public static ClaimsIdentity Create(WindowsPrincipal principal, WindowsAuthenticationOptions options)
{
var claims = new List<Claim>();
string sub = null;
if (options.SubjectType == SubjectType.WindowsAccountName)
{
Logger.Debug("Using WindowsAccountName as subject");
sub = principal.Identity.Name;
}
else if (options.SubjectType == SubjectType.Sid)
{
Logger.Debug("Using primary SID as subject");
sub = principal.FindFirst(ClaimTypes.PrimarySid).Value;
}
claims.Add(new Claim("sub", sub));
if (options.EmitWindowsAccountNameAsName)
{
Logger.Debug("Emitting WindowsAccountName as name claim");
claims.Add(new Claim("name", principal.Identity.Name));
}
if (options.EmitGroups)
{
Logger.Debug("Using Windows groups as role claims");
claims.AddRange(CreateGroupClaims(principal));
}
claims.Add(new Claim(ClaimTypes.AuthenticationMethod, AuthenticationMethods.Windows));
claims.Add(AuthenticationInstantClaim.Now);
return new ClaimsIdentity(claims, "Windows");
}
/// <summary>
/// Setups the default claims.
/// </summary>
/// <param name="WindowsPrincipal">The windows principal.</param>
/// <param name="TempUser">The temporary user.</param>
private static void SetupDefaultClaims(WindowsPrincipal WindowsPrincipal, User TempUser)
{
Contract.Requires<ArgumentNullException>(WindowsPrincipal != null, "WindowsPrincipal");
Contract.Requires<ArgumentNullException>(TempUser != null, "TempUser");
TempUser.Claims.Add(new UserClaim()
{
Value = WindowsPrincipal.FindFirst(ClaimTypes.Name).Value,
Type = ClaimTypes.NameIdentifier
});
TempUser.Claims.Add(new UserClaim()
{
Value = TempUser.UserName,
Type = ClaimTypes.Name
});
TempUser.Claims.Add(UserClaim.Load(ClaimTypes.AuthenticationMethod, "Windows")
.Check(new UserClaim() { Value = "Windows", Type = ClaimTypes.AuthenticationMethod }));
}
/// <summary>
/// Gets the user.
/// </summary>
/// <param name="WindowsPrincipal">The windows principal.</param>
/// <returns>The user</returns>
private static User GetUser(WindowsPrincipal WindowsPrincipal)
{
Contract.Requires<ArgumentNullException>(WindowsPrincipal != null, "WindowsPrincipal");
Claim NameClaim = WindowsPrincipal.FindFirst(ClaimTypes.Name);
string Name = NameClaim.Value;
string[] Parts = Name.Split(new[] { '\\' }, 2);
string ShortName = Parts[Parts.Length - 1];
using (UserStore UserStore = new UserStore())
{
using (UserManager<User, long> UserManager = new UserManager<User, long>(UserStore))
{
User User = UserManager.FindByNameAsync(ShortName).Result;
if (User == null)
{
UserManager.CreateAsync(new User() { UserName = ShortName }, Guid.NewGuid().ToString()).Wait();
User = UserManager.FindByNameAsync(ShortName).Result;
}
return User;
}
}
}
