public async Task<GetUserInfoResponse> GetUserInfo(ClaimsIdentity claimsIdentity)
{
bool isAzureActiveDirectoryUser = false;
var hasIssClaim = claimsIdentity.FindFirst("iss");
if (hasIssClaim != null)
{
if (hasIssClaim.Value.Contains("sts.windows.net"))
{
isAzureActiveDirectoryUser = true;
}
}
var userName = claimsIdentity.GetUserName();
var userInfo = await _databaseRepository.GetUserInfo(userName);
// if the user is unknown, we store it in our own database.
if (userInfo == null && isAzureActiveDirectoryUser)
{
var firstName = claimsIdentity.Claims.Where(x => x.Type == System.IdentityModel.Claims.ClaimTypes.GivenName).Select(x => x.Value).FirstOrDefault();
var lastName = claimsIdentity.Claims.Where(x => x.Type == System.IdentityModel.Claims.ClaimTypes.Surname).Select(x => x.Value).FirstOrDefault();
var user = await _userService.Create(userName, userName, firstName, lastName);
await _databaseRepository.AddToUserList(user.Id, user.UserName, user.FirstName, user.LastName);
userInfo = await _databaseRepository.GetUserInfo(userName);
}
var roleClaims = new List<Claim>();
foreach (var userRole in userInfo.Roles)
{
roleClaims.Add(new Claim(ClaimTypes.Role, userRole));
}
var localClaimsIdentity = new ClaimsIdentity(
new List<Claim>
{
new Claim(ClaimTypes.Name, userInfo.UserName),
new Claim(ClaimTypes.GivenName, userInfo.Profile.FirstName),
new Claim(ClaimTypes.Surname, userInfo.Profile.LastName),
new Claim(ClaimTypes.NameIdentifier, userInfo.Id.ToString())
});
localClaimsIdentity.AddClaims(roleClaims);
var token = localClaimsIdentity.GenerateToken(_configurationService.LocalAuthentication.AudienceId, _configurationService.LocalAuthentication.AudienceSecret, _configurationService.LocalAuthentication.Issuer, DateTime.UtcNow.AddHours(-1), DateTime.UtcNow.AddDays(10));
userInfo.UserToken = token;
return userInfo;
}
public void Parse(ClaimsIdentity identity, ref ExternalLoginData loginData)
{
loginData.UserName = identity.GetUserName();
loginData.Profile = string.Format("https://twitter.com/{0}", loginData.UserName);
}
// For more information on configuring authentication, please visit http://go.microsoft.com/fwlink/?LinkId=301864
public void ConfigureAuth(IAppBuilder app)
{
// Configure the db context, user manager and signin manager to use a single instance per request
SSOFactory.CreateOwinContext(app);
JwtSecurityTokenHandler.InboundClaimTypeMap = new Dictionary<string, string>();
//Require => error sso
app.UseCookieAuthentication(new CookieAuthenticationOptions
{
AuthenticationType = "Cookies"
});
app.UseOpenIdConnectAuthentication(new OpenIdConnectAuthenticationOptions
{
ClientId = UGConstants.SSOClient.ClientId,
ClientSecret = UGConstants.SSOClient.ClientSecret,
Authority = UGConstants.SSO.AuthorityBaseUri + UGConstants.SSO.PathHostIdentityServer,
RedirectUri = UGConstants.SSOClient.RedirectUri,
ResponseType = "id_token token",
Scope = "openid profile",
PostLogoutRedirectUri = UGConstants.SSOClient.PostLogoutRedirectUri,
SignInAsAuthenticationType = "Cookies",
UseTokenLifetime = false,
Notifications = new OpenIdConnectAuthenticationNotifications
{
SecurityTokenValidated = async n =>
{
var nid = new ClaimsIdentity(n.AuthenticationTicket.Identity.Claims,
n.AuthenticationTicket.Identity.AuthenticationType,
UGConstants.ClaimTypes.GivenName,
UGConstants.ClaimTypes.Role);
// get userinfo data
var userInfoClient = new UserInfoClient(
new Uri(n.Options.Authority + "/connect/userinfo"),
n.ProtocolMessage.AccessToken);
var userInfo = await userInfoClient.GetAsync();
if (userInfo.Claims != null)
{
//userInfo.Claims.ToList().ForEach(ui => nid.AddClaim(new Claim(ui.Item1, ui.Item2)));
foreach (var ui in userInfo.Claims)
{
if (nid.Claims.Where(x => x.Type == ui.Item1 && x.Value == ui.Item2).Count() < 1)
nid.AddClaim(new Claim(ui.Item1, ui.Item2));
}
}
string userName = nid.GetUserName();
if (string.IsNullOrWhiteSpace(userName))
throw new ArgumentNullException("UserName is not null or empty");
// keep the id_token for logout
nid.AddClaim(new Claim("id_token", n.ProtocolMessage.IdToken));
// add access token for sample API
nid.AddClaim(new Claim("access_token", n.ProtocolMessage.AccessToken));
// keep track of access token expiration
nid.AddClaim(new Claim("expires_at", DateTimeOffset.Now.AddSeconds(int.Parse(n.ProtocolMessage.ExpiresIn)).ToString()));
n.AuthenticationTicket = new Microsoft.Owin.Security.AuthenticationTicket(
nid,
n.AuthenticationTicket.Properties);
},
RedirectToIdentityProvider = n =>
{
if (n.ProtocolMessage.RequestType == OpenIdConnectRequestType.LogoutRequest)
{
var idTokenHint = n.OwinContext.Authentication.User.FindFirst("id_token");
if (idTokenHint != null)
{
n.ProtocolMessage.IdTokenHint = idTokenHint.Value;
var signOutMessageId = n.OwinContext.Environment.GetSignOutMessageId();
if (signOutMessageId != null)
{
n.OwinContext.Response.Cookies.Append("state", signOutMessageId);
}
}
}
return Task.FromResult(0);
}
}
});
}
public async Task<IEnumerable<LastOrder>> GetLast5Orders(ClaimsIdentity claimsIdentity)
{
var userInfo = await _databaseRepository.GetUserInfo(claimsIdentity.GetUserName());
return userInfo.Last5Orders;
}
