protected override async Task <AuthenticateResult> HandleAuthenticateAsync() { string siteMinderUserGuidHeader = Request.Headers["SMGOV_USERGUID"]; string siteMinderUserTypeHeader = Request.Headers["SMGOV_USERTYPE"]; if (siteMinderUserGuidHeader == null || siteMinderUserTypeHeader == null) { return(AuthenticateResult.NoResult()); } if (siteMinderUserTypeHeader != ValidSiteMinderUserType) { return(AuthenticateResult.Fail("Invalid SiteMinder UserType Header.")); } var authenticatedBySiteMinderPreviously = Context.User.Identity.AuthenticationType == SiteMinder; var participantId = Context.User.ParticipantId(); var agencyCode = Context.User.AgencyCode(); var isSupremeUser = Context.User.IsSupremeUser(); if (!authenticatedBySiteMinderPreviously) { var request = new UserInfoRequest { DeviceName = Environment.MachineName, DomainUserGuid = siteMinderUserGuidHeader, DomainUserId = Request.Headers["SM_USER"], IpAddress = Request.Headers["X-Real-IP"], TemporaryAccessGuid = "" }; var jcUserInfo = await JCUserService.GetUserInfo(request); if (jcUserInfo == null) { return(AuthenticateResult.Fail("Couldn't authenticate through JC-Interface.")); } participantId = jcUserInfo.UserPartId; agencyCode = jcUserInfo.UserDefaultAgencyCd; isSupremeUser = true; } var claims = new[] { new Claim(CustomClaimTypes.JcParticipantId, participantId), new Claim(CustomClaimTypes.JcAgencyCode, agencyCode), new Claim(CustomClaimTypes.IsSupremeUser, isSupremeUser.ToString()) }; var identity = new ClaimsIdentity(claims, Scheme.Name); var principal = new ClaimsPrincipal(identity); if (!authenticatedBySiteMinderPreviously) { await Context.SignInAsync(CookieAuthenticationDefaults.AuthenticationScheme, principal); } var ticket = new AuthenticationTicket(principal, Scheme.Name); return(AuthenticateResult.Success(ticket)); }
public SiteMinderAuthenticationHandler(IOptionsMonitor <AuthenticationSchemeOptions> options, ILoggerFactory logger, UrlEncoder encoder, ISystemClock clock, IConfiguration configuration, JCUserService jcUserService) : base(options, logger, encoder, clock) { JCUserService = jcUserService; ValidSiteMinderUserType = configuration.GetNonEmptyValue("Auth:AllowSiteMinderUserType"); }