public virtual async Task <IdentityClaimTypeDto> CreateAsync(IdentityClaimTypeCreateDto input) { if (await IdentityClaimTypeRepository.AnyAsync(input.Name)) { throw new UserFriendlyException(L["IdentityClaimTypeAlreadyExists", input.Name]); } var identityClaimType = new IdentityClaimType( GuidGenerator.Create(), input.Name, input.Required, input.IsStatic, input.Regex, input.RegexDescription, input.Description, input.ValueType ); identityClaimType = await IdentityClaimTypeManager.CreateAsync(identityClaimType); await CurrentUnitOfWork.SaveChangesAsync(); return(ObjectMapper.Map <IdentityClaimType, IdentityClaimTypeDto>(identityClaimType)); }
/// <summary> /// Retrieves an S2S access token signed by the application's private certificate on /// behalf of the specified Claims Identity and intended for application at the targetApplicationUri using the /// targetRealm. If no Realm is specified in web.config, an auth challenge will be issued to the /// targetApplicationUri to discover it. /// </summary> /// <param name="targetApplicationUri">Url of the target SharePoint site</param> /// <param name="identity">Identity of the user on whose behalf to create the access token; use HttpContext.Current.User</param> /// <param name="UserIdentityClaimType">The claim type that is used as the identity claim for the user</param> /// <param name="IdentityClaimProviderType">The type of identity provider being used</param> /// <param name="UseAppOnlyClaim">Use an App Only claim</param> /// <returns></returns> public static string GetS2SClaimsAccessTokenWithClaims( Uri targetApplicationUri, ClaimsIdentity identity, IdentityClaimType UserIdentityClaimType, ClaimProviderType IdentityClaimProviderType, bool UseAppOnlyClaim) { //get the identity claim info first TokenHelper.ClaimsUserIdClaim id = null; if (IdentityClaimProviderType == ClaimProviderType.SAML) { id = RetrieveIdentityForSamlClaimsUser(identity, UserIdentityClaimType); } else { id = RetrieveIdentityForFbaClaimsUser(identity, UserIdentityClaimType); } string realm = string.IsNullOrEmpty(Realm) ? GetRealmFromTargetUrl(targetApplicationUri) : Realm; JsonWebTokenClaim[] claims = identity != null?GetClaimsWithClaimsIdentity(identity, UserIdentityClaimType, id, IdentityClaimProviderType) : null; return(IssueToken( ClientId, IssuerId, realm, SharePointPrincipal, realm, targetApplicationUri.Authority, true, claims, UseAppOnlyClaim, id.ClaimsIdClaimType != CLAIMS_ID_TYPE_UPN, id.ClaimsIdClaimType, id.ClaimsIdClaimValue)); }
private static JsonWebTokenClaim[] GetClaimsWithClaimsIdentity(ClaimsIdentity indentity, IdentityClaimType SamlIdentityClaimType, TokenHelper.ClaimsUserIdClaim id, ClaimProviderType IdentityClaimProviderType) { //if an identity claim was not found, then exit if (string.IsNullOrEmpty(id.ClaimsIdClaimValue)) { return(null); } Hashtable claimSet = new Hashtable(); //you always need nii claim, so add that claimSet.Add("nii", "temp"); //set up the nii claim and then add the smtp or sip claim separately if (IdentityClaimProviderType == ClaimProviderType.SAML) { claimSet["nii"] = "trusted:" + TrustedProviderName.ToLower(); //was urn:office:idp:trusted:, but this does not seem to align with what SPIdentityClaimMapper uses } else { claimSet["nii"] = "urn:office:idp:forms:" + MembershipProviderName.ToLower(); } //plug in UPN claim if we're using that if (id.ClaimsIdClaimType == CLAIMS_ID_TYPE_UPN) { claimSet.Add("upn", id.ClaimsIdClaimValue.ToLower()); } //now create the JsonWebTokenClaim array List <JsonWebTokenClaim> claimList = new List <JsonWebTokenClaim>(); foreach (string key in claimSet.Keys) { claimList.Add(new JsonWebTokenClaim(key, (string)claimSet[key])); } return(claimList.ToArray()); }
/// <summary> /// NOT IMPLEMENTED /// </summary> /// <param name="identity"></param> /// <param name="SamlIdentityClaimType"></param> /// <returns></returns> private static TokenHelper.ClaimsUserIdClaim RetrieveIdentityForFbaClaimsUser(ClaimsIdentity identity, IdentityClaimType SamlIdentityClaimType) { throw new NotImplementedException(); }
/// <summary> /// Retrieves the identity for the ClaimsIdentity /// </summary> /// <param name="identity">The Claims Identity</param> /// <param name="SamlIdentityClaimType">The Claims Identity Type</param> /// <returns></returns> private static TokenHelper.ClaimsUserIdClaim RetrieveIdentityForSamlClaimsUser(ClaimsIdentity identity, IdentityClaimType SamlIdentityClaimType) { TokenHelper.ClaimsUserIdClaim id = new ClaimsUserIdClaim(); try { if (identity.IsAuthenticated) { //get the claim type we're looking for string claimType = CLAIM_TYPE_EMAIL; id.ClaimsIdClaimType = CLAIMS_ID_TYPE_EMAIL; //since the vast majority of the time the id claim is email, we'll start out with that //as our default position and only check if that isn't the case if (SamlIdentityClaimType != IdentityClaimType.SMTP) { switch (SamlIdentityClaimType) { case IdentityClaimType.UPN: claimType = CLAIM_TYPE_UPN; id.ClaimsIdClaimType = CLAIMS_ID_TYPE_UPN; break; default: claimType = CLAIM_TYPE_SIP; id.ClaimsIdClaimType = CLAIMS_ID_TYPE_SIP; break; } } foreach (Claim claim in identity.Claims) { if (claim.Type == claimType) { id.ClaimsIdClaimValue = claim.Value; break; } } } } catch (Exception ex) { //not going to do anything here; could look for a missing identity claim but instead will just //return an empty string Debug.WriteLine(ex.Message); } return(id); }
private async Task AddClaimTypes() { var ageClaim = new IdentityClaimType(Guid.NewGuid(), "Age", false, false, null, null, null, IdentityClaimValueType.Int); await _identityClaimTypeRepository.InsertAsync(ageClaim); }
/// <summary> /// Retrieves the identity for the ClaimsIdentity /// </summary> /// <param name="identity">The Claims Identity</param> /// <param name="SamlIdentityClaimType">The Claims Identity Type</param> /// <returns></returns> private static TokenHelper.ClaimsUserIdClaim RetrieveIdentityForSamlClaimsUser(ClaimsIdentity identity, IdentityClaimType SamlIdentityClaimType) { TokenHelper.ClaimsUserIdClaim id = new ClaimsUserIdClaim(); try { if (identity.IsAuthenticated) { //get the claim type we're looking for string claimType = CLAIM_TYPE_EMAIL; id.ClaimsIdClaimType = CLAIMS_ID_TYPE_EMAIL; //since the vast majority of the time the id claim is email, we'll start out with that //as our default position and only check if that isn't the case if (SamlIdentityClaimType != IdentityClaimType.SMTP) { switch (SamlIdentityClaimType) { case IdentityClaimType.UPN: claimType = CLAIM_TYPE_UPN; id.ClaimsIdClaimType = CLAIMS_ID_TYPE_UPN; break; default: claimType = CLAIM_TYPE_SIP; id.ClaimsIdClaimType = CLAIMS_ID_TYPE_SIP; break; } } foreach (Claim claim in identity.Claims) { if (claim.Type == claimType) { id.ClaimsIdClaimValue = claim.Value; break; } } } } catch (Exception ex) { //not going to do anything here; could look for a missing identity claim but instead will just //return an empty string Debug.WriteLine(ex.Message); } return id; }
private static JsonWebTokenClaim[] GetClaimsWithClaimsIdentity(ClaimsIdentity indentity, IdentityClaimType SamlIdentityClaimType, TokenHelper.ClaimsUserIdClaim id, ClaimProviderType IdentityClaimProviderType) { //if an identity claim was not found, then exit if (string.IsNullOrEmpty(id.ClaimsIdClaimValue)) return null; Hashtable claimSet = new Hashtable(); //you always need nii claim, so add that claimSet.Add("nii", "temp"); //set up the nii claim and then add the smtp or sip claim separately if (IdentityClaimProviderType == ClaimProviderType.SAML) claimSet["nii"] = "trusted:" + TrustedProviderName.ToLower(); //was urn:office:idp:trusted:, but this does not seem to align with what SPIdentityClaimMapper uses else claimSet["nii"] = "urn:office:idp:forms:" + MembershipProviderName.ToLower(); //plug in UPN claim if we're using that if (id.ClaimsIdClaimType == CLAIMS_ID_TYPE_UPN) claimSet.Add("upn", id.ClaimsIdClaimValue.ToLower()); //now create the JsonWebTokenClaim array List<JsonWebTokenClaim> claimList = new List<JsonWebTokenClaim>(); foreach (string key in claimSet.Keys) { claimList.Add(new JsonWebTokenClaim(key, (string)claimSet[key])); } return claimList.ToArray(); }
/// <summary> /// Retrieves an S2S client context with an access token signed by the application's private certificate on /// behalf of the specified Claims Identity and intended for application at the targetApplicationUri using the /// targetRealm. If no Realm is specified in web.config, an auth challenge will be issued to the /// targetApplicationUri to discover it. /// </summary> /// <param name="targetApplicationUri">Url of the target SharePoint site</param> /// <param name="identity">Identity of the user on whose behalf to create the access token; use HttpContext.Current.User</param> /// <param name="UserIdentityClaimType">The claim type that is used as the identity claim for the user</param> /// <param name="IdentityClaimProviderType">The type of identity provider being used</param> /// <param name="UseAppOnlyClaim">Use an App Only claim</param> /// <returns>A ClientContext using an access token with an audience of the target application</returns> public static ClientContext GetS2SClientContextWithClaimsIdentity( Uri targetApplicationUri, ClaimsIdentity identity, IdentityClaimType UserIdentityClaimType, ClaimProviderType IdentityClaimProviderType, bool UseAppOnlyClaim) { string realm = string.IsNullOrEmpty(Realm) ? GetRealmFromTargetUrl(targetApplicationUri) : Realm; string accessToken = GetS2SClaimsAccessTokenWithClaims( targetApplicationUri, identity, UserIdentityClaimType, IdentityClaimProviderType, UseAppOnlyClaim); return GetClientContextWithAccessToken(targetApplicationUri.ToString(), accessToken); }
/// <summary> /// Retrieves an S2S access token signed by the application's private certificate on /// behalf of the specified Claims Identity and intended for application at the targetApplicationUri using the /// targetRealm. If no Realm is specified in web.config, an auth challenge will be issued to the /// targetApplicationUri to discover it. /// </summary> /// <param name="targetApplicationUri">Url of the target SharePoint site</param> /// <param name="identity">Identity of the user on whose behalf to create the access token; use HttpContext.Current.User</param> /// <param name="UserIdentityClaimType">The claim type that is used as the identity claim for the user</param> /// <param name="IdentityClaimProviderType">The type of identity provider being used</param> /// <param name="UseAppOnlyClaim">Use an App Only claim</param> /// <returns></returns> public static string GetS2SClaimsAccessTokenWithClaims( Uri targetApplicationUri, ClaimsIdentity identity, IdentityClaimType UserIdentityClaimType, ClaimProviderType IdentityClaimProviderType, bool UseAppOnlyClaim) { //get the identity claim info first TokenHelper.ClaimsUserIdClaim id = null; if (IdentityClaimProviderType == ClaimProviderType.SAML) id = RetrieveIdentityForSamlClaimsUser(identity, UserIdentityClaimType); else { id = RetrieveIdentityForFbaClaimsUser(identity, UserIdentityClaimType); } string realm = string.IsNullOrEmpty(Realm) ? GetRealmFromTargetUrl(targetApplicationUri) : Realm; JsonWebTokenClaim[] claims = identity != null ? GetClaimsWithClaimsIdentity(identity, UserIdentityClaimType, id, IdentityClaimProviderType) : null; return IssueToken( ClientId, IssuerId, realm, SharePointPrincipal, realm, targetApplicationUri.Authority, true, claims, UseAppOnlyClaim, id.ClaimsIdClaimType != CLAIMS_ID_TYPE_UPN, id.ClaimsIdClaimType, id.ClaimsIdClaimValue); }