예제 #1
0
 /// <summary>
 /// Creates identity infromation about the specified principal's identity.
 /// </summary>
 /// <param name="principal">The principal.</param>
 /// <param name="application">The application from which the identity is observed.</param>
 /// <param name="relatedApplicationIdentities">The identities as seen from other applications related to the current application.</param>
 /// <returns>Identity information about the current principal's identity.</returns>
 public static async Task <IdentityInfo> FromPrincipal(IPrincipal principal, string source, string application, IList <IdentityInfo> relatedApplicationIdentities, AadGraphClient graphClient)
 {
     return(await FromIdentity(principal.Identity as ClaimsIdentity, source, application, relatedApplicationIdentities, graphClient));
 }
예제 #2
0
        /// <summary>
        /// Creates identity infromation about the specified identity.
        /// </summary>
        /// <param name="identity">The identity.</param>
        /// <param name="application">The application from which the identity is observed.</param>
        /// <param name="relatedApplicationIdentities">The identities as seen from other applications related to the current application.</param>
        /// <param name="graphClient">The graph client used to look up group claim details.</param>
        /// <returns>Identity information about the specified identity.</returns>
        public static async Task <IdentityInfo> FromIdentity(ClaimsIdentity identity, string source, string application, IList <IdentityInfo> relatedApplicationIdentities, AadGraphClient graphClient)
        {
            if (identity == null)
            {
                return(new IdentityInfo
                {
                    Source = source,
                    Application = application,
                    IsAuthenticated = false,
                    RelatedApplicationIdentities = relatedApplicationIdentities
                });
            }

            var groups = default(IList <IGroup>);

            if (graphClient != null)
            {
                // Look up all the Azure AD groups for which there are group claims.
                // [NOTE] To get group claims in the token, ensure to update the Azure AD application manifest.
                // Change "groupMembershipClaims" from null to "SecurityGroup" (or "All" to include distribution groups).
                // See http://www.dushyantgill.com/blog/2014/12/10/authorization-cloud-applications-using-ad-groups/ for more information.
                var groupIds = identity.Claims.Where(claim => GroupClaimTypes.Any(groupClaimType => string.Equals(claim.Type, groupClaimType, StringComparison.OrdinalIgnoreCase))).Select(claim => claim.Value).ToArray();
                groups = await graphClient.GetGroupsAsync(groupIds);
            }

            // [NOTE] Inspect the identity and its claims.
            return(new IdentityInfo
            {
                Source = source,
                Application = application,
                IsAuthenticated = identity.IsAuthenticated,
                Name = identity.Name,
                AuthenticationType = identity.AuthenticationType,
                GroupNames = (groups == null ? new string[0] : groups.Select(g => g.DisplayName).ToArray()),
                RoleNames = identity.Claims.Where(claim => RoleClaimTypes.Any(roleClaimType => string.Equals(claim.Type, roleClaimType, StringComparison.OrdinalIgnoreCase))).Select(claim => claim.Value).ToArray(),
                Claims = identity.Claims.Select(claim => new ClaimInfo {
                    Issuer = claim.Issuer, Type = claim.Type, Value = claim.Value, Remark = GetRemark(claim, groups)
                }).ToArray(),
                RelatedApplicationIdentities = relatedApplicationIdentities ?? new IdentityInfo[0]
            });
        }
예제 #3
0
 /// <summary>
 /// Creates identity infromation about the claims represented in the specified JWT token.
 /// </summary>
 /// <param name="jwt">The JWT token.</param>
 /// <param name="application">The application from which the identity is observed.</param>
 /// <param name="relatedApplicationIdentities">The identities as seen from other applications related to the current application.</param>
 /// <param name="graphClient">The graph client used to look up group claim details.</param>
 /// <returns>Identity information about the specified JWT token.</returns>
 public static async Task <IdentityInfo> FromJwt(string jwt, string source, string application, IList <IdentityInfo> relatedApplicationIdentities, AadGraphClient graphClient)
 {
     try
     {
         var token    = new JwtSecurityToken(jwt);
         var identity = new ClaimsIdentity(token.Claims, "JWT", StsConfiguration.NameClaimType, StsConfiguration.RoleClaimType);
         return(await FromIdentity(identity, source, application, relatedApplicationIdentities, graphClient));
     }
     catch (Exception)
     {
         // The JWT string is not a valid token, return an unauthenticated identity.
         return(await FromIdentity(null, source, application, relatedApplicationIdentities, graphClient));
     }
 }