protected void Session_Start(object sender, EventArgs e)
{
// Note that the application does not go to the database
// to authenticate the user.
// The authentication is done by the issuer.
// WSFederationAuthenticationModule automatically reads the
// user token sent by the IP and sets the user information
// in the thread current principal.
if (this.Context.User.Identity.IsAuthenticated)
{
// At this point we can access the authenticated user information
// by accessing the property Thread.CurrentPrincipal.
string issuer = ClaimHelper.GetCurrentUserClaim(ClaimTypes.Name).OriginalIssuer;
// Note, the GetClaim extension method is defined in the Samples.Web.Utillities project
string givenName = ClaimHelper.GetCurrentUserClaim(WSIdentityConstants.ClaimTypes.GivenName).Value;
string surname = ClaimHelper.GetCurrentUserClaim(WSIdentityConstants.ClaimTypes.Surname).Value;
string costCenter = ClaimHelper.GetCurrentUserClaim(Adatum.ClaimTypes.CostCenter).Value;
var repository = new UserRepository();
string federatedUsername = GetFederatedUserName(issuer, this.User.Identity.Name);
var user = repository.GetUser(federatedUsername);
user.CostCenter = costCenter;
user.FullName = givenName + " " + surname;
// The user is stored in the session because the application
// authentication strategy requires it.
this.Context.Session["LoggedUser"] = user;
}
}
protected override void OnActionExecuted(ActionExecutedContext filterContext)
{
if (filterContext.RequestContext.HttpContext.Request.IsAjaxRequest())
{
return;
}
if (filterContext.Controller.ViewData.Model == null)
{
filterContext.Controller.ViewData.Model = new MasterPageViewModel();
}
var model = (MasterPageViewModel)filterContext.Controller.ViewData.Model;
var organizationName = ClaimHelper.GetCurrentUserClaim(Fabrikam.ClaimTypes.Organization).Value;
var organizationRepository = new OrganizationRepository();
var tenantLogoPath = organizationRepository.GetOrganization(organizationName).LogoPath;
model.TenantLogoPath = tenantLogoPath;
model.ClaimsIssuer =
ClaimHelper.GetCurrentUserClaim(ClaimTypes.Name).
Issuer;
model.ClaimsOriginalIssuer =
ClaimHelper.GetCurrentUserClaim(Fabrikam.ClaimTypes.IdentityProvider).Value;
base.OnActionExecuted(filterContext);
}
public ActionResult AddClaimMapping()
{
// TODO: sanitize input and add AntiForgeryToken
var incomingClaimType = this.Request.Form["IncomingClaimType"];
var incomingValue = this.Request.Form["IncomingValue"];
var roleName = this.Request.Form["NewRole"];
var organization = ClaimHelper.GetCurrentUserClaim(Fabrikam.ClaimTypes.Organization).Value;
var claimMappingsRepository = new ClaimMappingRepository();
var role = claimMappingsRepository.GetRoleByName(roleName);
if (this.ValidateClaimMapping(incomingClaimType, incomingValue, role, organization, claimMappingsRepository))
{
claimMappingsRepository.SaveClaimMapping(
new ClaimMapping
{
IncomingClaimType = incomingClaimType,
IncomingValue = incomingValue,
OutputRole = role,
Organization = organization
});
}
return(this.ClaimMappings());
}
private void AuthorizeUser(AuthorizationContext context)
{
var organizationRequested = (string)context.RouteData.Values["organization"];
var userOrganiation = ClaimHelper.GetCurrentUserClaim(Fabrikam.ClaimTypes.Organization).Value;
if (!organizationRequested.Equals(userOrganiation, StringComparison.OrdinalIgnoreCase))
{
context.Result = new HttpUnauthorizedResult();
return;
}
var authorizedRoles = this.Roles.Split(new[] { "," }, StringSplitOptions.RemoveEmptyEntries);
bool hasValidRole = false;
foreach (var role in authorizedRoles)
{
if (context.HttpContext.User.IsInRole(role.Trim()))
{
hasValidRole = true;
break;
}
}
if (!hasValidRole)
{
context.Result = new HttpUnauthorizedResult();
return;
}
}
public ActionResult Index()
{
var repository = new ShipmentRepository();
// users in Shipment Manager role can see all the shipments,
// while others can see only its own shipments
IEnumerable <Shipment> shipments;
var organization = ClaimHelper.GetCurrentUserClaim(Fabrikam.ClaimTypes.Organization).Value;
if (this.User.IsInRole(Fabrikam.Roles.ShipmentManager))
{
shipments = repository.GetShipmentsByOrganization(organization);
}
else
{
var userName = this.User.Identity.Name;
shipments = repository.GetShipmentsByOrganizationAndUserName(organization, userName);
}
var model = new ShipmentListViewModel
{
Shipments = shipments
};
return(View(model));
}
protected override void OnLoad(EventArgs e)
{
var company = ClaimHelper.GetCurrentUserClaim(Adatum.ClaimTypes.Organization).Value;
var orderRepository = new OrderRepository();
this.OrdersGridView.DataSource = orderRepository.GetOrdersByCompanyName(company);
this.OrdersGridView.DataBind();
}
public Order[] GetOrdersFromMyOrganization()
{
string organization = ClaimHelper.GetCurrentUserClaim(Adatum.ClaimTypes.Organization).Value;
var repository = new OrderRepository();
return(repository.GetOrdersByCompanyName(organization).ToArray());
}
protected override void AuthorizeUser(AuthorizationContext context)
{
var tenantRequested = (string)context.RouteData.Values["tenant"];
var userTenant = ClaimHelper.GetCurrentUserClaim(Tailspin.ClaimTypes.Tenant).Value;
if (!tenantRequested.Equals(userTenant, StringComparison.OrdinalIgnoreCase))
{
context.Result = new HttpUnauthorizedResult();
return;
}
base.AuthorizeUser(context);
}
public ActionResult ClaimMappings()
{
var claimMappingsRepository = new ClaimMappingRepository();
var organization = ClaimHelper.GetCurrentUserClaim(Fabrikam.ClaimTypes.Organization).Value;
var model = new ClaimMappingListViewModel
{
ClaimMappings = claimMappingsRepository.GetClaimMappingsByOrganization(organization),
OutputRoles = claimMappingsRepository.GetAllRoles(),
IncomingClaimType = new[] { ClaimTypes.Name, AllOrganizations.ClaimTypes.Group }
};
return(this.View("ClaimMappings", model));
}
public ActionResult CreateTenantWithSocialProvider(string OrganizationName, HttpPostedFileBase logoFile)
{
string organizationInternalName = SanitizeString(OrganizationName);
if (this.IsOrganizationNameValid(organizationInternalName))
{
var ipName = ClaimHelper.GetCurrentUserClaim(Fabrikam.ClaimTypes.IdentityProvider).Value;
if (ipName == SocialIdentityProviders.WindowsLiveId.HomeRealm)
{
ipName = SocialIdentityProviders.WindowsLiveId.DisplayName;
}
Organization organization = new Organization {
Name = organizationInternalName, DisplayName = OrganizationName, HomeRealm = ipName, LogoPath = "~/Content/images/generic-logo.png"
};
if (logoFile != null && logoFile.ContentLength > 0)
{
var imageFolderRelativePath = "~/Content/images/";
var imageFolderAbsolutePath = Server.MapPath("~/");
imageFolderAbsolutePath = string.Concat(imageFolderAbsolutePath, "..\\f-shipping.7\\Content\\images\\");
var fileName = string.Concat(organizationInternalName, "-logo.png");
var fileFullPath = string.Concat(imageFolderAbsolutePath, fileName);
logoFile.SaveAs(fileFullPath);
organization.LogoPath = string.Concat(imageFolderRelativePath, fileName);
}
OrganizationRepository organizationRepository = new OrganizationRepository();
organizationRepository.AddOrganization(organization);
ServiceManagementWrapper acsWrapper = new ServiceManagementWrapper(acsServiceNamespace, acsUsername, acsPassword);
var relayingPartyName = organizationInternalName;
var realmAddress = string.Format("https://localhost/f-shipping.7/{0}", organizationInternalName);
var replyAddress = string.Format("https://localhost/f-shipping.7/{0}/FederationResult", organizationInternalName);
var ruleGroup = string.Format("Default role group for {0}", organizationInternalName);
var socialProviders = new string[] { ipName };
acsWrapper.AddRelyingParty(organizationInternalName, realmAddress, replyAddress, null, null, null, ruleGroup, socialProviders);
var nameIdentifierValue = ClaimHelper.GetCurrentUserClaim(ClaimTypes.NameIdentifier).Value;
CreateRulesForTenantWithSocialIP(organizationInternalName, ipName, acsWrapper, ruleGroup, nameIdentifierValue);
return(View("CompleteEnrollment"));
}
return(View("EnrollWithSocialProvider", new EnrollmentViewModel {
ErrorMessage = "Organization name not valid", OrganizationName = OrganizationName
}));
}
private static void EnrichUserWithClaims(User user)
{
user.CostCenter = ClaimHelper.GetCurrentUserClaim(Fabrikam.ClaimTypes.CostCenter).Value ?? string.Empty;
user.Organization = ClaimHelper.GetCurrentUserClaim(Fabrikam.ClaimTypes.Organization).Value ?? string.Empty;
string givenName = ClaimHelper.GetCurrentUserClaim(ClaimTypes.GivenName).Value ?? string.Empty;
string surname = ClaimHelper.GetCurrentUserClaim(ClaimTypes.Surname).Value ?? string.Empty;
user.FullName = string.Format(CultureInfo.CurrentUICulture, "{0} {1}", givenName, surname);
string streetAddress = ClaimHelper.GetCurrentUserClaim(ClaimTypes.StreetAddress).Value ?? string.Empty;
string state = ClaimHelper.GetCurrentUserClaim(ClaimTypes.StateOrProvince).Value ?? string.Empty;
string country = ClaimHelper.GetCurrentUserClaim(ClaimTypes.Country).Value ?? string.Empty;
user.Address = string.Format(CultureInfo.CurrentUICulture, "{0}, {1}, {2}", streetAddress, state, country);
}
private static void EnrichUserWithClaims(User user)
{
user.CostCenter = ClaimHelper.GetCurrentUserClaim(Fabrikam.ClaimTypes.CostCenter).Value ?? string.Empty;
user.Organization = ClaimHelper.GetCurrentUserClaim(Fabrikam.ClaimTypes.Organization).Value ?? string.Empty;
string givenName = ClaimHelper.GetCurrentUserClaimValue(ClaimTypes.GivenName) ?? string.Empty;
string surname = ClaimHelper.GetCurrentUserClaimValue(ClaimTypes.Surname) ?? string.Empty;
if (string.IsNullOrEmpty(givenName) || string.IsNullOrEmpty(surname))
{
user.FullName = "not avaialbe";
}
else
{
user.FullName = string.Format(CultureInfo.CurrentUICulture, "{0} {1}", givenName, surname);
}
string streetAddress = ClaimHelper.GetCurrentUserClaimValue(ClaimTypes.StreetAddress) ?? string.Empty;
string state = ClaimHelper.GetCurrentUserClaimValue(ClaimTypes.StateOrProvince) ?? string.Empty;
string country = ClaimHelper.GetCurrentUserClaimValue(ClaimTypes.Country) ?? string.Empty;
if (string.IsNullOrEmpty(streetAddress) || string.IsNullOrEmpty(state) || string.IsNullOrEmpty(country))
{
user.Address = "not available";
}
else
{
user.Address = string.Format(CultureInfo.CurrentUICulture, "{0}, {1}, {2}", streetAddress, state, country);
}
/*
* user.FullName = "not available";
* user.Address = "not available";
* user.CostCenter = "not available";
* user.Organization = ClaimHelper.GetCurrentUserClaim(Fabrikam.ClaimTypes.Organization).Value ?? string.Empty;
*/
}
private void CreateRulesForTenantWithSocialIP(string organizationInternalName, string identityProviderName, ServiceManagementWrapper acsWrapper, string ruleGroup, string nameIdentifierValue)
{
// pass nameidentifier
acsWrapper.AddSimpleRuleToRuleGroup(ruleGroup,
identityProviderName,
ClaimTypes.NameIdentifier,
nameIdentifierValue,
ClaimTypes.NameIdentifier,
nameIdentifierValue);
// pass name
if (identityProviderName.Equals(SocialIdentityProviders.WindowsLiveId))
{
acsWrapper.AddSimpleRuleToRuleGroup(ruleGroup,
identityProviderName,
ClaimTypes.NameIdentifier,
nameIdentifierValue,
ClaimTypes.Name,
nameIdentifierValue);
}
else
{
var userName = ClaimHelper.GetCurrentUserClaim(ClaimTypes.Name).Value;
acsWrapper.AddSimpleRuleToRuleGroup(ruleGroup,
identityProviderName,
ClaimTypes.NameIdentifier,
nameIdentifierValue,
ClaimTypes.Name,
userName);
}
// add organization
acsWrapper.AddSimpleRuleToRuleGroup(ruleGroup,
identityProviderName,
ClaimTypes.NameIdentifier,
nameIdentifierValue,
Fabrikam.ClaimTypes.Organization,
organizationInternalName);
// add costcenter
acsWrapper.AddSimpleRuleToRuleGroup(ruleGroup,
identityProviderName,
ClaimTypes.NameIdentifier,
nameIdentifierValue,
Fabrikam.ClaimTypes.CostCenter,
Fabrikam.ClaimValues.SingleCostCenter);
// add role
acsWrapper.AddSimpleRuleToRuleGroup(ruleGroup,
identityProviderName,
ClaimTypes.NameIdentifier,
nameIdentifierValue,
Microsoft.IdentityModel.Claims.ClaimTypes.Role,
Fabrikam.Roles.ShipmentCreator);
// add role
acsWrapper.AddSimpleRuleToRuleGroup(ruleGroup,
identityProviderName,
ClaimTypes.NameIdentifier,
nameIdentifierValue,
Microsoft.IdentityModel.Claims.ClaimTypes.Role,
Fabrikam.Roles.Administrator);
}
