public async Task<GetUserInfoResponse> GetUserInfo(ClaimsIdentity claimsIdentity) { bool isAzureActiveDirectoryUser = false; var hasIssClaim = claimsIdentity.FindFirst("iss"); if (hasIssClaim != null) { if (hasIssClaim.Value.Contains("sts.windows.net")) { isAzureActiveDirectoryUser = true; } } var userName = claimsIdentity.GetUserName(); var userInfo = await _databaseRepository.GetUserInfo(userName); // if the user is unknown, we store it in our own database. if (userInfo == null && isAzureActiveDirectoryUser) { var firstName = claimsIdentity.Claims.Where(x => x.Type == System.IdentityModel.Claims.ClaimTypes.GivenName).Select(x => x.Value).FirstOrDefault(); var lastName = claimsIdentity.Claims.Where(x => x.Type == System.IdentityModel.Claims.ClaimTypes.Surname).Select(x => x.Value).FirstOrDefault(); var user = await _userService.Create(userName, userName, firstName, lastName); await _databaseRepository.AddToUserList(user.Id, user.UserName, user.FirstName, user.LastName); userInfo = await _databaseRepository.GetUserInfo(userName); } var roleClaims = new List<Claim>(); foreach (var userRole in userInfo.Roles) { roleClaims.Add(new Claim(ClaimTypes.Role, userRole)); } var localClaimsIdentity = new ClaimsIdentity( new List<Claim> { new Claim(ClaimTypes.Name, userInfo.UserName), new Claim(ClaimTypes.GivenName, userInfo.Profile.FirstName), new Claim(ClaimTypes.Surname, userInfo.Profile.LastName), new Claim(ClaimTypes.NameIdentifier, userInfo.Id.ToString()) }); localClaimsIdentity.AddClaims(roleClaims); var token = localClaimsIdentity.GenerateToken(_configurationService.LocalAuthentication.AudienceId, _configurationService.LocalAuthentication.AudienceSecret, _configurationService.LocalAuthentication.Issuer, DateTime.UtcNow.AddHours(-1), DateTime.UtcNow.AddDays(10)); userInfo.UserToken = token; return userInfo; }
public void Parse(ClaimsIdentity identity, ref ExternalLoginData loginData) { loginData.UserName = identity.GetUserName(); loginData.Profile = string.Format("https://twitter.com/{0}", loginData.UserName); }
// For more information on configuring authentication, please visit http://go.microsoft.com/fwlink/?LinkId=301864 public void ConfigureAuth(IAppBuilder app) { // Configure the db context, user manager and signin manager to use a single instance per request SSOFactory.CreateOwinContext(app); JwtSecurityTokenHandler.InboundClaimTypeMap = new Dictionary<string, string>(); //Require => error sso app.UseCookieAuthentication(new CookieAuthenticationOptions { AuthenticationType = "Cookies" }); app.UseOpenIdConnectAuthentication(new OpenIdConnectAuthenticationOptions { ClientId = UGConstants.SSOClient.ClientId, ClientSecret = UGConstants.SSOClient.ClientSecret, Authority = UGConstants.SSO.AuthorityBaseUri + UGConstants.SSO.PathHostIdentityServer, RedirectUri = UGConstants.SSOClient.RedirectUri, ResponseType = "id_token token", Scope = "openid profile", PostLogoutRedirectUri = UGConstants.SSOClient.PostLogoutRedirectUri, SignInAsAuthenticationType = "Cookies", UseTokenLifetime = false, Notifications = new OpenIdConnectAuthenticationNotifications { SecurityTokenValidated = async n => { var nid = new ClaimsIdentity(n.AuthenticationTicket.Identity.Claims, n.AuthenticationTicket.Identity.AuthenticationType, UGConstants.ClaimTypes.GivenName, UGConstants.ClaimTypes.Role); // get userinfo data var userInfoClient = new UserInfoClient( new Uri(n.Options.Authority + "/connect/userinfo"), n.ProtocolMessage.AccessToken); var userInfo = await userInfoClient.GetAsync(); if (userInfo.Claims != null) { //userInfo.Claims.ToList().ForEach(ui => nid.AddClaim(new Claim(ui.Item1, ui.Item2))); foreach (var ui in userInfo.Claims) { if (nid.Claims.Where(x => x.Type == ui.Item1 && x.Value == ui.Item2).Count() < 1) nid.AddClaim(new Claim(ui.Item1, ui.Item2)); } } string userName = nid.GetUserName(); if (string.IsNullOrWhiteSpace(userName)) throw new ArgumentNullException("UserName is not null or empty"); // keep the id_token for logout nid.AddClaim(new Claim("id_token", n.ProtocolMessage.IdToken)); // add access token for sample API nid.AddClaim(new Claim("access_token", n.ProtocolMessage.AccessToken)); // keep track of access token expiration nid.AddClaim(new Claim("expires_at", DateTimeOffset.Now.AddSeconds(int.Parse(n.ProtocolMessage.ExpiresIn)).ToString())); n.AuthenticationTicket = new Microsoft.Owin.Security.AuthenticationTicket( nid, n.AuthenticationTicket.Properties); }, RedirectToIdentityProvider = n => { if (n.ProtocolMessage.RequestType == OpenIdConnectRequestType.LogoutRequest) { var idTokenHint = n.OwinContext.Authentication.User.FindFirst("id_token"); if (idTokenHint != null) { n.ProtocolMessage.IdTokenHint = idTokenHint.Value; var signOutMessageId = n.OwinContext.Environment.GetSignOutMessageId(); if (signOutMessageId != null) { n.OwinContext.Response.Cookies.Append("state", signOutMessageId); } } } return Task.FromResult(0); } } }); }
public async Task<IEnumerable<LastOrder>> GetLast5Orders(ClaimsIdentity claimsIdentity) { var userInfo = await _databaseRepository.GetUserInfo(claimsIdentity.GetUserName()); return userInfo.Last5Orders; }