/// <summary> /// Creates a <see cref="ClaimsIdentity"/> from a <see cref="JwtSecurityToken"/>. /// </summary> /// <param name="jwt">The <see cref="JwtSecurityToken"/> to use as a <see cref="Claim"/> source.</param> /// <param name="issuer">The value to set <see cref="Claim.Issuer"/></param> /// <param name="validationParameters"> contains parameters for validating the token.</param> /// <returns>A <see cref="ClaimsIdentity"/> containing the <see cref="JwtSecurityToken.Claims"/>.</returns> protected virtual ClaimsIdentity CreateClaimsIdentity(JwtSecurityToken jwt, string issuer, TokenValidationParameters validationParameters) { if (jwt == null) { throw new ArgumentNullException("jwt"); } if (string.IsNullOrWhiteSpace(issuer)) { throw new ArgumentException(ErrorMessages.IDX10221); } ClaimsIdentity identity = validationParameters.CreateClaimsIdentity(jwt, issuer); foreach (Claim jwtClaim in jwt.Claims) { if (InboundClaimFilter.Contains(jwtClaim.Type)) { continue; } string claimType; bool wasMapped = true; if (!JwtSecurityTokenHandler.InboundClaimTypeMap.TryGetValue(jwtClaim.Type, out claimType)) { claimType = jwtClaim.Type; wasMapped = false; } if (claimType == ClaimTypes.Actor) { if (identity.Actor != null) { throw new InvalidOperationException(string.Format(CultureInfo.InvariantCulture, ErrorMessages.IDX10710, JwtRegisteredClaimNames.Actort, jwtClaim.Value)); } if (this.CanReadToken(jwtClaim.Value)) { JwtSecurityToken actor = this.ReadToken(jwtClaim.Value) as JwtSecurityToken; identity.Actor = this.CreateClaimsIdentity(actor, issuer, validationParameters); } } Claim c = new Claim(claimType, jwtClaim.Value, jwtClaim.ValueType, issuer, issuer, identity); if (jwtClaim.Properties.Count > 0) { foreach(var kv in jwtClaim.Properties) { c.Properties[kv.Key] = kv.Value; } } if (wasMapped) { c.Properties[ShortClaimTypeProperty] = jwtClaim.Type; } identity.AddClaim(c); } return identity; }
/// <summary> /// Creates a <see cref="ClaimsIdentity"/> from the Saml2 securityToken. /// </summary> /// <param name="samlToken">The Saml2SecurityToken.</param> /// <param name="issuer">the issuer value for each <see cref="Claim"/> in the <see cref="ClaimsIdentity"/>.</param> /// <param name="validationParameters"> contains parameters for validating the securityToken.</param> /// <returns>An IClaimIdentity.</returns> protected virtual ClaimsIdentity CreateClaimsIdentity(Saml2SecurityToken samlToken, string issuer, TokenValidationParameters validationParameters) { if (samlToken == null) { throw new ArgumentNullException("samlToken"); } if (string.IsNullOrWhiteSpace(issuer)) { throw new ArgumentException(ErrorMessages.IDX10221); } Saml2Assertion assertion = samlToken.Assertion; if (assertion == null) { throw new ArgumentException(ErrorMessages.IDX10202); } ClaimsIdentity identity = validationParameters.CreateClaimsIdentity(samlToken, issuer); _smSaml2HandlerPrivateNeverSetAnyProperties.ProcessSamlSubjectPublic(samlToken.Assertion.Subject, identity, issuer); _smSaml2HandlerPrivateNeverSetAnyProperties.ProcessStatmentPublic(samlToken.Assertion.Statements, identity, issuer); return identity; }