/// <summary> /// Creates identity infromation about the specified principal's identity. /// </summary> /// <param name="principal">The principal.</param> /// <param name="application">The application from which the identity is observed.</param> /// <param name="relatedApplicationIdentities">The identities as seen from other applications related to the current application.</param> /// <returns>Identity information about the current principal's identity.</returns> public static async Task <IdentityInfo> FromPrincipal(IPrincipal principal, string source, string application, IList <IdentityInfo> relatedApplicationIdentities, AadGraphClient graphClient) { return(await FromIdentity(principal.Identity as ClaimsIdentity, source, application, relatedApplicationIdentities, graphClient)); }
/// <summary> /// Creates identity infromation about the specified identity. /// </summary> /// <param name="identity">The identity.</param> /// <param name="application">The application from which the identity is observed.</param> /// <param name="relatedApplicationIdentities">The identities as seen from other applications related to the current application.</param> /// <param name="graphClient">The graph client used to look up group claim details.</param> /// <returns>Identity information about the specified identity.</returns> public static async Task <IdentityInfo> FromIdentity(ClaimsIdentity identity, string source, string application, IList <IdentityInfo> relatedApplicationIdentities, AadGraphClient graphClient) { if (identity == null) { return(new IdentityInfo { Source = source, Application = application, IsAuthenticated = false, RelatedApplicationIdentities = relatedApplicationIdentities }); } var groups = default(IList <IGroup>); if (graphClient != null) { // Look up all the Azure AD groups for which there are group claims. // [NOTE] To get group claims in the token, ensure to update the Azure AD application manifest. // Change "groupMembershipClaims" from null to "SecurityGroup" (or "All" to include distribution groups). // See http://www.dushyantgill.com/blog/2014/12/10/authorization-cloud-applications-using-ad-groups/ for more information. var groupIds = identity.Claims.Where(claim => GroupClaimTypes.Any(groupClaimType => string.Equals(claim.Type, groupClaimType, StringComparison.OrdinalIgnoreCase))).Select(claim => claim.Value).ToArray(); groups = await graphClient.GetGroupsAsync(groupIds); } // [NOTE] Inspect the identity and its claims. return(new IdentityInfo { Source = source, Application = application, IsAuthenticated = identity.IsAuthenticated, Name = identity.Name, AuthenticationType = identity.AuthenticationType, GroupNames = (groups == null ? new string[0] : groups.Select(g => g.DisplayName).ToArray()), RoleNames = identity.Claims.Where(claim => RoleClaimTypes.Any(roleClaimType => string.Equals(claim.Type, roleClaimType, StringComparison.OrdinalIgnoreCase))).Select(claim => claim.Value).ToArray(), Claims = identity.Claims.Select(claim => new ClaimInfo { Issuer = claim.Issuer, Type = claim.Type, Value = claim.Value, Remark = GetRemark(claim, groups) }).ToArray(), RelatedApplicationIdentities = relatedApplicationIdentities ?? new IdentityInfo[0] }); }
/// <summary> /// Creates identity infromation about the claims represented in the specified JWT token. /// </summary> /// <param name="jwt">The JWT token.</param> /// <param name="application">The application from which the identity is observed.</param> /// <param name="relatedApplicationIdentities">The identities as seen from other applications related to the current application.</param> /// <param name="graphClient">The graph client used to look up group claim details.</param> /// <returns>Identity information about the specified JWT token.</returns> public static async Task <IdentityInfo> FromJwt(string jwt, string source, string application, IList <IdentityInfo> relatedApplicationIdentities, AadGraphClient graphClient) { try { var token = new JwtSecurityToken(jwt); var identity = new ClaimsIdentity(token.Claims, "JWT", StsConfiguration.NameClaimType, StsConfiguration.RoleClaimType); return(await FromIdentity(identity, source, application, relatedApplicationIdentities, graphClient)); } catch (Exception) { // The JWT string is not a valid token, return an unauthenticated identity. return(await FromIdentity(null, source, application, relatedApplicationIdentities, graphClient)); } }