public static bool TryGetProviderSubjectClaims(this ClaimsPrincipal principal, out IdentityProviderClaim provider, out SubjectClaim subject)
{
var providerFound = false;
var subjectFound = false;
provider = new IdentityProviderClaim();
subject = new SubjectClaim();
foreach (var claim in principal.Claims)
{
if (claim.IsIdentityProviderClaim(out var providerClaim))
{
providerFound = true;
provider = providerClaim;
}
if (claim.IsSubjectClaim(out var subjectClaim))
{
subjectFound = true;
subject = subjectClaim;
}
if (providerFound && subjectFound)
{
break;
}
}
return(providerFound && subjectFound);
}
public static bool IsIdentityProviderClaim(this Claim claim, out IdentityProviderClaim identityProviderClaim)
{
identityProviderClaim = new IdentityProviderClaim();
if (claim.Type.Equals(IdentityProviderClaimType, StringComparison.InvariantCultureIgnoreCase) && IdentityProviderClaim.TryFromString(claim.Value, out var claimValue))
{
identityProviderClaim = new IdentityProviderClaim {
Value = claim.Value
};
return(true);
}
return(false);
}
public IEnumerable <TenantId> GetTenantsFor(IdentityProviderClaim provider, SubjectClaim subject)
{
var portal = _manager.Current.Portal;
var builder = Builders <ProviderSubjectTenantsForMapping> .Filter;
var filter = builder.Eq(_ => _.Portal, portal) & builder.Eq(_ => _.Provider, provider) & builder.Eq(_ => _.Subject, subject);
var tenantMappings = _mappings.Find(filter).ToEnumerable();
switch (tenantMappings.Count())
{
case 0:
_logger.Information($"No mapping for portal:'{portal}', provider:'{provider}', subject:'{subject}'.");
return(Enumerable.Empty <TenantId>());
case 1:
return(tenantMappings.First().Tenants);
default:
_logger.Warning($"Found multiple mappings for portal:'{portal}', provider:'{provider}', subject:'{subject}'. All tenants will be returned, but this indicates something wrong in the database, and should be fixed.");
return(tenantMappings.SelectMany(_ => _.Tenants));
}
}
public bool TryGetUserFor(IdentityProviderClaim provider, SubjectClaim subject, out User user)
{
user = null;
var builder = Builders <ProviderSubjectPair> .Filter;
var elementFilter = builder.Eq(_ => _.Provider, provider) & builder.Eq(_ => _.Subject, subject);
var filter = Builders <User> .Filter.ElemMatch(_ => _.Mappings, elementFilter);
var userMappings = _users.Find(filter).ToEnumerable();
switch (userMappings.Count())
{
case 0:
_logger.Information($"No user mapping found for provider:'{provider}' subject:'{subject}' was found.");
return(false);
case 1:
user = userMappings.First();
return(true);
default:
_logger.Error($"Multiple possible user mappings for provider:'{provider}' subject:'{subject}' was found. Cannot pick one - authentication will fail.");
return(false);
}
}
