public static ClaimsIdentity Create(WindowsPrincipal principal, WindowsAuthenticationOptions options) { var claims = new List<Claim>(); string sub = null; if (options.SubjectType == SubjectType.WindowsAccountName) { Logger.Debug("Using WindowsAccountName as subject"); sub = principal.Identity.Name; } else if (options.SubjectType == SubjectType.Sid) { Logger.Debug("Using primary SID as subject"); sub = principal.FindFirst(ClaimTypes.PrimarySid).Value; } claims.Add(new Claim("sub", sub)); if (options.EmitWindowsAccountNameAsName) { Logger.Debug("Emitting WindowsAccountName as name claim"); claims.Add(new Claim("name", principal.Identity.Name)); } if (options.EmitGroups) { Logger.Debug("Using Windows groups as role claims"); claims.AddRange(CreateGroupClaims(principal)); } claims.Add(new Claim(ClaimTypes.AuthenticationMethod, AuthenticationMethods.Windows)); claims.Add(AuthenticationInstantClaim.Now); return new ClaimsIdentity(claims, "Windows"); }
/// <summary> /// Setups the default claims. /// </summary> /// <param name="WindowsPrincipal">The windows principal.</param> /// <param name="TempUser">The temporary user.</param> private static void SetupDefaultClaims(WindowsPrincipal WindowsPrincipal, User TempUser) { Contract.Requires<ArgumentNullException>(WindowsPrincipal != null, "WindowsPrincipal"); Contract.Requires<ArgumentNullException>(TempUser != null, "TempUser"); TempUser.Claims.Add(new UserClaim() { Value = WindowsPrincipal.FindFirst(ClaimTypes.Name).Value, Type = ClaimTypes.NameIdentifier }); TempUser.Claims.Add(new UserClaim() { Value = TempUser.UserName, Type = ClaimTypes.Name }); TempUser.Claims.Add(UserClaim.Load(ClaimTypes.AuthenticationMethod, "Windows") .Check(new UserClaim() { Value = "Windows", Type = ClaimTypes.AuthenticationMethod })); }
/// <summary> /// Gets the user. /// </summary> /// <param name="WindowsPrincipal">The windows principal.</param> /// <returns>The user</returns> private static User GetUser(WindowsPrincipal WindowsPrincipal) { Contract.Requires<ArgumentNullException>(WindowsPrincipal != null, "WindowsPrincipal"); Claim NameClaim = WindowsPrincipal.FindFirst(ClaimTypes.Name); string Name = NameClaim.Value; string[] Parts = Name.Split(new[] { '\\' }, 2); string ShortName = Parts[Parts.Length - 1]; using (UserStore UserStore = new UserStore()) { using (UserManager<User, long> UserManager = new UserManager<User, long>(UserStore)) { User User = UserManager.FindByNameAsync(ShortName).Result; if (User == null) { UserManager.CreateAsync(new User() { UserName = ShortName }, Guid.NewGuid().ToString()).Wait(); User = UserManager.FindByNameAsync(ShortName).Result; } return User; } } }