public static FirmaSession FirmaSessionFromClaimsIdentity(IAuthenticationManager authenticationManager, Tenant currentTenant) { try { // Get the Person from Claims Identity // Other RPs use an actual "anonymous" user, but we are trying to have CurrentPerson be null, so, we are trying this. -- SLG & SG const Person anonymousSitkaUser = null; Person personFromClaimsIdentity; switch (FirmaWebConfiguration.AuthenticationType) { case AuthenticationType.KeystoneAuth: personFromClaimsIdentity = KeystoneClaimsHelpers.GetOpenIDUserFromPrincipal( authenticationManager.User, anonymousSitkaUser, HttpRequestStorage.DatabaseEntities.People.GetPersonByPersonGuid); break; case AuthenticationType.LocalAuth: personFromClaimsIdentity = GetPersonFromLocalClaims(authenticationManager.User); break; default: throw new ArgumentOutOfRangeException(); } // Actual real person if (personFromClaimsIdentity != null) { // Sanity check Check.Ensure(currentTenant.TenantID == personFromClaimsIdentity.TenantID); // Try to find existing Session for this Person. // ** This seems potentially flawed, and may not work for multiple logins -- SLG & SG ** var firmaSessionForRealPerson = HttpRequestStorage.DatabaseEntities.FirmaSessions.GetFirmaSessionsByPersonID(personFromClaimsIdentity.PersonID, false); if (firmaSessionForRealPerson.Any()) { // For now, we just give them the last session. This is NOT a long term solution. -- SLG return(firmaSessionForRealPerson.Last()); } // Otherwise, we could not find a FirmaSession for this person. Create one. var firmaSessionFromClaimsIdentity = new FirmaSession(HttpRequestStorage.DatabaseEntities, personFromClaimsIdentity); // Only save if the Session if it being newly created HttpRequestStorage.DatabaseEntities.AllFirmaSessions.Add(firmaSessionFromClaimsIdentity); HttpRequestStorage.DatabaseEntities.SaveChangesWithNoAuditing(currentTenant.TenantID); return(firmaSessionFromClaimsIdentity); } // Otherwise, anonymous user. We make a new session each time, which seems flawed - but not sure how else to handle yet. -- SLG var firmaSessionForAnonymousPerson = FirmaSession.MakeEmptyFirmaSession(HttpRequestStorage.DatabaseEntities, HttpRequestStorage.Tenant); return(firmaSessionForAnonymousPerson); } catch (Exception ex) { IdentitySignOut(authenticationManager); throw new SitkaDisplayErrorException("Something went wrong with your session or credentials. Please try logging in again. If this does not resolve the issue, please contact support.", ex); } }
public bool Authorize(DashboardContext context) { var owinContext = new OwinContext(context.GetOwinEnvironment()); var person = KeystoneClaimsHelpers.GetOpenIDUserFromPrincipal(owinContext.Authentication.User, null, HttpRequestStorage.DatabaseEntities.People.GetPersonByPersonGuid); return(person.IsAdministrator()); }