/// <summary>
/// Logins the specified user.
/// </summary>
/// <param name="user">The user.</param>
public void Login(IPrincipal user)
{
var identity = user.Identity;
#if DEBUG
WriteClaimsInfo(user.Identity as ClaimsIdentity);
#endif
if (!identity.IsAuthenticated)
{
return;
}
var userName = string.Format("{0}\\{1}", Context.Domain.Name, identity.Name);
try
{
var virtualUser = AuthenticationManager.BuildVirtualUser(userName, true);
var roles = Context.Domain.GetRoles();
if (roles != null)
{
var groups = GetGroups(user.Identity as ClaimsIdentity);
foreach (var role in from role in roles
let roleName = GetRoleName(role.Name)
where groups.Contains(roleName.ToLower()) && !virtualUser.Roles.Contains(role)
select role)
{
virtualUser.Roles.Add(role);
}
foreach (
var role2 in
virtualUser.Roles.SelectMany(
role1 =>
RolesInRolesManager.GetRolesForRole(role1, true)
.Where(role2 => !virtualUser.Roles.Contains(role2))))
{
virtualUser.Roles.Add(role2);
}
// Setting the user to be an admin.
virtualUser.RuntimeSettings.IsAdministrator =
groups.Contains(Settings.GetSetting("ADFS.Authenticator.AdminUserRole", "Admins"));
}
AuthenticationManager.Login(virtualUser);
}
catch (ArgumentException ex)
{
Log.Error("ADFS::Login Failed!", ex, this);
}
}
protected override void ProcessRecord()
{
if (!this.CanFindAccount(Identity, AccountType.Role))
{
return;
}
var name = ParameterSetName == "Id" ? Identity.Name : Instance.Name;
if (!ShouldProcess(name, "Remove role"))
{
return;
}
var role = Role.FromName(name);
if (!role.IsEveryone)
{
var usersInRoles = Roles.GetUsersInRole(name);
if (usersInRoles.Any())
{
Roles.RemoveUsersFromRole(usersInRoles, name);
}
if (RolesInRolesManager.RolesInRolesSupported)
{
var rolesInRole = RolesInRolesManager.GetRolesForRole(role, false);
if (rolesInRole.Any())
{
RolesInRolesManager.RemoveRolesFromRole(rolesInRole, role);
}
}
Roles.DeleteRole(name, true);
}
else
{
WriteError(typeof(SecurityException), $"Cannot remove role '{name}'.",
ErrorIds.InsufficientSecurityRights, ErrorCategory.PermissionDenied, name);
}
}
/// <summary>
/// Logins the specified user.
/// </summary>
/// <param name="user">The user.</param>
public void Login(IPrincipal principal)
{
var identity = principal.Identity;
var allowLoginToShell = false;
#if DEBUG
WriteClaimsInfo(principal.Identity as ClaimsIdentity);
#endif
if (!identity.IsAuthenticated)
{
return;
}
var userName = string.Format("{0}\\{1}", Context.Domain.Name, identity.Name);
try
{
var virtualUser = AuthenticationManager.BuildVirtualUser(userName, true);
var roles = Context.Domain.GetRoles();
if (roles != null)
{
var groups = GetGroups(principal.Identity as ClaimsIdentity);
foreach (var role in from role in roles
let roleName = GetRoleName(role.Name)
where groups.Contains(roleName.ToLower()) && !virtualUser.Roles.Contains(role)
select role)
{
virtualUser.Roles.Add(role);
}
foreach (
var role2 in
virtualUser.Roles.SelectMany(
role1 =>
RolesInRolesManager.GetRolesForRole(role1, true)
.Where(role2 => !virtualUser.Roles.Contains(role2))))
{
virtualUser.Roles.Add(role2);
}
// Setting the user to be an admin.
//TODO = case sensitive
virtualUser.RuntimeSettings.IsAdministrator =
groups.Contains(Settings.GetSetting("ADFS.Authenticator.AdminUserRole", "Sitecore Local Administrators"), StringComparer.OrdinalIgnoreCase);
if (virtualUser.RuntimeSettings.IsAdministrator)
{
allowLoginToShell = true;
}
}
virtualUser.Profile.Email = "*****@*****.**";
AuthenticationManager.Login(virtualUser);
var tracker = Tracker.Current;
if (tracker != null)
{
tracker.Session.Identify(virtualUser.Identity.Name);
}
}
catch (ArgumentException ex)
{
Log.Error("ADFS::Login Failed!", ex, this);
}
}
