/// <summary>
/// Returning claims for the given user from BaatAuthzApi.
/// </summary>
/// <param name="identity"></param>
/// <returns></returns>
public async Task <List <Claim> > GetClaims(ClaimsIdentity identity)
{
Claim usernameClaim =
identity.FindFirst("http://schemas.xmlsoap.org/ws/2005/05/identity/claims/nameidentifier");
BaatAuthzUserInfoResponse response = await _baatAuthzApi.Info(usernameClaim.Value);
var claims = new List <Claim>();
if (response == BaatAuthzUserInfoResponse.Empty)
{
Log.Warning("Empty response from BaatAuthzApi - no claims appended to user");
}
else
{
claims.AddRange(new List <Claim>
{
new Claim("Name", string.IsNullOrEmpty(response?.Name) ? "" : response.Name),
new Claim("Email", response.Email),
new Claim("AuthorizedFrom", response.AuthorizedFrom),
new Claim("AuthorizedUntil", response.AuthorizedUntil),
new Claim("OrganizationName", response.Organization?.Name),
new Claim("OrganizationOrgnr", response.Organization?.Orgnr),
new Claim("OrganizationContactName", response.Organization?.ContactName),
new Claim("OrganizationContactEmail", response.Organization?.ContactEmail),
new Claim("OrganizationContactPhone", response.Organization?.ContactPhone)
});
}
await AppendRoles(usernameClaim.Value, claims);
//AppendFakeRolesForDemoUser(usernameClaim.Value, claims);
return(claims);
}
/// <summary>
/// Returning claims for the given user from BaatAuthzApi.
/// </summary>
/// <param name="identity"></param>
/// <returns></returns>
public async Task <List <Claim> > GetClaims(ClaimsIdentity identity)
{
Claim usernameClaim = identity.FindFirst(ClaimIdentifierUsername);
BaatAuthzUserInfoResponse response;
try
{
response = await _baatAuthzApi.Info(usernameClaim.Value);
}
catch (Exception e)
{
throw new Exception("Error while communicating with BaatAutzApi: " + e.Message, e);
}
var claims = new List <Claim>();
if (response != null && response == BaatAuthzUserInfoResponse.Empty)
{
Log.Warn("Empty response from BaatAuthzApi - no claims appended to user");
}
else
{
claims.AddRange(new List <Claim>
{
new Claim(GeonorgeClaims.Name, string.IsNullOrEmpty(response?.Name) ? "" : response.Name),
new Claim(GeonorgeClaims.Email, response.Email),
new Claim(GeonorgeClaims.AuthorizedFrom, response.AuthorizedFrom),
new Claim(GeonorgeClaims.AuthorizedUntil, response.AuthorizedUntil),
});
if (response.Organization != null)
{
claims.AddRange(new List <Claim>
{
new Claim(GeonorgeClaims.OrganizationName, response.Organization.Name),
new Claim(GeonorgeClaims.OrganizationOrgnr, response.Organization.Orgnr),
new Claim(GeonorgeClaims.OrganizationContactName, response.Organization.ContactName),
new Claim(GeonorgeClaims.OrganizationContactEmail, response.Organization.ContactEmail),
new Claim(GeonorgeClaims.OrganizationContactPhone, response.Organization.ContactPhone)
});
}
await AppendRoles(usernameClaim.Value, claims);
//AppendFakeRolesForDemoUser(usernameClaim.Value, claims); // TODO: Remove when BaatAuthz can supply proper role list
}
return(claims);
}
