public AddIdentities ( IEnumerable |
||
identities | IEnumerable |
Enumeration of ClaimsIdentities to add. |
리턴 | void |
/// <summary> /// Add all ClaimsIdenities from an additional ClaimPrincipal to the ClaimsPrincipal /// Merges a new claims principal, placing all new identities first, and eliminating /// any empty unauthenticated identities from context.User /// </summary> /// <param name="identity"></param> public static void AddUserPrincipal([NotNull] HttpContext context, [NotNull] ClaimsPrincipal principal) { var newPrincipal = new ClaimsPrincipal(); // New principal identities go first newPrincipal.AddIdentities(principal.Identities); // Then add any existing non empty or authenticated identities var existingPrincipal = context.User; if (existingPrincipal != null) { newPrincipal.AddIdentities(existingPrincipal.Identities.Where(i => i.IsAuthenticated || i.Claims.Count() > 0)); } context.User = newPrincipal; }
/// <summary> /// Add all ClaimsIdentities from an additional ClaimPrincipal to the ClaimsPrincipal /// Merges a new claims principal, placing all new identities first, and eliminating /// any empty unauthenticated identities from context.User /// </summary> /// <param name="identity"></param> public static ClaimsPrincipal MergeUserPrincipal(ClaimsPrincipal existingPrincipal, ClaimsPrincipal additionalPrincipal) { var newPrincipal = new ClaimsPrincipal(); // New principal identities go first if (additionalPrincipal != null) { newPrincipal.AddIdentities(additionalPrincipal.Identities); } // Then add any existing non empty or authenticated identities if (existingPrincipal != null) { newPrincipal.AddIdentities(existingPrincipal.Identities.Where(i => i.IsAuthenticated || i.Claims.Any())); } return newPrincipal; }
/// <inheritdoc /> public virtual async Task OnAuthorizationAsync([NotNull] AuthorizationContext context) { // Build a ClaimsPrincipal with the Policy's required authentication types if (Policy.ActiveAuthenticationSchemes != null && Policy.ActiveAuthenticationSchemes.Any()) { var newPrincipal = new ClaimsPrincipal(); foreach (var scheme in Policy.ActiveAuthenticationSchemes) { var result = (await context.HttpContext.Authentication.AuthenticateAsync(scheme))?.Principal; if (result != null) { newPrincipal.AddIdentities(result.Identities); } } // If all schemes failed authentication, provide a default identity anyways if (newPrincipal.Identity == null) { newPrincipal.AddIdentity(new ClaimsIdentity()); } context.HttpContext.User = newPrincipal; } // Allow Anonymous skips all authorization if (context.Filters.Any(item => item is IAllowAnonymous)) { return; } var httpContext = context.HttpContext; var authService = httpContext.RequestServices.GetRequiredService<IAuthorizationService>(); // Note: Default Anonymous User is new ClaimsPrincipal(new ClaimsIdentity()) if (httpContext.User == null || !httpContext.User.Identities.Any(i => i.IsAuthenticated) || !await authService.AuthorizeAsync(httpContext.User, context, Policy)) { context.Result = new ChallengeResult(Policy.ActiveAuthenticationSchemes.ToArray()); } }
private static async Task<AuthorizationCode> Version1( BsonDocument doc, IClientStore clientStore, IScopeStore scopeStore) { var code = new AuthorizationCode(); code.CreationTime = doc.GetValueOrDefault("creationTime", code.CreationTime); code.IsOpenId = doc.GetValueOrDefault("isOpenId", code.IsOpenId); code.RedirectUri = doc.GetValueOrDefault("redirectUri", code.RedirectUri); code.WasConsentShown = doc.GetValueOrDefault("wasConsentShown", code.WasConsentShown); code.Nonce = doc.GetValueOrDefault("nonce", code.Nonce); var claimsPrincipal = new ClaimsPrincipal(); IEnumerable<ClaimsIdentity> identities = doc.GetValueOrDefault("subject", sub => { string authenticationType = sub.GetValueOrDefault("authenticationType", (string)null); var claims = sub.GetNestedValueOrDefault("claimSet", ClaimSetSerializer.Deserialize, new Claim[] { }); ClaimsIdentity identity = authenticationType == null ? new ClaimsIdentity(claims) : new ClaimsIdentity(claims, authenticationType); return identity; }, new ClaimsIdentity[] { }); claimsPrincipal.AddIdentities(identities); code.Subject = claimsPrincipal; var clientId = doc["_clientId"].AsString; code.Client = await clientStore.FindClientByIdAsync(clientId); if (code.Client == null) { throw new InvalidOperationException("Client not found when deserializing authorization code. Client id: " + clientId); } var scopes = doc.GetValueOrDefault( "requestedScopes", (IEnumerable<string>)new string[] { }).ToArray(); code.RequestedScopes = await scopeStore.FindScopesAsync(scopes); if (scopes.Count() > code.RequestedScopes.Count()) { throw new InvalidOperationException("Scopes not found when deserializing authorization code. Scopes: " + string.Join(", ",scopes.Except(code.RequestedScopes.Select(x=>x.Name)))); } return code; }