TokenValidationParameters tokenValidationParameters)
{
if (null == claim)
{
return false;
}
if (!TokenHandler.ClaimFromValidIssuer(claim, tokenValidationParameters))
{
return false;
}
if (!TokenHandler.ClaimsApplicationIdentifier(claim))
{
return false;
}
if (string.IsNullOrWhiteSpace(claim.Value))
{
return false;
}
bool result =
TokenHandler
.AuthorizedClientApplicationIdentifiers
.Value
.Any(
(string item) =>
string.Equals(item, claim.Value, StringComparison.OrdinalIgnoreCase));
return result;
}
public static ClaimsIdentity CreateIdentity(Data.User user)
{
var claimsIdentity = new ClaimsIdentity(DefaultAuthenticationTypes.ApplicationCookie, ClaimTypes.Name, ClaimTypes.Role);
claimsIdentity.AddClaim(new Claim(ClaimTypes.NameIdentifier, user.Id.ToString()));
claimsIdentity.AddClaim(new Claim(ClaimTypes.Email, user.EmailAddress));
claimsIdentity.AddClaim(new Claim(ClaimTypes.Name, user.UserName));
claimsIdentity.AddClaim(
new Claim("http://schemas.microsoft.com/accesscontrolservice/2010/07/claims/identityprovider",
"ASP.NET Identity",
"http://www.w3.org/2001/XMLSchema#string"));
if (user.IsAdmin)
{
var adminClaim = new Claim(ClaimTypes.Role, AdministratorRole); // , null, ClaimIssuerName);
claimsIdentity.AddClaim(adminClaim);
}
// Cannot assign null-value to new claim
if (null != user.Cultures)
{
claimsIdentity.AddClaim(new Claim(ClaimTypes.UserData, user.Cultures));
}
return claimsIdentity;
}
public async Task<IActionResult> ExternalCallback()
{
var externalId = await Context.Authentication.AuthenticateAsync("Temp");
// check external identity - e.g. to see if registration is required
// or to associate account with current login etc
// name identifier is the unique id of the user in the context of the external provider
var userId = externalId.FindFirst(ClaimTypes.NameIdentifier).Value;
var name = externalId.FindFirst(ClaimTypes.Name).Value;
var email = externalId.FindFirst(ClaimTypes.Email).Value;
// add some application claims from profile database
var role = new Claim("role", "PremiumUser");
var newId = new ClaimsIdentity("application", "name", "role");
newId.AddClaim(new Claim("name", name));
newId.AddClaim(new Claim("email", email));
newId.AddClaim(role);
// sign in user with main cookie
await Context.Authentication.SignInAsync("Cookies", new ClaimsPrincipal(newId));
// delete temp cookie
await Context.Authentication.SignOutAsync("Temp");
return Redirect("/home/secure");
}
public virtual Task AddClaimAsync(IdentityUser user, System.Security.Claims.Claim claim)
{
if (user == null)
{
throw new ArgumentNullException("user");
}
if (claim == null)
{
throw new ArgumentNullException("claim");
}
var userClaim = new IdentityUserClaim()
{
UserId = user.Id,
ClaimType = claim.ValueType,
ClaimValue = claim.Value
};
using (var db = _context.OpenDbConnection())
{
db.Insert(userClaim);
UpdateUser(user);
return(Task.FromResult(0));
}
}
public virtual Task RemoveClaimAsync(IdentityUser user, System.Security.Claims.Claim claim)
{
if (user == null)
{
throw new ArgumentNullException("user");
}
if (claim == null)
{
throw new ArgumentNullException("claim");
}
using (var db = _context.OpenDbConnection())
{
db.Delete <IdentityUserClaim>(c =>
c.UserId == user.Id &&
c.ClaimValue == claim.Value &&
c.ClaimType == claim.Type
);
UpdateUser(user);
return(Task.FromResult(0));
}
}
public string GetUserId()
{
var userEmail = "";
var identity = ClaimsPrincipal.Current.FindFirst("urn:facebook:name");
if (identity != null)
{
var accessToken = ClaimsPrincipal.Current.FindFirst("FacebookAccessToken").Value;
var fb = new FacebookClient(accessToken);
var myInfo = fb.Get <Controllers.FBUser>("/me?fields=email,first_name,last_name,gender");
userEmail = myInfo.email;
}
System.Security.Claims.Claim msftType = ClaimsPrincipal.Current.FindFirst("preferred_username");
if (msftType != null)
{
var accessToken = ClaimsPrincipal.Current.FindFirst("nonce").Value;
userEmail = ClaimsPrincipal.Current.FindFirst("preferred_username").Value;
}
System.Security.Claims.Claim AspNetType = ClaimsPrincipal.Current.FindFirst("http://schemas.microsoft.com/accesscontrolservice/2010/07/claims/identityprovider");
if (AspNetType != null && AspNetType.Value == "ASP.NET Identity")
{
var user_ = UserManager.FindById(ClaimsPrincipal.Current.FindFirst("http://schemas.xmlsoap.org/ws/2005/05/identity/claims/nameidentifier").Value);
return(user_?.Id ?? null);
//var accessToken = ClaimsPrincipal.Current.FindFirst("http://schemas.xmlsoap.org/ws/2005/05/identity/claims/nameidentifier").Value;
//userEmail = ClaimsPrincipal.Current.FindFirst("preferred_username").Value;
}
var user = UserManager.FindByEmail(userEmail);
return(user?.Id ?? null);
//ASP.NET Identity
}
private async Task<IEnumerable<Claim>> ValidateToken(string token)
{
HttpClient clientRequest = new HttpClient();
clientRequest.BaseAddress = new Uri("http://localhost:10100/");
clientRequest.DefaultRequestHeaders.Accept.Add(
new MediaTypeWithQualityHeaderValue("application/json"));
var response = clientRequest.PostAsJsonAsync("authorize/verify", token).Result;
if (!response.IsSuccessStatusCode)
{
return null;
}
var content = await response.Content.ReadAsStringAsync();
ValidateResult result = JsonConvert.DeserializeObject<ValidateResult>(content);
var claim = new Claim(result.Type, result.Value);
List<Claim> claims = new List<Claim>(1);
claims.Add(claim);
return claims;
}
public ClaimsPrincipal ValidateToken(string securityToken, TokenValidationParameters validationParameters, out SecurityToken validatedToken)
{
//eyJ0eXAiOiJKV1QiLCJhbGciOiJIUzI1NiJ9.eyJ1bmlxdWVfbmFtZSI6Ikphc29uIExlZSIsInN1YiI6Ikphc29uIExlZSIsInJvbGUiOlsiTWFuYWdlciIsIlN1cGVydmlzb3IiXSwiaXNzIjoiaHR0cDovL2p3dGF1dGh6c3J2LmF6dXJld2Vic2l0ZXMubmV0IiwiYXVkIjoiUm9ja2V0IiwiZXhwIjoxNDQxOTgwMjE5LCJuYmYiOjE0NDE5NzY2MTl9.yegylhGkz5uasu5E--aEbCAHfi5aE9Z17_pZAE63Bog
validatedToken = null;
var key = "IxrAjDoa2FqElO7IhrSrUJELhUckePEPVpaePlS_Xaw";
try
{
var raw = JsonWebToken.Decode(securityToken, key);
var payLoad = JsonConvert.DeserializeObject<List<KeyValuePair<string, string>>>(raw);
var claims = new List<Claim>();
foreach (var row in payLoad)
{
var claim = new Claim(row.Key, row.Value);
claims.Add(claim);
}
var claimsIdentity = new ClaimsIdentity(claims, "jwt");
return new ClaimsPrincipal(claimsIdentity);
}
catch (Exception ex)
{
return null;
}
}
private static bool ClaimFromValidIssuer(Claim claim, TokenValidationParameters tokenValidationParameters)
{
if (null == claim)
{
return false;
}
if (null == tokenValidationParameters)
{
return false;
}
if (null == tokenValidationParameters.ValidIssuers)
{
return false;
}
if (string.IsNullOrWhiteSpace(claim.Issuer) && string.IsNullOrWhiteSpace(claim.OriginalIssuer))
{
return false;
}
bool result =
tokenValidationParameters
.ValidIssuers
.Any(
(string item) =>
string.Equals(item, claim.Issuer, StringComparison.OrdinalIgnoreCase)
|| string.Equals(item, claim.OriginalIssuer, StringComparison.OrdinalIgnoreCase));
return result;
}
public override object ReadJson(JsonReader reader, Type objectType, object existingValue, JsonSerializer serializer)
{
var source = serializer.Deserialize<ClaimModel>(reader);
var target = new Claim(source.Type, source.Value, source.ValueType);
return target;
}
public async Task ValidatePrincipal(CookieValidatePrincipalContext context)
{
// TODO: uncomment this after next release of aspnet core
// and fix the broken
// it needs to resolve options per tenant
//await securityStampValidator.ValidateAsync(context);
TenantContext<SiteSettings> siteContext
= await siteResolver.ResolveAsync(contextAccessor.HttpContext);
if (siteContext == null)
{
context.RejectPrincipal();
}
if (siteContext.Tenant == null)
{
context.RejectPrincipal();
}
Claim siteGuidClaim = new Claim("SiteGuid", siteContext.Tenant.SiteGuid.ToString());
if (!context.Principal.HasClaim(siteGuidClaim.Type, siteGuidClaim.Value))
{
log.LogInformation("rejecting principal because it does not have siteguid");
context.RejectPrincipal();
}
// return Task.FromResult(0);
}
public async Task<ActionResult> Create(RegisterViewModel vm)
{
if (ModelState.IsValid)
{
var user = new ApplicationUser { UserName = vm.Email, Email = vm.Email };
var adminresult = await userManager.CreateAsync(user, vm.Password);
//Add User to the selected Claims
if (adminresult.Succeeded)
{
if (vm.selectedClaims != null)
{
foreach (var item in vm.selectedClaims)
{
var claim = new Claim(item, true.ToString());
var result = await userManager.AddClaimAsync(user.Id, claim); if (!result.Succeeded)
{
ModelState.AddModelError("", result.Errors.First());
return View(vm);
}
}
}
}
else
{
ModelState.AddModelError("", adminresult.Errors.First());
return View(vm);
}
return RedirectToAction("Index");
}
return View(vm);
}
public BackendCredentialsClaim(Claim claim)
: base(claim.Type, claim.Value)
{
Contract.Requires<ArgumentException>(claim.Type == TYPE, "Invalid Claim Type");
SplitValue(claim.Value, out User, out Password);
}
public ApiControllerExtensionsTests()
{
HttpConfiguration config = new HttpConfiguration();
IWebHookUser user = new WebHookUser();
_managerMock = new Mock<IWebHookManager>();
_resolverMock = new Mock<IDependencyResolver>();
_resolverMock.Setup(r => r.GetService(typeof(IWebHookManager)))
.Returns(_managerMock.Object)
.Verifiable();
_resolverMock.Setup(r => r.GetService(typeof(IWebHookUser)))
.Returns(user)
.Verifiable();
config.DependencyResolver = _resolverMock.Object;
ClaimsIdentity identity = new ClaimsIdentity();
Claim claim = new Claim(ClaimTypes.Name, "TestUser");
identity.AddClaim(claim);
_principal = new ClaimsPrincipal(identity);
_context = new HttpRequestContext()
{
Configuration = config,
Principal = _principal
};
_controller = new TestController()
{
RequestContext = _context
};
}
public async Task<IActionResult> Index(LoginInputModel model)
{
if (ModelState.IsValid)
{
if (_loginService.ValidateCredentials(model.Username, model.Password))
{
var user = _loginService.FindByUsername(model.Username);
var name = user.Claims.Where(x => x.Type == Constants.ClaimTypes.Name).Select(x => x.Value).FirstOrDefault() ?? user.Username;
var claims = new Claim[] {
new Claim(Constants.ClaimTypes.Subject, user.Subject),
new Claim(Constants.ClaimTypes.Name, name),
new Claim(Constants.ClaimTypes.IdentityProvider, "idsvr"),
new Claim(Constants.ClaimTypes.AuthenticationTime, DateTime.UtcNow.ToEpochTime().ToString()),
};
var ci = new ClaimsIdentity(claims, "password", Constants.ClaimTypes.Name, Constants.ClaimTypes.Role);
var cp = new ClaimsPrincipal(ci);
await HttpContext.Authentication.SignInAsync(Constants.PrimaryAuthenticationType, cp);
if (model.SignInId != null)
{
return new SignInResult(model.SignInId);
}
return Redirect("~/");
}
ModelState.AddModelError("", "Invalid username or password.");
}
var vm = new LoginViewModel(model);
return View(vm);
}
public static ExternalLoginData FromIdentity(ClaimsIdentity identity)
{
if (identity == null)
{
return(null);
}
System.Security.Claims.Claim providerKeyClaim = identity.FindFirst(ClaimTypes.NameIdentifier);
if (providerKeyClaim == null || String.IsNullOrEmpty(providerKeyClaim.Issuer) ||
String.IsNullOrEmpty(providerKeyClaim.Value))
{
return(null);
}
if (providerKeyClaim.Issuer == ClaimsIdentity.DefaultIssuer)
{
return(null);
}
return(new ExternalLoginData
{
LoginProvider = providerKeyClaim.Issuer,
ProviderKey = providerKeyClaim.Value,
UserName = identity.FindFirstValue(ClaimTypes.Name)
});
}
public ActionResult Login(string username, string password)
{
password = CalculateMD5Hash(password);
var query = from c in dataContext.Logins
where (c.Username == username.ToLower() && c.Password == password)
select c;
if (query.Count() != 0)
{
HttpContext.GetOwinContext().Authentication
.SignOut(DefaultAuthenticationTypes.ExternalCookie);
Claim loginClaim = new Claim(ClaimTypes.Name, username);
Claim[] claims = new Claim[] { loginClaim };
ClaimsIdentity claimsIdentity =
new ClaimsIdentity(claims,
DefaultAuthenticationTypes.ApplicationCookie);
HttpContext.GetOwinContext().Authentication.SignIn(new AuthenticationProperties() { IsPersistent = false }, claimsIdentity);
return Redirect("/Home");
}
else
{
ModelState.AddModelError("", "Invalid username or password.");
return Redirect("/");
}
}
private static object GetValue(Claim claim)
{
if (claim.ValueType == ClaimValueTypes.Integer ||
claim.ValueType == ClaimValueTypes.Integer32)
{
Int32 value;
if (Int32.TryParse(claim.Value, out value))
{
return value;
}
}
if (claim.ValueType == ClaimValueTypes.Integer64)
{
Int64 value;
if (Int64.TryParse(claim.Value, out value))
{
return value;
}
}
if (claim.ValueType == ClaimValueTypes.Boolean)
{
bool value;
if (bool.TryParse(claim.Value, out value))
{
return value;
}
}
return claim.Value;
}
public UserStoreTests(string collectionPrefix)
{
collectionPrefix = $"{typeof(UserStoreTests).Name}_{collectionPrefix}";
_databaseFixture = new DatabaseFixture(collectionPrefix);
_userCollection = _databaseFixture.GetCollection<IdentityUser>();
_roleCollection = _databaseFixture.GetCollection<IdentityRole>();
_databaseContext = new IdentityDatabaseContext { UserCollection = _userCollection, RoleCollection = _roleCollection };
_errorDescriber = new IdentityErrorDescriber();
_userStore = new UserStore<IdentityUser, IdentityRole>(_databaseContext, null, _errorDescriber);
_claim1 = new Claim("ClaimType1", "some value");
_claim2 = new Claim("ClaimType2", "some other value");
_claim3 = new Claim("other type", "some other value");
_claim1SameType = new Claim(_claim1.Type, _claim1.Value + " different");
_identityClaim1 = new IdentityClaim(_claim1);
_identityClaim2 = new IdentityClaim(_claim2);
_identityClaim3 = new IdentityClaim(_claim3);
_identityClaim1SameType = new IdentityClaim(_claim1SameType);
}
public override async Task <ClaimsIdentity> CreateUserIdentityAsync(User user)
{
_logger.Debug()
.Message("Create user identity for '{0}'", user.Email)
.Write();
var claimIdenity = await base.CreateUserIdentityAsync(user);
var displayClaim = new System.Security.Claims.Claim(Claim.DisplayName, user.Name ?? user.UserName);
claimIdenity.AddClaim(displayClaim);
if (user.Organizations == null)
{
return(claimIdenity);
}
foreach (var claim in user.Organizations)
{
var orgClaim = new System.Security.Claims.Claim(Claim.Organization, claim);
claimIdenity.AddClaim(orgClaim);
}
return(claimIdenity);
}
/// <summary>
/// Add Domain License Detail Claims
/// </summary>
private void AddDomainLicenseDetailClaims(long domainKey, ClaimsIdentity identity)
{
DomainLicenseDetail domainLicenseDetail = null;
//domainLicenseDetailsRepository.GetDomainLicenseDetailByDomainKey(domainKey);
if (domainLicenseDetail != null)
{
var claim = new Claim(CaresUserClaims.DomainLicenseDetail,
ClaimHelper.Serialize(
new DomainLicenseDetailClaim
{
UserDomainKey = domainLicenseDetail.UserDomainKey,
Branches = domainLicenseDetail.Branches,
FleetPools = domainLicenseDetail.FleetPools,
Employee = domainLicenseDetail.Employee,
RaPerMonth = domainLicenseDetail.RaPerMonth,
Vehicles = domainLicenseDetail.Vehicles
}),
typeof (DomainLicenseDetailClaim).AssemblyQualifiedName);
ClaimHelper.AddClaim(claim, identity);
}
else
{
throw new InvalidOperationException("No Domain License Detail data found!");
}
}
public UserClaim(Claim claim)
{
if (claim == null) throw new ArgumentNullException("claim");
Type = claim.Type;
Value = claim.Value;
}
/// <summary>
/// Returns a ClaimsPrincipal object with the NameIdentifier and Name claims, if the request can be
/// successfully authenticated based on query string parameter bewit or HTTP Authorization header (hawk scheme).
/// </summary>
public async Task<ClaimsPrincipal> AuthenticateAsync()
{
string bewit;
bool isBewit = Bewit.TryGetBewit(this.request, out bewit);
var authentication = isBewit ?
Bewit.AuthenticateAsync(bewit, now, request, credentialsFunc) :
HawkSchemeHeader.AuthenticateAsync(now, request, credentialsFunc);
this.result = await authentication;
if (result.IsAuthentic)
{
// At this point, authentication is successful but make sure the request parts match what is in the
// application specific data 'ext' parameter by invoking the callback passing in the request object and 'ext'.
// The application specific data is considered verified, if the callback is not set or it returns true.
bool isAppSpecificDataVerified = this.verificationCallback == null ||
this.verificationCallback(request, result.ApplicationSpecificData);
if (isAppSpecificDataVerified)
{
// Set the flag so that Server-Authorization header is not sent for bewit requests.
this.isBewitRequest = isBewit;
var idClaim = new Claim(ClaimTypes.NameIdentifier, result.Credential.Id);
var nameClaim = new Claim(ClaimTypes.Name, result.Credential.User);
var identity = new ClaimsIdentity(new[] { idClaim, nameClaim }, HawkConstants.Scheme);
return new ClaimsPrincipal(identity);
}
}
return null;
}
public Task ValidatePrincipal(CookieValidatePrincipalContext context)
{
//
// TODO: uncomment this after next release of aspnet core
// and fix the broken
// it needs to resolve options per tenant
//await securityStampValidator.ValidateAsync(context);
var tenant = context.HttpContext.GetTenant<SiteContext>();
if (tenant == null)
{
context.RejectPrincipal();
}
var siteGuidClaim = new Claim("SiteGuid", tenant.Id.ToString());
if (!context.Principal.HasClaim(siteGuidClaim.Type, siteGuidClaim.Value))
{
logger.LogInformation("rejecting principal because it does not have siteguid");
context.RejectPrincipal();
}
//TODO: should we lookup the user here and reject if locked out or deleted?
return Task.FromResult(0);
}
public JsonClaim(Claim claim)
{
if (claim == null) throw new ArgumentNullException("claim");
if (!claim.ValueType.StartsWith("Json:"))
throw new ArgumentException("Claim has unsupported ValueType", "claim");
Claim = claim;
}
public async Task ReplaceClaimAsync(UserModel user, System.Security.Claims.Claim claim, System.Security.Claims.Claim newClaim, CancellationToken cancellationToken)
{
if (claim.Type != newClaim.Type)
{
throw new Exception("Claim and New Claim don't match");
}
await _repo.SetClaimValue(user.UserId.ToString(), claim.Type, newClaim.Value);
}
public void GetValue_OneMatches_ReturnsValue()
{
IEnumerable<Claim> claims = new Claim[]{
new Claim("type1", "value1"),
new Claim("type2", "value2"),
};
Assert.AreEqual("value1", claims.GetValue("type1"));
}
/// <summary>
/// Inserts a new claim in UserClaims table
/// </summary>
/// <param name="userClaim">User's claim to be added</param>
/// <param name="userId">User's id</param>
/// <returns></returns>
public int Insert(Claim userClaim, string userId)
{
using (var db = _database.Open())
{
return (int)db.Insert<ClaimInternal>(
new ClaimInternal { UserId = userId, ClaimType = userClaim.Type, ClaimValue = userClaim.Value });
}
}
/// <summary>
/// Add a claim to a user for the current host.
/// </summary>
/// <param name="user">The user.</param>
/// <param name="claim">The claim.</param>
/// <returns></returns>
public override async Task AddClaimAsync(TUser user, System.Security.Claims.Claim claim)
{
Contract.Requires <ArgumentNullException>(user != null, "user");
Contract.Requires <ArgumentNullException>(claim != null, "claim");
ThrowIfDisposed();
await AddClaimAsync(this.HostId, user, claim);
}
/// <summary>
/// Converts the <see cref="System.Security.Claims.Claim" /> instance into the corresponding <see cref="Dolittle.Security.Claim" /> instance
/// </summary>
/// <returns>a <see cref="Dolittle.Security.Claim" /> instance</returns>
public static Dolittle.Security.Claim FromDotnetClaim(System.Security.Claims.Claim claim)
{
if (claim == null)
{
return(null);
}
return(new Dolittle.Security.Claim(claim.Type, claim.Value, claim.ValueType));
}
/// <summary>
/// Add a user claim for the current host.
/// </summary>
/// <param name="userId">The user identifier.</param>
/// <param name="claim">The claim.</param>
/// <returns></returns>
public override async Task <IdentityResult> AddClaimAsync(TKey userId, System.Security.Claims.Claim claim)
{
//x Contract.Requires<ArgumentNullException>(!userId.Equals(default(TKey)), "userId");
//x Contract.Requires<ArgumentNullException>(claim != null, "claim");
ThrowIfDisposed();
return(await AddClaimAsync(this.HostId, userId, claim));
}
public Task AddClaimAsync(User user, System.Security.Claims.Claim claim)
{
var newClaim = new Entity.Claim()
{
UserId = user.Id, ClaimType = claim.Type, ClaimValue = claim.Value
};
_claimRepository.Add(newClaim);
return(Task.FromResult(0));
}
public Task RemoveClaimAsync(TUser user, System.Security.Claims.Claim claim)
{
ThrowIfDisposed();
if (user == null)
{
throw new ArgumentNullException("user");
}
user.Claims.RemoveAll(x => x.ClaimType == claim.Type && x.ClaimValue == claim.Value);
return(Task.FromResult(0));
}
public async Task<ActionResult> ExternalLoginCallback(string returnUrl)
{
var loginInfo = await AuthenticationManager.GetExternalLoginInfoAsync();
if (loginInfo == null)
{
return RedirectToAction("Login");
}
var user = await UserManager.FindAsync(loginInfo.Login);
// Logar caso haja um login externo e já esteja logado neste provedor de login
var result = await SignInManager.ExternalSignInAsync(loginInfo, isPersistent: false);
switch (result)
{
case SignInStatus.Success:
var userext = UserManager.FindByEmailAsync(user.Email);
await SignInAsync(userext.Result, false);
return RedirectToLocal(returnUrl);
case SignInStatus.LockedOut:
return View("Lockout");
case SignInStatus.RequiresVerification:
return RedirectToAction("SendCode", new { ReturnUrl = returnUrl });
case SignInStatus.Failure:
default:
// Se ele nao tem uma conta solicite que crie uma
var externalIdentity = HttpContext.GetOwinContext().Authentication.GetExternalIdentityAsync(DefaultAuthenticationTypes.ExternalCookie);
string firstName = null, lastName = null;
System.Security.Claims.Claim baseFirstName = null, baseLastName = null;
switch (loginInfo.Login.LoginProvider)
{
case "Facebook":
baseFirstName = externalIdentity.Result.Claims.FirstOrDefault(c => c.Type == "urn:facebook:first_name");
baseLastName = externalIdentity.Result.Claims.FirstOrDefault(c => c.Type == "urn:facebook:last_name");
break;
case "Google":
baseFirstName = externalIdentity.Result.Claims.FirstOrDefault(c => c.Type == "http://schemas.xmlsoap.org/ws/2005/05/identity/claims/givenname");
baseLastName = externalIdentity.Result.Claims.FirstOrDefault(c => c.Type == "http://schemas.xmlsoap.org/ws/2005/05/identity/claims/surname");
break;
}
if (baseFirstName != null)
firstName = baseFirstName.Value;
if (baseLastName != null)
lastName = baseLastName.Value;
ViewBag.ReturnUrl = returnUrl;
ViewBag.LoginProvider = loginInfo.Login.LoginProvider;
return View("ExternalLoginConfirmation", new ExternalLoginConfirmationViewModel { Email = loginInfo.Email, LastName = lastName, Name = firstName });
}
}
// Adds an Authentication Method claims to the given ClaimsIdentity if one is not already present.
static void AddAuthenticationMethod(ClaimsIdentity claimsIdentity, string authenticationMethod)
{
System.Security.Claims.Claim authenticationMethodClaim =
claimsIdentity.Claims.FirstOrDefault(claim => claim.Type == System.Security.Claims.ClaimTypes.AuthenticationMethod);
if (authenticationMethodClaim == null)
{
// AuthenticationMethod claims does not exist. Add one.
claimsIdentity.AddClaim(
new System.Security.Claims.Claim(
System.Security.Claims.ClaimTypes.AuthenticationMethod, authenticationMethod));
}
}
public System.Threading.Tasks.Task AddClaimAsync(TUser user, System.Security.Claims.Claim claim)
{
UserClaim userClaim = new UserClaim()
{
UserId = user.Id,
ClaimType = claim.Type,
ClaimValue = claim.ValueType
};
this.context.UserClaims.Add(userClaim);
this.context.SaveChangesAsync();
return(Task.FromResult <TUser>(null));
}
private void SetClaimsIdentity(string userName)
{
var claims = new System.Security.Claims.Claim[]
{
new System.Security.Claims.Claim(System.Security.Claims.ClaimTypes.NameIdentifier, userName)
};
ClaimsIdentity id = new System.Security.Claims.ClaimsIdentity(claims, "Forms");
ClaimsPrincipal cp = new System.Security.Claims.ClaimsPrincipal(id);
SessionSecurityToken token = new SessionSecurityToken(cp);
FederatedAuthentication.SessionAuthenticationModule.WriteSessionTokenToCookie(token);
}
public Task RemoveClaimAsync(TUser user, System.Security.Claims.Claim claim)
{
if (user == null)
{
throw new ArgumentNullException("user");
}
if (claim == null)
{
throw new ArgumentNullException("claim");
}
userClaimLogic.DeleteByUserId(user.BusinessEntityId);
return(Task.FromResult <object>(null));
}
public Task AddClaimAsync(TUser user, System.Security.Claims.Claim claim)
{
CheckDisposed(user);
if (!user.Claims.Any(x => x.ClaimType == claim.Type && x.ClaimValue == claim.Value))
{
user.Claims.Add(new IdentityUserClaim
{
ClaimType = claim.Type,
ClaimValue = claim.Value
});
}
return(Task.FromResult(0));
}
public Task RemoveClaimAsync(TUser user, System.Security.Claims.Claim claim)
{
if (user == null)
{
throw new ArgumentNullException("user");
}
if (claim == null)
{
throw new ArgumentNullException("claim");
}
this.userClaimsRepository.Delete(user.Id, claim);
return(Task.FromResult <object>(null));
}
public async System.Threading.Tasks.Task RemoveClaimAsync(TUser user, System.Security.Claims.Claim claim)
{
UserClaim userClaim = (from c in this.context.UserClaims
where c.UserId == user.Id && c.ClaimType == claim.Type && c.ClaimValue == claim.ValueType
select c).FirstOrDefault();
if (userClaim != null)
{
this.context.UserClaims.Remove(userClaim);
await this.context.SaveChangesAsync();
}
else
{
throw new Exception("Cannot find requested claim");
}
}
public async Task RemoveClaimAsync(UserModel user, System.Security.Claims.Claim claim)
{
throw new NotImplementedException();
/*using (var db = HibernateSession.GetCurrentSession())
* {
* using (var tx = db.BeginTransaction())
* {
* user = db.Get<UserModel>(user.Id);
* user.Claims.FirstOrDefault(x => x.Type == claim.Type && x.Value == claim.Value).NotNull(x => x.Deleted = true);
* db.SaveOrUpdate(user);
* tx.Commit();
* db.Flush();
* }
* }*/
}
public async Task AddClaimAsync(UserModel user, System.Security.Claims.Claim claim)
{
throw new NotImplementedException();
/*using (var db = HibernateSession.GetCurrentSession())
* {
* using (var tx = db.BeginTransaction())
* {
* user = db.Get<UserModel>(user.Id);
* user.Claims.Add(claim);
* db.SaveOrUpdate(user);
* tx.Commit();
* db.Flush();
* }
* }*/
}
// Adds an Authentication Method claims to the given ClaimsIdentity if one is not already present.
static void AddAuthenticationInstantClaim(ClaimsIdentity claimsIdentity, string authenticationInstant)
{
// the issuer for this claim should always be the default issuer.
string issuerName = ClaimsIdentity.DefaultIssuer;
System.Security.Claims.Claim authenticationInstantClaim =
claimsIdentity.Claims.FirstOrDefault(claim => claim.Type == System.Security.Claims.ClaimTypes.AuthenticationInstant);
if (authenticationInstantClaim == null)
{
// AuthenticationInstance claims does not exist. Add one.
claimsIdentity.AddClaim(
new System.Security.Claims.Claim(
System.Security.Claims.ClaimTypes.AuthenticationInstant, authenticationInstant, ClaimValueTypes.DateTime,
issuerName));
}
}
/// <summary>
/// Gets logged in account for <see cref="HttpContext.User"/>.
/// </summary>
/// <returns>
/// An account if there is a logged in account.
/// Null otherwise.
/// </returns>
public virtual async Task <TAccount> GetApplicationAccountAsync()
{
if (_httpContext.User == null)
{
return(default(TAccount));
}
if (_httpContext.User.Identity?.AuthenticationType == _options.CookieOptions.ApplicationCookieOptions.AuthenticationScheme)
{
System.Security.Claims.Claim accountIdClaim = _httpContext.User.FindFirst(_options.ClaimsOptions.AccountIdClaimType);
if (accountIdClaim != null)
{
return(await _accountRepository.GetAsync(Convert.ToInt32(accountIdClaim.Value), _cancellationToken));
}
}
return(default(TAccount));
}
public async Task <ClaimsPrincipal> TransformAsync(ClaimsPrincipal principal)
{
ClaimsIdentity identity = principal.Identity as ClaimsIdentity;
System.Security.Claims.Claim claim = null;
if (principal.HasClaim(x => x.Type == "username"))
{
claim = new System.Security.Claims.Claim("username", identity.Name);
identity.AddClaim(claim);
}
if (principal.HasClaim(x => x.Type == "logintime"))
{
claim = new System.Security.Claims.Claim("logintime", DateTime.Now.ToString());
identity.AddClaim(claim);
}
return(principal);
}
public bool IsAvailableForUser(System.Security.Claims.Claim identityClaim, IAuthenticationContext context)
{
/*string windir = Environment.GetFolderPath(Environment.SpecialFolder.Windows);
* System.Configuration.ExeConfigurationFileMap fileMap = new System.Configuration.ExeConfigurationFileMap();
* fileMap.ExeConfigFilename = windir + "\\ADFS\\OktaMFA-ADFS.dll.config";
* System.Configuration.Configuration cfg =
* System.Configuration.ConfigurationManager.OpenMappedExeConfiguration(fileMap, System.Configuration.ConfigurationUserLevel.None);
* string oktaTenant = cfg.AppSettings.Settings["Tenant"].Value;
* string authToken = cfg.AppSettings.Settings["apiKey"].Value;
* string upn = identityClaim.Value;
* string baseUrl = oktaTenant + "/api/v1/";
* HttpWebRequest upnRequest = (HttpWebRequest)WebRequest.Create(baseUrl + "users/" + upn);
* upnRequest.Headers.Add("Authorization", authToken);
* upnRequest.Method = "GET";
* upnRequest.ContentType = "application/json";
* var upnResponse = (HttpWebResponse)upnRequest.GetResponse();
* var idReader = new StreamReader(upnResponse.GetResponseStream());
* var id = idReader.ReadToEnd();
*
* RootObject userProfile = JsonConvert.DeserializeObject<RootObject>(id);
*
* string userID = userProfile.id.ToString();
* HttpWebRequest factorRequest = (HttpWebRequest)WebRequest.Create(baseUrl + "users/" + userID + "/factors");
* factorRequest.Headers.Add("Authorization", authToken);
* factorRequest.Method = "GET";
* factorRequest.ContentType = "application/json";
* factorRequest.Accept = "application/json";
* var factorResponse = (HttpWebResponse)factorRequest.GetResponse();
* var factorReader = new StreamReader(factorResponse.GetResponseStream());
* var factorList = factorReader.ReadToEnd();
*
* RootObject[] factors = JsonConvert.DeserializeObject<RootObject[]>(factorList);
* string factorID = "";
* foreach (RootObject factor in factors)
* if (factor.factorType == "SMS")
* {
* return true;
* }
*
*
* return false;*/
return(true);
}
