/// <summary> /// Generate Token from user information /// </summary> /// <param name="Id">User id</param> /// <param name="username">UserName</param> /// <returns>TokenResponse</returns> public TokenResponse GenerateUserToken(long Id, string username) { var now = DateTime.UtcNow; var claims = new Claim[] { new Claim("id", Id.ToString()), new Claim("name", username), new Claim(JwtRegisteredClaimNames.Iat, ToUnixEpochDate(now).ToString(), ClaimValueTypes.Integer64) }; // Create the JWT and write it to a string var jwt = new JwtSecurityToken( issuer: this.options.Issuer, audience: this.options.Audience, claims: claims, notBefore: now, expires: now.Add(this.options.Expiration), signingCredentials: this.options.SigningCredentials ?? TokenProvider.DefaultSigningCredentials()); var encodedJwt = new JwtSecurityTokenHandler().WriteToken(jwt); return new TokenResponse { access_token = encodedJwt, expires_in = (ulong)this.options.Expiration.TotalSeconds }; }
public void Should_remove_claim() { var user = TestData.GetTestUserJohn(); var claimToDelete = new Claim(ClaimTypes.Email, "*****@*****.**"); var task = _target.RemoveClaimAsync(user, claimToDelete); task.Wait(); var db = Database.Open(); var claims = db.AspNetUserClaims.FindAllByUserId(TestData.John_UserId).ToList(); Assert.That(claims.Count, Is.EqualTo(1)); bool foundClaim=false; foreach (var claim in claims) { if (claim.ClaimType == ClaimTypes.Email) { foundClaim = true; } } Assert.That(foundClaim, Is.False);; }
static void Main(string[] args) { // NOTE: The below is a sample of how we may construct a ClaimsPrincipal instance over two ClaimsIdentity instances: // one for the tenant identity and the the other for the user idenetity. When a request come to the web server, we can determine the // tenant's identity at the very early stages of the request lifecycle. Then, we can try to authenticate the user based on the // information passed through the request headers (this could be bearer token, basic auth, etc.). const string tenantId = "f35fe69d-7aef-4f1a-b645-0de4176cd441"; const string tenantName = "bigcompany"; IEnumerable<Claim> tenantClaims = new Claim[] { new Claim(ClaimTypes.NameIdentifier, tenantId, ClaimValueTypes.String, AuthServerName), new Claim(ClaimTypes.Name, tenantName, ClaimValueTypes.String, AuthServerName) }; const string userId = "d4903f71-ca06-4671-a3df-14f7e02a0008"; const string userName = "******"; const string twitterToken = "30807826f0d74ed29d69368ea5faee2638b0e931566b4e4092c1aca9b4db04fe"; const string facebookToken = "35037356a183470691504cd163ce2f835419978ed81c4b7781ae3bbefdea176a"; IEnumerable<Claim> userClaims = new Claim[] { new Claim(ClaimTypes.NameIdentifier, userId, ClaimValueTypes.String, AuthServerName), new Claim(ClaimTypes.Name, userName, ClaimValueTypes.String, AuthServerName), new Claim("token", twitterToken, ClaimValueTypes.String, AuthServerName, "Twitter"), new Claim("token", facebookToken, ClaimValueTypes.String, AuthServerName, "Facebook") }; ClaimsIdentity tenantIdentity = new ClaimsIdentity(tenantClaims, TenantAuthType, ClaimTypes.Name, ClaimTypes.Role); ClaimsIdentity userIdentity = new ClaimsIdentity(userClaims, UserAuthType, ClaimTypes.Name, ClaimTypes.Role); ClaimsPrincipal principal = new ClaimsPrincipal(new[] { tenantIdentity, userIdentity }); }
public static ClaimsPrincipal CreateWithUserId(long authorId) { var claim = new Claim(ToBeImplementedClaims.IdClaim, authorId.ToString()); var identity = new ClaimsIdentity(Enumerable.Repeat(claim, 1)); var claimsprincipal = new ClaimsPrincipal(identity); return claimsprincipal; }
public Task RemoveClaimAsync(IdentityUser user, System.Security.Claims.Claim claim) { if (user == null) { throw new ArgumentNullException("user"); } if (claim == null) { throw new ArgumentNullException("claim"); } var u = _unitOfWork.UserRepository.FindById(user.Id); if (u == null) { throw new ArgumentException("IdentityUser does not correspond to a User entity.", "user"); } var c = u.Claims.FirstOrDefault(x => x.ClaimType == claim.Type && x.ClaimValue == claim.Value); u.Claims.Remove(c); _unitOfWork.UserRepository.Update(u); return(_unitOfWork.SaveChangesAsync()); }
private void Setup() { var myClaim = new Claim("http://myclaims/customer", "add"); var currentIdentity = new CorpIdentity("stevenh", myClaim); var principal = new ClaimsPrincipal(currentIdentity); Thread.CurrentPrincipal = principal; }
public virtual Task<ClaimsIdentity> CreateAsync(User user, string authenticationType, IEnumerable<string> userRoles, IEnumerable<Claim> userClaims) { var claimsIdentity = new ClaimsIdentity(authenticationType, this.UserNameClaimType, this.RoleClaimType); claimsIdentity.AddClaim(new Claim(this.UserIdClaimType, user.Id, DefaultClaimValueType)); claimsIdentity.AddClaim(new Claim(this.UserNameClaimType, user.UserName, DefaultClaimValueType)); claimsIdentity.AddClaim(new Claim(IdentityProviderClaimType, DefaultIdentityProviderClaimValue, DefaultClaimValueType)); // TODO: Support Security Stamp. var claim = new Claim(this.SecurityStampClaimType, user.SecurityStamp); claimsIdentity.AddClaim(claim); // TODO: Support User Roles, Ensure Roles are loaded. if (userRoles != null) { foreach (var userRole in userRoles) { claimsIdentity.AddClaim(new Claim(this.RoleClaimType, userRole, DefaultClaimValueType)); } } // TODO: Support User Claims. if (userClaims != null) { foreach (var userClaim in userClaims) { claimsIdentity.AddClaim(userClaim); } } return Task.FromResult(claimsIdentity); }
private static Saml2NameIdentifier ProcessLogoutNameIdentifier(Claim claim) { var fields = DelimitedString.Split(claim.Value); var saml2NameIdentifier = new Saml2NameIdentifier(fields[4]); if (!string.IsNullOrEmpty(fields[0])) { saml2NameIdentifier.NameQualifier = fields[0]; } if (!string.IsNullOrEmpty(fields[1])) { saml2NameIdentifier.SPNameQualifier = fields[1]; } if (!string.IsNullOrEmpty(fields[2])) { saml2NameIdentifier.Format = new Uri(fields[2]); } if (!string.IsNullOrEmpty(fields[3])) { saml2NameIdentifier.SPProvidedId = fields[3]; } return saml2NameIdentifier; }
public override async Task GrantResourceOwnerCredentials(OAuthGrantResourceOwnerCredentialsContext context) { var userManager = context.OwinContext.GetUserManager<ApplicationUserManager>(); FarmerUser user = await userManager.FindAsync(context.UserName, context.Password); if (user == null) { context.SetError("invalid_grant", "The user name or password is incorrect."); return; } ClaimsIdentity oAuthIdentity = await user.GenerateUserIdentityAsync(userManager, OAuthDefaults.AuthenticationType); ClaimsIdentity cookiesIdentity = await user.GenerateUserIdentityAsync(userManager, CookieAuthenticationDefaults.AuthenticationType); var claim = new Claim(ClaimTypes.Role, "User"); oAuthIdentity.AddClaim(claim); cookiesIdentity.AddClaim(claim); if (user.Email.Equals("*****@*****.**")) { oAuthIdentity.AddClaim(new Claim(ClaimTypes.Role, "Admin")); cookiesIdentity.AddClaim(new Claim(ClaimTypes.Role, "Admin")); } AuthenticationProperties properties = CreateProperties(user.UserName); AuthenticationTicket ticket = new AuthenticationTicket(oAuthIdentity, properties); context.Validated(ticket); context.Request.Context.Authentication.SignIn(cookiesIdentity); }
public Task AddClaimAsync(IdentityUser user, System.Security.Claims.Claim claim) { if (user == null) { throw new ArgumentNullException("user"); } if (claim == null) { throw new ArgumentNullException("claim"); } var u = _unitOfWork.UserRepository.FindById(user.Id); if (u == null) { throw new ArgumentException("IdentityUser does not correspond to a User entity.", "user"); } var c = new Domain.Entities.Claim { ClaimType = claim.Type, ClaimValue = claim.Value, User = u }; u.Claims.Add(c); _unitOfWork.UserRepository.Update(u); return(_unitOfWork.SaveChangesAsync()); }
private async Task <IEnumerable <Account> > GetAccountsWithClaims(SecurityClaim claim, CancellationToken cancellationToken) { var foundClaim = await _claimService.GetClaim(claim.Type, cancellationToken); if (foundClaim == null) { return(default);
public Task AddClaimAsync(IdentityUser user, System.Security.Claims.Claim claim) { if (user == null) { throw new ArgumentNullException("user"); } if (claim == null) { throw new ArgumentNullException("claim"); } var u = _repositoryUser.GetById(user.Id); if (u == null) { throw new ArgumentException("IdentityUser does not correspond to a User entity.", "user"); } var c = new Entities.Claim { ClaimType = claim.Type, ClaimValue = claim.Value, User = u }; u.Claims.Add(c); return(Task.Factory.StartNew(() => _repositoryUser.Update(u))); }
public Task AddClaimAsync(IdentityUser user, System.Security.Claims.Claim claim) { if (user == null) { throw new ArgumentNullException("user"); } if (claim == null) { throw new ArgumentNullException("claim"); } User user1 = this._userRepository.FindById(user.Id, false); if (user1 == null) { throw new ArgumentException("IdentityUser does not correspond to a User entity.", "user"); } Domain.Entities.Account.Claim claim1 = new Domain.Entities.Account.Claim() { ClaimType = claim.Type, ClaimValue = claim.Value, User = user1 }; user1.Claims.Add(claim1); this._userRepository.Update(user1); return(this._unitOfWork.CommitAsync()); }
private static bool ClaimsAuthorizedClient(Claim claim, TokenValidationParameters tokenValidationParameters) { if (null == claim) { return false; } if (!TokenHandler.ClaimFromValidIssuer(claim, tokenValidationParameters)) { return false; } if (!TokenHandler.ClaimsApplicationIdentifier(claim)) { return false; } if (string.IsNullOrWhiteSpace(claim.Value)) { return false; } bool result = TokenHandler .AuthorizedClientApplicationIdentifiers .Value .Any( (string item) => string.Equals(item, claim.Value, StringComparison.OrdinalIgnoreCase)); return result; }
public static ClaimsIdentity CreateIdentity(Data.User user) { var claimsIdentity = new ClaimsIdentity(DefaultAuthenticationTypes.ApplicationCookie, ClaimTypes.Name, ClaimTypes.Role); claimsIdentity.AddClaim(new Claim(ClaimTypes.NameIdentifier, user.Id.ToString())); claimsIdentity.AddClaim(new Claim(ClaimTypes.Email, user.EmailAddress)); claimsIdentity.AddClaim(new Claim(ClaimTypes.Name, user.UserName)); claimsIdentity.AddClaim( new Claim("http://schemas.microsoft.com/accesscontrolservice/2010/07/claims/identityprovider", "ASP.NET Identity", "http://www.w3.org/2001/XMLSchema#string")); if (user.IsAdmin) { var adminClaim = new Claim(ClaimTypes.Role, AdministratorRole); // , null, ClaimIssuerName); claimsIdentity.AddClaim(adminClaim); } // Cannot assign null-value to new claim if (null != user.Cultures) { claimsIdentity.AddClaim(new Claim(ClaimTypes.UserData, user.Cultures)); } return claimsIdentity; }
public async Task<IActionResult> ExternalCallback() { var externalId = await Context.Authentication.AuthenticateAsync("Temp"); // check external identity - e.g. to see if registration is required // or to associate account with current login etc // name identifier is the unique id of the user in the context of the external provider var userId = externalId.FindFirst(ClaimTypes.NameIdentifier).Value; var name = externalId.FindFirst(ClaimTypes.Name).Value; var email = externalId.FindFirst(ClaimTypes.Email).Value; // add some application claims from profile database var role = new Claim("role", "PremiumUser"); var newId = new ClaimsIdentity("application", "name", "role"); newId.AddClaim(new Claim("name", name)); newId.AddClaim(new Claim("email", email)); newId.AddClaim(role); // sign in user with main cookie await Context.Authentication.SignInAsync("Cookies", new ClaimsPrincipal(newId)); // delete temp cookie await Context.Authentication.SignOutAsync("Temp"); return Redirect("/home/secure"); }
public virtual Task AddClaimAsync(IdentityUser user, System.Security.Claims.Claim claim) { if (user == null) { throw new ArgumentNullException("user"); } if (claim == null) { throw new ArgumentNullException("claim"); } var userClaim = new IdentityUserClaim() { UserId = user.Id, ClaimType = claim.ValueType, ClaimValue = claim.Value }; using (var db = _context.OpenDbConnection()) { db.Insert(userClaim); UpdateUser(user); return(Task.FromResult(0)); } }
public virtual Task RemoveClaimAsync(IdentityUser user, System.Security.Claims.Claim claim) { if (user == null) { throw new ArgumentNullException("user"); } if (claim == null) { throw new ArgumentNullException("claim"); } using (var db = _context.OpenDbConnection()) { db.Delete <IdentityUserClaim>(c => c.UserId == user.Id && c.ClaimValue == claim.Value && c.ClaimType == claim.Type ); UpdateUser(user); return(Task.FromResult(0)); } }
public string GetUserId() { var userEmail = ""; var identity = ClaimsPrincipal.Current.FindFirst("urn:facebook:name"); if (identity != null) { var accessToken = ClaimsPrincipal.Current.FindFirst("FacebookAccessToken").Value; var fb = new FacebookClient(accessToken); var myInfo = fb.Get <Controllers.FBUser>("/me?fields=email,first_name,last_name,gender"); userEmail = myInfo.email; } System.Security.Claims.Claim msftType = ClaimsPrincipal.Current.FindFirst("preferred_username"); if (msftType != null) { var accessToken = ClaimsPrincipal.Current.FindFirst("nonce").Value; userEmail = ClaimsPrincipal.Current.FindFirst("preferred_username").Value; } System.Security.Claims.Claim AspNetType = ClaimsPrincipal.Current.FindFirst("http://schemas.microsoft.com/accesscontrolservice/2010/07/claims/identityprovider"); if (AspNetType != null && AspNetType.Value == "ASP.NET Identity") { var user_ = UserManager.FindById(ClaimsPrincipal.Current.FindFirst("http://schemas.xmlsoap.org/ws/2005/05/identity/claims/nameidentifier").Value); return(user_?.Id ?? null); //var accessToken = ClaimsPrincipal.Current.FindFirst("http://schemas.xmlsoap.org/ws/2005/05/identity/claims/nameidentifier").Value; //userEmail = ClaimsPrincipal.Current.FindFirst("preferred_username").Value; } var user = UserManager.FindByEmail(userEmail); return(user?.Id ?? null); //ASP.NET Identity }
private async Task<IEnumerable<Claim>> ValidateToken(string token) { HttpClient clientRequest = new HttpClient(); clientRequest.BaseAddress = new Uri("http://localhost:10100/"); clientRequest.DefaultRequestHeaders.Accept.Add( new MediaTypeWithQualityHeaderValue("application/json")); var response = clientRequest.PostAsJsonAsync("authorize/verify", token).Result; if (!response.IsSuccessStatusCode) { return null; } var content = await response.Content.ReadAsStringAsync(); ValidateResult result = JsonConvert.DeserializeObject<ValidateResult>(content); var claim = new Claim(result.Type, result.Value); List<Claim> claims = new List<Claim>(1); claims.Add(claim); return claims; }
public ClaimsPrincipal ValidateToken(string securityToken, TokenValidationParameters validationParameters, out SecurityToken validatedToken) { //eyJ0eXAiOiJKV1QiLCJhbGciOiJIUzI1NiJ9.eyJ1bmlxdWVfbmFtZSI6Ikphc29uIExlZSIsInN1YiI6Ikphc29uIExlZSIsInJvbGUiOlsiTWFuYWdlciIsIlN1cGVydmlzb3IiXSwiaXNzIjoiaHR0cDovL2p3dGF1dGh6c3J2LmF6dXJld2Vic2l0ZXMubmV0IiwiYXVkIjoiUm9ja2V0IiwiZXhwIjoxNDQxOTgwMjE5LCJuYmYiOjE0NDE5NzY2MTl9.yegylhGkz5uasu5E--aEbCAHfi5aE9Z17_pZAE63Bog validatedToken = null; var key = "IxrAjDoa2FqElO7IhrSrUJELhUckePEPVpaePlS_Xaw"; try { var raw = JsonWebToken.Decode(securityToken, key); var payLoad = JsonConvert.DeserializeObject<List<KeyValuePair<string, string>>>(raw); var claims = new List<Claim>(); foreach (var row in payLoad) { var claim = new Claim(row.Key, row.Value); claims.Add(claim); } var claimsIdentity = new ClaimsIdentity(claims, "jwt"); return new ClaimsPrincipal(claimsIdentity); } catch (Exception ex) { return null; } }
private static bool ClaimFromValidIssuer(Claim claim, TokenValidationParameters tokenValidationParameters) { if (null == claim) { return false; } if (null == tokenValidationParameters) { return false; } if (null == tokenValidationParameters.ValidIssuers) { return false; } if (string.IsNullOrWhiteSpace(claim.Issuer) && string.IsNullOrWhiteSpace(claim.OriginalIssuer)) { return false; } bool result = tokenValidationParameters .ValidIssuers .Any( (string item) => string.Equals(item, claim.Issuer, StringComparison.OrdinalIgnoreCase) || string.Equals(item, claim.OriginalIssuer, StringComparison.OrdinalIgnoreCase)); return result; }
public override object ReadJson(JsonReader reader, Type objectType, object existingValue, JsonSerializer serializer) { var source = serializer.Deserialize<ClaimModel>(reader); var target = new Claim(source.Type, source.Value, source.ValueType); return target; }
public async Task ValidatePrincipal(CookieValidatePrincipalContext context) { // TODO: uncomment this after next release of aspnet core // and fix the broken // it needs to resolve options per tenant //await securityStampValidator.ValidateAsync(context); TenantContext<SiteSettings> siteContext = await siteResolver.ResolveAsync(contextAccessor.HttpContext); if (siteContext == null) { context.RejectPrincipal(); } if (siteContext.Tenant == null) { context.RejectPrincipal(); } Claim siteGuidClaim = new Claim("SiteGuid", siteContext.Tenant.SiteGuid.ToString()); if (!context.Principal.HasClaim(siteGuidClaim.Type, siteGuidClaim.Value)) { log.LogInformation("rejecting principal because it does not have siteguid"); context.RejectPrincipal(); } // return Task.FromResult(0); }
public async Task<ActionResult> Create(RegisterViewModel vm) { if (ModelState.IsValid) { var user = new ApplicationUser { UserName = vm.Email, Email = vm.Email }; var adminresult = await userManager.CreateAsync(user, vm.Password); //Add User to the selected Claims if (adminresult.Succeeded) { if (vm.selectedClaims != null) { foreach (var item in vm.selectedClaims) { var claim = new Claim(item, true.ToString()); var result = await userManager.AddClaimAsync(user.Id, claim); if (!result.Succeeded) { ModelState.AddModelError("", result.Errors.First()); return View(vm); } } } } else { ModelState.AddModelError("", adminresult.Errors.First()); return View(vm); } return RedirectToAction("Index"); } return View(vm); }
public BackendCredentialsClaim(Claim claim) : base(claim.Type, claim.Value) { Contract.Requires<ArgumentException>(claim.Type == TYPE, "Invalid Claim Type"); SplitValue(claim.Value, out User, out Password); }
public ApiControllerExtensionsTests() { HttpConfiguration config = new HttpConfiguration(); IWebHookUser user = new WebHookUser(); _managerMock = new Mock<IWebHookManager>(); _resolverMock = new Mock<IDependencyResolver>(); _resolverMock.Setup(r => r.GetService(typeof(IWebHookManager))) .Returns(_managerMock.Object) .Verifiable(); _resolverMock.Setup(r => r.GetService(typeof(IWebHookUser))) .Returns(user) .Verifiable(); config.DependencyResolver = _resolverMock.Object; ClaimsIdentity identity = new ClaimsIdentity(); Claim claim = new Claim(ClaimTypes.Name, "TestUser"); identity.AddClaim(claim); _principal = new ClaimsPrincipal(identity); _context = new HttpRequestContext() { Configuration = config, Principal = _principal }; _controller = new TestController() { RequestContext = _context }; }
public async Task<IActionResult> Index(LoginInputModel model) { if (ModelState.IsValid) { if (_loginService.ValidateCredentials(model.Username, model.Password)) { var user = _loginService.FindByUsername(model.Username); var name = user.Claims.Where(x => x.Type == Constants.ClaimTypes.Name).Select(x => x.Value).FirstOrDefault() ?? user.Username; var claims = new Claim[] { new Claim(Constants.ClaimTypes.Subject, user.Subject), new Claim(Constants.ClaimTypes.Name, name), new Claim(Constants.ClaimTypes.IdentityProvider, "idsvr"), new Claim(Constants.ClaimTypes.AuthenticationTime, DateTime.UtcNow.ToEpochTime().ToString()), }; var ci = new ClaimsIdentity(claims, "password", Constants.ClaimTypes.Name, Constants.ClaimTypes.Role); var cp = new ClaimsPrincipal(ci); await HttpContext.Authentication.SignInAsync(Constants.PrimaryAuthenticationType, cp); if (model.SignInId != null) { return new SignInResult(model.SignInId); } return Redirect("~/"); } ModelState.AddModelError("", "Invalid username or password."); } var vm = new LoginViewModel(model); return View(vm); }
public static ExternalLoginData FromIdentity(ClaimsIdentity identity) { if (identity == null) { return(null); } System.Security.Claims.Claim providerKeyClaim = identity.FindFirst(ClaimTypes.NameIdentifier); if (providerKeyClaim == null || String.IsNullOrEmpty(providerKeyClaim.Issuer) || String.IsNullOrEmpty(providerKeyClaim.Value)) { return(null); } if (providerKeyClaim.Issuer == ClaimsIdentity.DefaultIssuer) { return(null); } return(new ExternalLoginData { LoginProvider = providerKeyClaim.Issuer, ProviderKey = providerKeyClaim.Value, UserName = identity.FindFirstValue(ClaimTypes.Name) }); }
public ActionResult Login(string username, string password) { password = CalculateMD5Hash(password); var query = from c in dataContext.Logins where (c.Username == username.ToLower() && c.Password == password) select c; if (query.Count() != 0) { HttpContext.GetOwinContext().Authentication .SignOut(DefaultAuthenticationTypes.ExternalCookie); Claim loginClaim = new Claim(ClaimTypes.Name, username); Claim[] claims = new Claim[] { loginClaim }; ClaimsIdentity claimsIdentity = new ClaimsIdentity(claims, DefaultAuthenticationTypes.ApplicationCookie); HttpContext.GetOwinContext().Authentication.SignIn(new AuthenticationProperties() { IsPersistent = false }, claimsIdentity); return Redirect("/Home"); } else { ModelState.AddModelError("", "Invalid username or password."); return Redirect("/"); } }
private static object GetValue(Claim claim) { if (claim.ValueType == ClaimValueTypes.Integer || claim.ValueType == ClaimValueTypes.Integer32) { Int32 value; if (Int32.TryParse(claim.Value, out value)) { return value; } } if (claim.ValueType == ClaimValueTypes.Integer64) { Int64 value; if (Int64.TryParse(claim.Value, out value)) { return value; } } if (claim.ValueType == ClaimValueTypes.Boolean) { bool value; if (bool.TryParse(claim.Value, out value)) { return value; } } return claim.Value; }
public UserStoreTests(string collectionPrefix) { collectionPrefix = $"{typeof(UserStoreTests).Name}_{collectionPrefix}"; _databaseFixture = new DatabaseFixture(collectionPrefix); _userCollection = _databaseFixture.GetCollection<IdentityUser>(); _roleCollection = _databaseFixture.GetCollection<IdentityRole>(); _databaseContext = new IdentityDatabaseContext { UserCollection = _userCollection, RoleCollection = _roleCollection }; _errorDescriber = new IdentityErrorDescriber(); _userStore = new UserStore<IdentityUser, IdentityRole>(_databaseContext, null, _errorDescriber); _claim1 = new Claim("ClaimType1", "some value"); _claim2 = new Claim("ClaimType2", "some other value"); _claim3 = new Claim("other type", "some other value"); _claim1SameType = new Claim(_claim1.Type, _claim1.Value + " different"); _identityClaim1 = new IdentityClaim(_claim1); _identityClaim2 = new IdentityClaim(_claim2); _identityClaim3 = new IdentityClaim(_claim3); _identityClaim1SameType = new IdentityClaim(_claim1SameType); }
public override async Task <ClaimsIdentity> CreateUserIdentityAsync(User user) { _logger.Debug() .Message("Create user identity for '{0}'", user.Email) .Write(); var claimIdenity = await base.CreateUserIdentityAsync(user); var displayClaim = new System.Security.Claims.Claim(Claim.DisplayName, user.Name ?? user.UserName); claimIdenity.AddClaim(displayClaim); if (user.Organizations == null) { return(claimIdenity); } foreach (var claim in user.Organizations) { var orgClaim = new System.Security.Claims.Claim(Claim.Organization, claim); claimIdenity.AddClaim(orgClaim); } return(claimIdenity); }
/// <summary> /// Add Domain License Detail Claims /// </summary> private void AddDomainLicenseDetailClaims(long domainKey, ClaimsIdentity identity) { DomainLicenseDetail domainLicenseDetail = null; //domainLicenseDetailsRepository.GetDomainLicenseDetailByDomainKey(domainKey); if (domainLicenseDetail != null) { var claim = new Claim(CaresUserClaims.DomainLicenseDetail, ClaimHelper.Serialize( new DomainLicenseDetailClaim { UserDomainKey = domainLicenseDetail.UserDomainKey, Branches = domainLicenseDetail.Branches, FleetPools = domainLicenseDetail.FleetPools, Employee = domainLicenseDetail.Employee, RaPerMonth = domainLicenseDetail.RaPerMonth, Vehicles = domainLicenseDetail.Vehicles }), typeof (DomainLicenseDetailClaim).AssemblyQualifiedName); ClaimHelper.AddClaim(claim, identity); } else { throw new InvalidOperationException("No Domain License Detail data found!"); } }
public UserClaim(Claim claim) { if (claim == null) throw new ArgumentNullException("claim"); Type = claim.Type; Value = claim.Value; }
/// <summary> /// Returns a ClaimsPrincipal object with the NameIdentifier and Name claims, if the request can be /// successfully authenticated based on query string parameter bewit or HTTP Authorization header (hawk scheme). /// </summary> public async Task<ClaimsPrincipal> AuthenticateAsync() { string bewit; bool isBewit = Bewit.TryGetBewit(this.request, out bewit); var authentication = isBewit ? Bewit.AuthenticateAsync(bewit, now, request, credentialsFunc) : HawkSchemeHeader.AuthenticateAsync(now, request, credentialsFunc); this.result = await authentication; if (result.IsAuthentic) { // At this point, authentication is successful but make sure the request parts match what is in the // application specific data 'ext' parameter by invoking the callback passing in the request object and 'ext'. // The application specific data is considered verified, if the callback is not set or it returns true. bool isAppSpecificDataVerified = this.verificationCallback == null || this.verificationCallback(request, result.ApplicationSpecificData); if (isAppSpecificDataVerified) { // Set the flag so that Server-Authorization header is not sent for bewit requests. this.isBewitRequest = isBewit; var idClaim = new Claim(ClaimTypes.NameIdentifier, result.Credential.Id); var nameClaim = new Claim(ClaimTypes.Name, result.Credential.User); var identity = new ClaimsIdentity(new[] { idClaim, nameClaim }, HawkConstants.Scheme); return new ClaimsPrincipal(identity); } } return null; }
public Task ValidatePrincipal(CookieValidatePrincipalContext context) { // // TODO: uncomment this after next release of aspnet core // and fix the broken // it needs to resolve options per tenant //await securityStampValidator.ValidateAsync(context); var tenant = context.HttpContext.GetTenant<SiteContext>(); if (tenant == null) { context.RejectPrincipal(); } var siteGuidClaim = new Claim("SiteGuid", tenant.Id.ToString()); if (!context.Principal.HasClaim(siteGuidClaim.Type, siteGuidClaim.Value)) { logger.LogInformation("rejecting principal because it does not have siteguid"); context.RejectPrincipal(); } //TODO: should we lookup the user here and reject if locked out or deleted? return Task.FromResult(0); }
public JsonClaim(Claim claim) { if (claim == null) throw new ArgumentNullException("claim"); if (!claim.ValueType.StartsWith("Json:")) throw new ArgumentException("Claim has unsupported ValueType", "claim"); Claim = claim; }
public async Task ReplaceClaimAsync(UserModel user, System.Security.Claims.Claim claim, System.Security.Claims.Claim newClaim, CancellationToken cancellationToken) { if (claim.Type != newClaim.Type) { throw new Exception("Claim and New Claim don't match"); } await _repo.SetClaimValue(user.UserId.ToString(), claim.Type, newClaim.Value); }
public void GetValue_OneMatches_ReturnsValue() { IEnumerable<Claim> claims = new Claim[]{ new Claim("type1", "value1"), new Claim("type2", "value2"), }; Assert.AreEqual("value1", claims.GetValue("type1")); }
/// <summary> /// Inserts a new claim in UserClaims table /// </summary> /// <param name="userClaim">User's claim to be added</param> /// <param name="userId">User's id</param> /// <returns></returns> public int Insert(Claim userClaim, string userId) { using (var db = _database.Open()) { return (int)db.Insert<ClaimInternal>( new ClaimInternal { UserId = userId, ClaimType = userClaim.Type, ClaimValue = userClaim.Value }); } }
/// <summary> /// Add a claim to a user for the current host. /// </summary> /// <param name="user">The user.</param> /// <param name="claim">The claim.</param> /// <returns></returns> public override async Task AddClaimAsync(TUser user, System.Security.Claims.Claim claim) { Contract.Requires <ArgumentNullException>(user != null, "user"); Contract.Requires <ArgumentNullException>(claim != null, "claim"); ThrowIfDisposed(); await AddClaimAsync(this.HostId, user, claim); }
/// <summary> /// Converts the <see cref="System.Security.Claims.Claim" /> instance into the corresponding <see cref="Dolittle.Security.Claim" /> instance /// </summary> /// <returns>a <see cref="Dolittle.Security.Claim" /> instance</returns> public static Dolittle.Security.Claim FromDotnetClaim(System.Security.Claims.Claim claim) { if (claim == null) { return(null); } return(new Dolittle.Security.Claim(claim.Type, claim.Value, claim.ValueType)); }
/// <summary> /// Add a user claim for the current host. /// </summary> /// <param name="userId">The user identifier.</param> /// <param name="claim">The claim.</param> /// <returns></returns> public override async Task <IdentityResult> AddClaimAsync(TKey userId, System.Security.Claims.Claim claim) { //x Contract.Requires<ArgumentNullException>(!userId.Equals(default(TKey)), "userId"); //x Contract.Requires<ArgumentNullException>(claim != null, "claim"); ThrowIfDisposed(); return(await AddClaimAsync(this.HostId, userId, claim)); }
public Task AddClaimAsync(User user, System.Security.Claims.Claim claim) { var newClaim = new Entity.Claim() { UserId = user.Id, ClaimType = claim.Type, ClaimValue = claim.Value }; _claimRepository.Add(newClaim); return(Task.FromResult(0)); }
public Task RemoveClaimAsync(TUser user, System.Security.Claims.Claim claim) { ThrowIfDisposed(); if (user == null) { throw new ArgumentNullException("user"); } user.Claims.RemoveAll(x => x.ClaimType == claim.Type && x.ClaimValue == claim.Value); return(Task.FromResult(0)); }
public async Task<ActionResult> ExternalLoginCallback(string returnUrl) { var loginInfo = await AuthenticationManager.GetExternalLoginInfoAsync(); if (loginInfo == null) { return RedirectToAction("Login"); } var user = await UserManager.FindAsync(loginInfo.Login); // Logar caso haja um login externo e já esteja logado neste provedor de login var result = await SignInManager.ExternalSignInAsync(loginInfo, isPersistent: false); switch (result) { case SignInStatus.Success: var userext = UserManager.FindByEmailAsync(user.Email); await SignInAsync(userext.Result, false); return RedirectToLocal(returnUrl); case SignInStatus.LockedOut: return View("Lockout"); case SignInStatus.RequiresVerification: return RedirectToAction("SendCode", new { ReturnUrl = returnUrl }); case SignInStatus.Failure: default: // Se ele nao tem uma conta solicite que crie uma var externalIdentity = HttpContext.GetOwinContext().Authentication.GetExternalIdentityAsync(DefaultAuthenticationTypes.ExternalCookie); string firstName = null, lastName = null; System.Security.Claims.Claim baseFirstName = null, baseLastName = null; switch (loginInfo.Login.LoginProvider) { case "Facebook": baseFirstName = externalIdentity.Result.Claims.FirstOrDefault(c => c.Type == "urn:facebook:first_name"); baseLastName = externalIdentity.Result.Claims.FirstOrDefault(c => c.Type == "urn:facebook:last_name"); break; case "Google": baseFirstName = externalIdentity.Result.Claims.FirstOrDefault(c => c.Type == "http://schemas.xmlsoap.org/ws/2005/05/identity/claims/givenname"); baseLastName = externalIdentity.Result.Claims.FirstOrDefault(c => c.Type == "http://schemas.xmlsoap.org/ws/2005/05/identity/claims/surname"); break; } if (baseFirstName != null) firstName = baseFirstName.Value; if (baseLastName != null) lastName = baseLastName.Value; ViewBag.ReturnUrl = returnUrl; ViewBag.LoginProvider = loginInfo.Login.LoginProvider; return View("ExternalLoginConfirmation", new ExternalLoginConfirmationViewModel { Email = loginInfo.Email, LastName = lastName, Name = firstName }); } }
// Adds an Authentication Method claims to the given ClaimsIdentity if one is not already present. static void AddAuthenticationMethod(ClaimsIdentity claimsIdentity, string authenticationMethod) { System.Security.Claims.Claim authenticationMethodClaim = claimsIdentity.Claims.FirstOrDefault(claim => claim.Type == System.Security.Claims.ClaimTypes.AuthenticationMethod); if (authenticationMethodClaim == null) { // AuthenticationMethod claims does not exist. Add one. claimsIdentity.AddClaim( new System.Security.Claims.Claim( System.Security.Claims.ClaimTypes.AuthenticationMethod, authenticationMethod)); } }
public System.Threading.Tasks.Task AddClaimAsync(TUser user, System.Security.Claims.Claim claim) { UserClaim userClaim = new UserClaim() { UserId = user.Id, ClaimType = claim.Type, ClaimValue = claim.ValueType }; this.context.UserClaims.Add(userClaim); this.context.SaveChangesAsync(); return(Task.FromResult <TUser>(null)); }
private void SetClaimsIdentity(string userName) { var claims = new System.Security.Claims.Claim[] { new System.Security.Claims.Claim(System.Security.Claims.ClaimTypes.NameIdentifier, userName) }; ClaimsIdentity id = new System.Security.Claims.ClaimsIdentity(claims, "Forms"); ClaimsPrincipal cp = new System.Security.Claims.ClaimsPrincipal(id); SessionSecurityToken token = new SessionSecurityToken(cp); FederatedAuthentication.SessionAuthenticationModule.WriteSessionTokenToCookie(token); }
public Task RemoveClaimAsync(TUser user, System.Security.Claims.Claim claim) { if (user == null) { throw new ArgumentNullException("user"); } if (claim == null) { throw new ArgumentNullException("claim"); } userClaimLogic.DeleteByUserId(user.BusinessEntityId); return(Task.FromResult <object>(null)); }
public Task AddClaimAsync(TUser user, System.Security.Claims.Claim claim) { CheckDisposed(user); if (!user.Claims.Any(x => x.ClaimType == claim.Type && x.ClaimValue == claim.Value)) { user.Claims.Add(new IdentityUserClaim { ClaimType = claim.Type, ClaimValue = claim.Value }); } return(Task.FromResult(0)); }
public Task RemoveClaimAsync(TUser user, System.Security.Claims.Claim claim) { if (user == null) { throw new ArgumentNullException("user"); } if (claim == null) { throw new ArgumentNullException("claim"); } this.userClaimsRepository.Delete(user.Id, claim); return(Task.FromResult <object>(null)); }
public async System.Threading.Tasks.Task RemoveClaimAsync(TUser user, System.Security.Claims.Claim claim) { UserClaim userClaim = (from c in this.context.UserClaims where c.UserId == user.Id && c.ClaimType == claim.Type && c.ClaimValue == claim.ValueType select c).FirstOrDefault(); if (userClaim != null) { this.context.UserClaims.Remove(userClaim); await this.context.SaveChangesAsync(); } else { throw new Exception("Cannot find requested claim"); } }
public async Task RemoveClaimAsync(UserModel user, System.Security.Claims.Claim claim) { throw new NotImplementedException(); /*using (var db = HibernateSession.GetCurrentSession()) * { * using (var tx = db.BeginTransaction()) * { * user = db.Get<UserModel>(user.Id); * user.Claims.FirstOrDefault(x => x.Type == claim.Type && x.Value == claim.Value).NotNull(x => x.Deleted = true); * db.SaveOrUpdate(user); * tx.Commit(); * db.Flush(); * } * }*/ }
public async Task AddClaimAsync(UserModel user, System.Security.Claims.Claim claim) { throw new NotImplementedException(); /*using (var db = HibernateSession.GetCurrentSession()) * { * using (var tx = db.BeginTransaction()) * { * user = db.Get<UserModel>(user.Id); * user.Claims.Add(claim); * db.SaveOrUpdate(user); * tx.Commit(); * db.Flush(); * } * }*/ }
// Adds an Authentication Method claims to the given ClaimsIdentity if one is not already present. static void AddAuthenticationInstantClaim(ClaimsIdentity claimsIdentity, string authenticationInstant) { // the issuer for this claim should always be the default issuer. string issuerName = ClaimsIdentity.DefaultIssuer; System.Security.Claims.Claim authenticationInstantClaim = claimsIdentity.Claims.FirstOrDefault(claim => claim.Type == System.Security.Claims.ClaimTypes.AuthenticationInstant); if (authenticationInstantClaim == null) { // AuthenticationInstance claims does not exist. Add one. claimsIdentity.AddClaim( new System.Security.Claims.Claim( System.Security.Claims.ClaimTypes.AuthenticationInstant, authenticationInstant, ClaimValueTypes.DateTime, issuerName)); } }
/// <summary> /// Gets logged in account for <see cref="HttpContext.User"/>. /// </summary> /// <returns> /// An account if there is a logged in account. /// Null otherwise. /// </returns> public virtual async Task <TAccount> GetApplicationAccountAsync() { if (_httpContext.User == null) { return(default(TAccount)); } if (_httpContext.User.Identity?.AuthenticationType == _options.CookieOptions.ApplicationCookieOptions.AuthenticationScheme) { System.Security.Claims.Claim accountIdClaim = _httpContext.User.FindFirst(_options.ClaimsOptions.AccountIdClaimType); if (accountIdClaim != null) { return(await _accountRepository.GetAsync(Convert.ToInt32(accountIdClaim.Value), _cancellationToken)); } } return(default(TAccount)); }
public async Task <ClaimsPrincipal> TransformAsync(ClaimsPrincipal principal) { ClaimsIdentity identity = principal.Identity as ClaimsIdentity; System.Security.Claims.Claim claim = null; if (principal.HasClaim(x => x.Type == "username")) { claim = new System.Security.Claims.Claim("username", identity.Name); identity.AddClaim(claim); } if (principal.HasClaim(x => x.Type == "logintime")) { claim = new System.Security.Claims.Claim("logintime", DateTime.Now.ToString()); identity.AddClaim(claim); } return(principal); }
public bool IsAvailableForUser(System.Security.Claims.Claim identityClaim, IAuthenticationContext context) { /*string windir = Environment.GetFolderPath(Environment.SpecialFolder.Windows); * System.Configuration.ExeConfigurationFileMap fileMap = new System.Configuration.ExeConfigurationFileMap(); * fileMap.ExeConfigFilename = windir + "\\ADFS\\OktaMFA-ADFS.dll.config"; * System.Configuration.Configuration cfg = * System.Configuration.ConfigurationManager.OpenMappedExeConfiguration(fileMap, System.Configuration.ConfigurationUserLevel.None); * string oktaTenant = cfg.AppSettings.Settings["Tenant"].Value; * string authToken = cfg.AppSettings.Settings["apiKey"].Value; * string upn = identityClaim.Value; * string baseUrl = oktaTenant + "/api/v1/"; * HttpWebRequest upnRequest = (HttpWebRequest)WebRequest.Create(baseUrl + "users/" + upn); * upnRequest.Headers.Add("Authorization", authToken); * upnRequest.Method = "GET"; * upnRequest.ContentType = "application/json"; * var upnResponse = (HttpWebResponse)upnRequest.GetResponse(); * var idReader = new StreamReader(upnResponse.GetResponseStream()); * var id = idReader.ReadToEnd(); * * RootObject userProfile = JsonConvert.DeserializeObject<RootObject>(id); * * string userID = userProfile.id.ToString(); * HttpWebRequest factorRequest = (HttpWebRequest)WebRequest.Create(baseUrl + "users/" + userID + "/factors"); * factorRequest.Headers.Add("Authorization", authToken); * factorRequest.Method = "GET"; * factorRequest.ContentType = "application/json"; * factorRequest.Accept = "application/json"; * var factorResponse = (HttpWebResponse)factorRequest.GetResponse(); * var factorReader = new StreamReader(factorResponse.GetResponseStream()); * var factorList = factorReader.ReadToEnd(); * * RootObject[] factors = JsonConvert.DeserializeObject<RootObject[]>(factorList); * string factorID = ""; * foreach (RootObject factor in factors) * if (factor.factorType == "SMS") * { * return true; * } * * * return false;*/ return(true); }