public async Task ValidateAsync(CookieValidatePrincipalContext context) { if (context.Principal.Claims.Any(x => x.Type == PermissionConstants.PackedPermissionClaimType)) { return; } //No permissions in the claims, so we need to add it. This is only happen once after the user has logged in var extraContext = context.HttpContext.RequestServices.GetRequiredService <ExtraAuthorizeDbContext>(); var rtoPCalcer = new CalcAllowedPermissions(extraContext); var dataKeyCalc = new CalcDataKey(extraContext); var claims = new List <Claim>(); claims.AddRange(context.Principal.Claims); //Copy over existing claims var userId = context.Principal.Claims.GetUserIdFromClaims(); //Now calculate the Permissions Claim value and add it claims.Add(new Claim(PermissionConstants.PackedPermissionClaimType, await rtoPCalcer.CalcPermissionsForUserAsync(userId))); //and the same for the DataKey claims.Add(new Claim(DataAuthConstants.HierarchicalKeyClaimName, dataKeyCalc.CalcDataKeyForUser(userId))); //Build a new ClaimsPrincipal and use it to replace the current ClaimsPrincipal var identity = new ClaimsIdentity(claims, "Cookie"); var newPrincipal = new ClaimsPrincipal(identity); context.ReplacePrincipal(newPrincipal); //THIS IS IMPORTANT: This updates the cookie, otherwise this calc will be done every HTTP request context.ShouldRenew = true; }
private List <Claim> BuildDataClaims(string userId, CalcDataKey dataKeyCalc) { var claims = new List <Claim> { new Claim(DataAuthConstants.HierarchicalKeyClaimName, dataKeyCalc.CalcDataKeyForUser(userId)) }; return(claims); }
protected override async Task <ClaimsIdentity> GenerateClaimsAsync(IdentityUser user) { var identity = await base.GenerateClaimsAsync(user); var userId = identity.Claims.GetUserIdFromClaims(); var rtoPCalcer = new CalcAllowedPermissions(_extraAuthDbContext); identity.AddClaim(new Claim(PermissionConstants.PackedPermissionClaimType, await rtoPCalcer.CalcPermissionsForUserAsync(userId))); var dataKeyCalcer = new CalcDataKey(_extraAuthDbContext); identity.AddClaim(new Claim(DataAuthConstants.HierarchicalKeyClaimName, dataKeyCalcer.CalcDataKeyForUser(userId))); return(identity); }