public static Task ValidateAsync(CookieValidatePrincipalContext context) { if (context != null && context.Principal.Identity.IsAuthenticated) { // check if framework is installed var config = context.HttpContext.RequestServices.GetService(typeof(IConfiguration)) as IConfiguration; if (!string.IsNullOrEmpty(config.GetConnectionString("DefaultConnection"))) { var tenantManager = context.HttpContext.RequestServices.GetService(typeof(ITenantManager)) as ITenantManager; var alias = tenantManager.GetAlias(); if (alias != null) { // verify principal was authenticated for current tenant if (context.Principal.Claims.FirstOrDefault(item => item.Type == ClaimTypes.GroupSid)?.Value != alias.AliasId.ToString()) { // tenant agnostic requests must be ignored string path = context.Request.Path.ToString().ToLower(); if (path.StartsWith("/_blazor") || path.StartsWith("/api/installation/")) { return(Task.CompletedTask); } // refresh principal var userRepository = context.HttpContext.RequestServices.GetService(typeof(IUserRepository)) as IUserRepository; var userRoleRepository = context.HttpContext.RequestServices.GetService(typeof(IUserRoleRepository)) as IUserRoleRepository; User user = userRepository.GetUser(context.Principal.Identity.Name); if (user != null) { List <UserRole> userroles = userRoleRepository.GetUserRoles(user.UserId, alias.SiteId).ToList(); var identity = UserSecurity.CreateClaimsIdentity(alias, user, userroles); context.ReplacePrincipal(new ClaimsPrincipal(identity)); context.ShouldRenew = true; } else { context.RejectPrincipal(); } } } else { context.RejectPrincipal(); } } } return(Task.CompletedTask); }
protected override async Task <ClaimsIdentity> GenerateClaimsAsync(TUser identityuser) { var identity = await base.GenerateClaimsAsync(identityuser); User user = _users.GetUser(identityuser.UserName); if (user != null) { Alias alias = _tenants.GetAlias(); if (alias != null) { List <UserRole> userroles = _userRoles.GetUserRoles(user.UserId, alias.SiteId).ToList(); identity = UserSecurity.CreateClaimsIdentity(alias, user, userroles); } } return(identity); }