protected void Session_Start(object sender, EventArgs e) { // Note that the application does not go to the database // to authenticate the user. // The authentication is done by the issuer. // WSFederationAuthenticationModule automatically reads the // user token sent by the IP and sets the user information // in the thread current principal. if (this.Context.User.Identity.IsAuthenticated) { // At this point we can access the authenticated user information // by accessing the property Thread.CurrentPrincipal. string issuer = ClaimHelper.GetCurrentUserClaim(ClaimTypes.Name).OriginalIssuer; // Note, the GetClaim extension method is defined in the Samples.Web.Utillities project string givenName = ClaimHelper.GetCurrentUserClaim(WSIdentityConstants.ClaimTypes.GivenName).Value; string surname = ClaimHelper.GetCurrentUserClaim(WSIdentityConstants.ClaimTypes.Surname).Value; string costCenter = ClaimHelper.GetCurrentUserClaim(Adatum.ClaimTypes.CostCenter).Value; var repository = new UserRepository(); string federatedUsername = GetFederatedUserName(issuer, this.User.Identity.Name); var user = repository.GetUser(federatedUsername); user.CostCenter = costCenter; user.FullName = givenName + " " + surname; // The user is stored in the session because the application // authentication strategy requires it. this.Context.Session["LoggedUser"] = user; } }
protected override void OnActionExecuted(ActionExecutedContext filterContext) { if (filterContext.RequestContext.HttpContext.Request.IsAjaxRequest()) { return; } if (filterContext.Controller.ViewData.Model == null) { filterContext.Controller.ViewData.Model = new MasterPageViewModel(); } var model = (MasterPageViewModel)filterContext.Controller.ViewData.Model; var organizationName = ClaimHelper.GetCurrentUserClaim(Fabrikam.ClaimTypes.Organization).Value; var organizationRepository = new OrganizationRepository(); var tenantLogoPath = organizationRepository.GetOrganization(organizationName).LogoPath; model.TenantLogoPath = tenantLogoPath; model.ClaimsIssuer = ClaimHelper.GetCurrentUserClaim(ClaimTypes.Name). Issuer; model.ClaimsOriginalIssuer = ClaimHelper.GetCurrentUserClaim(Fabrikam.ClaimTypes.IdentityProvider).Value; base.OnActionExecuted(filterContext); }
public ActionResult AddClaimMapping() { // TODO: sanitize input and add AntiForgeryToken var incomingClaimType = this.Request.Form["IncomingClaimType"]; var incomingValue = this.Request.Form["IncomingValue"]; var roleName = this.Request.Form["NewRole"]; var organization = ClaimHelper.GetCurrentUserClaim(Fabrikam.ClaimTypes.Organization).Value; var claimMappingsRepository = new ClaimMappingRepository(); var role = claimMappingsRepository.GetRoleByName(roleName); if (this.ValidateClaimMapping(incomingClaimType, incomingValue, role, organization, claimMappingsRepository)) { claimMappingsRepository.SaveClaimMapping( new ClaimMapping { IncomingClaimType = incomingClaimType, IncomingValue = incomingValue, OutputRole = role, Organization = organization }); } return(this.ClaimMappings()); }
private void AuthorizeUser(AuthorizationContext context) { var organizationRequested = (string)context.RouteData.Values["organization"]; var userOrganiation = ClaimHelper.GetCurrentUserClaim(Fabrikam.ClaimTypes.Organization).Value; if (!organizationRequested.Equals(userOrganiation, StringComparison.OrdinalIgnoreCase)) { context.Result = new HttpUnauthorizedResult(); return; } var authorizedRoles = this.Roles.Split(new[] { "," }, StringSplitOptions.RemoveEmptyEntries); bool hasValidRole = false; foreach (var role in authorizedRoles) { if (context.HttpContext.User.IsInRole(role.Trim())) { hasValidRole = true; break; } } if (!hasValidRole) { context.Result = new HttpUnauthorizedResult(); return; } }
public ActionResult Index() { var repository = new ShipmentRepository(); // users in Shipment Manager role can see all the shipments, // while others can see only its own shipments IEnumerable <Shipment> shipments; var organization = ClaimHelper.GetCurrentUserClaim(Fabrikam.ClaimTypes.Organization).Value; if (this.User.IsInRole(Fabrikam.Roles.ShipmentManager)) { shipments = repository.GetShipmentsByOrganization(organization); } else { var userName = this.User.Identity.Name; shipments = repository.GetShipmentsByOrganizationAndUserName(organization, userName); } var model = new ShipmentListViewModel { Shipments = shipments }; return(View(model)); }
protected override void OnLoad(EventArgs e) { var company = ClaimHelper.GetCurrentUserClaim(Adatum.ClaimTypes.Organization).Value; var orderRepository = new OrderRepository(); this.OrdersGridView.DataSource = orderRepository.GetOrdersByCompanyName(company); this.OrdersGridView.DataBind(); }
public Order[] GetOrdersFromMyOrganization() { string organization = ClaimHelper.GetCurrentUserClaim(Adatum.ClaimTypes.Organization).Value; var repository = new OrderRepository(); return(repository.GetOrdersByCompanyName(organization).ToArray()); }
protected override void AuthorizeUser(AuthorizationContext context) { var tenantRequested = (string)context.RouteData.Values["tenant"]; var userTenant = ClaimHelper.GetCurrentUserClaim(Tailspin.ClaimTypes.Tenant).Value; if (!tenantRequested.Equals(userTenant, StringComparison.OrdinalIgnoreCase)) { context.Result = new HttpUnauthorizedResult(); return; } base.AuthorizeUser(context); }
public ActionResult ClaimMappings() { var claimMappingsRepository = new ClaimMappingRepository(); var organization = ClaimHelper.GetCurrentUserClaim(Fabrikam.ClaimTypes.Organization).Value; var model = new ClaimMappingListViewModel { ClaimMappings = claimMappingsRepository.GetClaimMappingsByOrganization(organization), OutputRoles = claimMappingsRepository.GetAllRoles(), IncomingClaimType = new[] { ClaimTypes.Name, AllOrganizations.ClaimTypes.Group } }; return(this.View("ClaimMappings", model)); }
public ActionResult CreateTenantWithSocialProvider(string OrganizationName, HttpPostedFileBase logoFile) { string organizationInternalName = SanitizeString(OrganizationName); if (this.IsOrganizationNameValid(organizationInternalName)) { var ipName = ClaimHelper.GetCurrentUserClaim(Fabrikam.ClaimTypes.IdentityProvider).Value; if (ipName == SocialIdentityProviders.WindowsLiveId.HomeRealm) { ipName = SocialIdentityProviders.WindowsLiveId.DisplayName; } Organization organization = new Organization { Name = organizationInternalName, DisplayName = OrganizationName, HomeRealm = ipName, LogoPath = "~/Content/images/generic-logo.png" }; if (logoFile != null && logoFile.ContentLength > 0) { var imageFolderRelativePath = "~/Content/images/"; var imageFolderAbsolutePath = Server.MapPath("~/"); imageFolderAbsolutePath = string.Concat(imageFolderAbsolutePath, "..\\f-shipping.7\\Content\\images\\"); var fileName = string.Concat(organizationInternalName, "-logo.png"); var fileFullPath = string.Concat(imageFolderAbsolutePath, fileName); logoFile.SaveAs(fileFullPath); organization.LogoPath = string.Concat(imageFolderRelativePath, fileName); } OrganizationRepository organizationRepository = new OrganizationRepository(); organizationRepository.AddOrganization(organization); ServiceManagementWrapper acsWrapper = new ServiceManagementWrapper(acsServiceNamespace, acsUsername, acsPassword); var relayingPartyName = organizationInternalName; var realmAddress = string.Format("https://localhost/f-shipping.7/{0}", organizationInternalName); var replyAddress = string.Format("https://localhost/f-shipping.7/{0}/FederationResult", organizationInternalName); var ruleGroup = string.Format("Default role group for {0}", organizationInternalName); var socialProviders = new string[] { ipName }; acsWrapper.AddRelyingParty(organizationInternalName, realmAddress, replyAddress, null, null, null, ruleGroup, socialProviders); var nameIdentifierValue = ClaimHelper.GetCurrentUserClaim(ClaimTypes.NameIdentifier).Value; CreateRulesForTenantWithSocialIP(organizationInternalName, ipName, acsWrapper, ruleGroup, nameIdentifierValue); return(View("CompleteEnrollment")); } return(View("EnrollWithSocialProvider", new EnrollmentViewModel { ErrorMessage = "Organization name not valid", OrganizationName = OrganizationName })); }
private static void EnrichUserWithClaims(User user) { user.CostCenter = ClaimHelper.GetCurrentUserClaim(Fabrikam.ClaimTypes.CostCenter).Value ?? string.Empty; user.Organization = ClaimHelper.GetCurrentUserClaim(Fabrikam.ClaimTypes.Organization).Value ?? string.Empty; string givenName = ClaimHelper.GetCurrentUserClaim(ClaimTypes.GivenName).Value ?? string.Empty; string surname = ClaimHelper.GetCurrentUserClaim(ClaimTypes.Surname).Value ?? string.Empty; user.FullName = string.Format(CultureInfo.CurrentUICulture, "{0} {1}", givenName, surname); string streetAddress = ClaimHelper.GetCurrentUserClaim(ClaimTypes.StreetAddress).Value ?? string.Empty; string state = ClaimHelper.GetCurrentUserClaim(ClaimTypes.StateOrProvince).Value ?? string.Empty; string country = ClaimHelper.GetCurrentUserClaim(ClaimTypes.Country).Value ?? string.Empty; user.Address = string.Format(CultureInfo.CurrentUICulture, "{0}, {1}, {2}", streetAddress, state, country); }
private static void EnrichUserWithClaims(User user) { user.CostCenter = ClaimHelper.GetCurrentUserClaim(Fabrikam.ClaimTypes.CostCenter).Value ?? string.Empty; user.Organization = ClaimHelper.GetCurrentUserClaim(Fabrikam.ClaimTypes.Organization).Value ?? string.Empty; string givenName = ClaimHelper.GetCurrentUserClaimValue(ClaimTypes.GivenName) ?? string.Empty; string surname = ClaimHelper.GetCurrentUserClaimValue(ClaimTypes.Surname) ?? string.Empty; if (string.IsNullOrEmpty(givenName) || string.IsNullOrEmpty(surname)) { user.FullName = "not avaialbe"; } else { user.FullName = string.Format(CultureInfo.CurrentUICulture, "{0} {1}", givenName, surname); } string streetAddress = ClaimHelper.GetCurrentUserClaimValue(ClaimTypes.StreetAddress) ?? string.Empty; string state = ClaimHelper.GetCurrentUserClaimValue(ClaimTypes.StateOrProvince) ?? string.Empty; string country = ClaimHelper.GetCurrentUserClaimValue(ClaimTypes.Country) ?? string.Empty; if (string.IsNullOrEmpty(streetAddress) || string.IsNullOrEmpty(state) || string.IsNullOrEmpty(country)) { user.Address = "not available"; } else { user.Address = string.Format(CultureInfo.CurrentUICulture, "{0}, {1}, {2}", streetAddress, state, country); } /* * user.FullName = "not available"; * user.Address = "not available"; * user.CostCenter = "not available"; * user.Organization = ClaimHelper.GetCurrentUserClaim(Fabrikam.ClaimTypes.Organization).Value ?? string.Empty; */ }
private void CreateRulesForTenantWithSocialIP(string organizationInternalName, string identityProviderName, ServiceManagementWrapper acsWrapper, string ruleGroup, string nameIdentifierValue) { // pass nameidentifier acsWrapper.AddSimpleRuleToRuleGroup(ruleGroup, identityProviderName, ClaimTypes.NameIdentifier, nameIdentifierValue, ClaimTypes.NameIdentifier, nameIdentifierValue); // pass name if (identityProviderName.Equals(SocialIdentityProviders.WindowsLiveId)) { acsWrapper.AddSimpleRuleToRuleGroup(ruleGroup, identityProviderName, ClaimTypes.NameIdentifier, nameIdentifierValue, ClaimTypes.Name, nameIdentifierValue); } else { var userName = ClaimHelper.GetCurrentUserClaim(ClaimTypes.Name).Value; acsWrapper.AddSimpleRuleToRuleGroup(ruleGroup, identityProviderName, ClaimTypes.NameIdentifier, nameIdentifierValue, ClaimTypes.Name, userName); } // add organization acsWrapper.AddSimpleRuleToRuleGroup(ruleGroup, identityProviderName, ClaimTypes.NameIdentifier, nameIdentifierValue, Fabrikam.ClaimTypes.Organization, organizationInternalName); // add costcenter acsWrapper.AddSimpleRuleToRuleGroup(ruleGroup, identityProviderName, ClaimTypes.NameIdentifier, nameIdentifierValue, Fabrikam.ClaimTypes.CostCenter, Fabrikam.ClaimValues.SingleCostCenter); // add role acsWrapper.AddSimpleRuleToRuleGroup(ruleGroup, identityProviderName, ClaimTypes.NameIdentifier, nameIdentifierValue, Microsoft.IdentityModel.Claims.ClaimTypes.Role, Fabrikam.Roles.ShipmentCreator); // add role acsWrapper.AddSimpleRuleToRuleGroup(ruleGroup, identityProviderName, ClaimTypes.NameIdentifier, nameIdentifierValue, Microsoft.IdentityModel.Claims.ClaimTypes.Role, Fabrikam.Roles.Administrator); }