public virtual async Task DecorateAsync(AuthenticateResult authenticateResult, string authenticationScheme, IClaimBuilderCollection claims, AuthenticationProperties properties)
        {
            try
            {
                if (authenticateResult == null)
                {
                    throw new ArgumentNullException(nameof(authenticateResult));
                }

                if (claims == null)
                {
                    throw new ArgumentNullException(nameof(claims));
                }

                if (!this.IsActiveLoginAuthenticationScheme(authenticationScheme))
                {
                    return;
                }

                var identityProviderClaim = claims.FindFirstIdentityProviderClaim();

                if (identityProviderClaim == null)
                {
                    identityProviderClaim = new ClaimBuilder
                    {
                        Type = ExtendedClaimTypes.IdentityProvider,
                    };

                    claims.Add(identityProviderClaim);
                }

                identityProviderClaim.Issuer = identityProviderClaim.OriginalIssuer = null;
                identityProviderClaim.Value  = this.IdentityProvider;

                var originalIdentityProviderClaim = authenticateResult.Principal.Claims.FindFirstIdentityProviderClaim();

                if (originalIdentityProviderClaim != null)
                {
                    claims.Add(new ClaimBuilder(originalIdentityProviderClaim)
                    {
                        Type = this.OriginalIdentityProviderClaimType
                    });
                }

                await Task.CompletedTask.ConfigureAwait(false);
            }
            catch (Exception exception)
            {
                const string message = "Could not decorate active-login-callback.";

                this.Logger.LogErrorIfEnabled(exception, message);

                throw new InvalidOperationException(message, exception);
            }
        }
        public override async Task DecorateAsync(AuthenticateResult authenticateResult, string authenticationScheme, IClaimBuilderCollection claims, AuthenticationProperties properties)
        {
            if (authenticateResult == null)
            {
                throw new ArgumentNullException(nameof(authenticateResult));
            }

            if (authenticateResult.Principal == null)
            {
                throw new ArgumentException("The principal-property of the authenticate-result can not be null.", nameof(authenticateResult));
            }

            if (claims == null)
            {
                throw new ArgumentNullException(nameof(claims));
            }

            foreach (var claim in authenticateResult.Principal.Claims)
            {
                if (!this.ClaimTypeExclusions.Contains(claim.Type))
                {
                    claims.Add(new ClaimBuilder(claim));
                }
            }

            await base.DecorateAsync(authenticateResult, authenticationScheme, claims, properties).ConfigureAwait(false);
        }
        protected internal virtual void AddAuthenticationSchemeAsIdentityProviderClaimIfNecessary(string authenticationScheme, IClaimBuilderCollection claims)
        {
            if (authenticationScheme == null)
            {
                throw new ArgumentNullException(nameof(authenticationScheme));
            }

            if (claims == null)
            {
                throw new ArgumentNullException(nameof(claims));
            }

            if (!this.IncludeAuthenticationSchemeAsIdentityProviderClaim)
            {
                return;
            }

            var identityProviderClaim = claims.FindFirstIdentityProviderClaim();

            if (identityProviderClaim != null)
            {
                return;
            }

            claims.Add(ExtendedClaimTypes.IdentityProvider, authenticationScheme);
        }
		public override async Task DecorateAsync(AuthenticateResult authenticateResult, string authenticationScheme, IClaimBuilderCollection claims, AuthenticationProperties properties)
		{
			if(authenticateResult == null)
				throw new ArgumentNullException(nameof(authenticateResult));

			if(authenticateResult.Principal == null)
				throw new ArgumentException("The principal-property of the authenticate-result can not be null.", nameof(authenticateResult));

			if(claims == null)
				throw new ArgumentNullException(nameof(claims));

			foreach(var mapping in this.ClaimInclusionsMap.Values)
			{
				if(!this.TryGetSpecialSourceClaim(authenticateResult.Principal, mapping.Source, out var claim))
				{
					var sourceClaim = this.GetSourceClaim(authenticateResult.Principal, mapping.Source);

					if(sourceClaim != null)
						claim = new ClaimBuilder(sourceClaim);
				}

				if(claim == null)
					continue;

				if(mapping.Destination != null)
					claim.Type = mapping.Destination;

				claims.Add(claim);
			}

			await base.DecorateAsync(authenticateResult, authenticationScheme, claims, properties).ConfigureAwait(false);
		}
        protected internal virtual void BuildClaims(X509Certificate2 certificate, IClaimBuilderCollection claimsBuilder)
        {
            if (certificate == null)
            {
                throw new ArgumentNullException(nameof(certificate));
            }

            if (claimsBuilder == null)
            {
                throw new ArgumentNullException(nameof(claimsBuilder));
            }

            claimsBuilder.Add(ClaimTypes.Dns, certificate.GetNameInfo(X509NameType.DnsName, false));
            claimsBuilder.Add(ClaimTypes.Email, certificate.GetNameInfo(X509NameType.EmailName, false));
            claimsBuilder.Add("issuer", certificate.Issuer);
            claimsBuilder.Add(ClaimTypes.Name, certificate.GetNameInfo(X509NameType.SimpleName, false));
            claimsBuilder.Add(ClaimTypes.NameIdentifier, certificate.Thumbprint, ClaimValueTypes.Base64Binary);
            claimsBuilder.Add(ClaimTypes.SerialNumber, certificate.SerialNumber);
            claimsBuilder.Add(ClaimTypes.Thumbprint, certificate.Thumbprint, ClaimValueTypes.Base64Binary);
            claimsBuilder.Add(ClaimTypes.Upn, certificate.GetNameInfo(X509NameType.UpnName, false));
            claimsBuilder.Add(ClaimTypes.Uri, certificate.GetNameInfo(X509NameType.UrlName, false));
            claimsBuilder.Add(ClaimTypes.X500DistinguishedName, certificate.SubjectName.Name);
        }
        public static void Add(this IClaimBuilderCollection claimBuilderCollection, string issuer, string originalIssuer, string type, string value, string valueType)
        {
            if (claimBuilderCollection == null)
            {
                throw new ArgumentNullException(nameof(claimBuilderCollection));
            }

            var claimBuilder = claimBuilderCollection.CreateItem();

            claimBuilder.Issuer         = issuer;
            claimBuilder.OriginalIssuer = originalIssuer;
            claimBuilder.Type           = type;
            claimBuilder.Value          = value;
            claimBuilder.ValueType      = valueType;

            claimBuilderCollection.Add(claimBuilder);
        }
        public override async Task DecorateAsync(AuthenticateResult authenticateResult, string authenticationScheme, IClaimBuilderCollection claims, AuthenticationProperties properties)
        {
            try
            {
                if (authenticateResult == null)
                {
                    throw new ArgumentNullException(nameof(authenticateResult));
                }

                if (authenticateResult.Principal == null)
                {
                    throw new ArgumentException("The principal-property of the authenticate-result can not be null.", nameof(authenticateResult));
                }

                if (!(authenticateResult.Principal is WindowsPrincipal))
                {
                    throw new ArgumentException("The principal is not a windows-principal.", nameof(authenticateResult));
                }

                await base.DecorateAsync(authenticateResult, authenticationScheme, claims, properties).ConfigureAwait(false);

                if (this.AuthenticationOptions.Value.Windows.IncludeRoleClaims)
                {
                    if (!(authenticateResult.Principal.Identity is WindowsIdentity windowsIdentity))
                    {
                        this.Logger.LogWarningIfEnabled("The principal-identity is not a windows-identity. Roles will not be added as claims.");
                        return;
                    }

                    // ReSharper disable All
                    foreach (var role in windowsIdentity.Groups.Translate(typeof(NTAccount)).Cast <NTAccount>().Select(ntAccount => ntAccount.Value).OrderBy(value => value))
                    {
                        claims.Add(authenticationScheme, ClaimTypes.Role, role, ClaimValueTypes.String);
                    }
                    // ReSharper restore All
                }
            }
            catch (Exception exception)
            {
                const string message = "Could not decorate windows-authentication.";

                this.Logger.LogErrorIfEnabled(exception, message);

                throw new InvalidOperationException(message, exception);
            }
        }
 public static void Add(this IClaimBuilderCollection claimBuilderCollection, string type, string value)
 {
     claimBuilderCollection.Add(type, value, null);
 }
 public static void Add(this IClaimBuilderCollection claimBuilderCollection, string issuer, string type, string value, string valueType)
 {
     claimBuilderCollection.Add(issuer, null, type, value, valueType);
 }