public override async ValueTask <ClaimsPrincipal> CreateUserAsync( RemoteUserAccount account, RemoteAuthenticationUserOptions options) { var user = await base.CreateUserAsync(account, options); if (user.Identity.IsAuthenticated) { var identity = (ClaimsIdentity)user.Identity; var roleClaims = identity.FindAll(identity.RoleClaimType); if (roleClaims != null && roleClaims.Any()) { foreach (var existingClaim in roleClaims) { identity.RemoveClaim(existingClaim); } var rolesElem = account.AdditionalProperties[identity.RoleClaimType]; if (rolesElem is JsonElement roles) { if (roles.ValueKind == JsonValueKind.Array) { foreach (var role in roles.EnumerateArray()) { identity.AddClaim(new Claim(options.RoleClaim, role.GetString())); } } else { identity.AddClaim(new Claim(options.RoleClaim, roles.GetString())); } } } } return(user); }
public async override ValueTask <ClaimsPrincipal> CreateUserAsync(CustomRemoteUserAccount account, RemoteAuthenticationUserOptions options) { var userClaimsPrincipal = await base.CreateUserAsync(account, options); if (userClaimsPrincipal.Identity.IsAuthenticated) { ClaimsIdentity claimsIdentity = userClaimsPrincipal.Identity as ClaimsIdentity; _ = claimsIdentity.Claims.GetAzureAdB2CUserObjectId(); var httpClient = this.HttpClientService.CreateAuthorizedClient(); var userRoles = await UserClientService.GetMyRolesAsync(); if (userRoles != null) { foreach (var singleRole in userRoles) { claimsIdentity.AddClaim(new Claim("Role", singleRole)); } } var subscriptionPlan = await UserClientService.GetMySubscriptionAsync(); if (subscriptionPlan != null) { claimsIdentity.AddClaim(new Claim("Subscription", subscriptionPlan.Name)); } var userStatus = await httpClient.GetStringAsync(Constants.ApiRoutes.UserController.GetMyUserStatus); if (!string.IsNullOrWhiteSpace(userStatus)) { claimsIdentity.AddClaim(new Claim("UserStatus", userStatus)); } } return(userClaimsPrincipal); }
// </ConstructorSnippet> public async override ValueTask <ClaimsPrincipal> CreateUserAsync( RemoteUserAccount account, RemoteAuthenticationUserOptions options) { // Create the base user var initialUser = await base.CreateUserAsync(account, options); // If authenticated, we can call Microsoft Graph if (initialUser.Identity.IsAuthenticated) { try { // Add additional info from Graph to the identity await AddGraphInfoToClaims(accessor, initialUser); } catch (AccessTokenNotAvailableException exception) { logger.LogError($"Graph API access token failure: {exception.Message}"); } catch (ServiceException exception) { logger.LogError($"Graph API error: {exception.Message}"); logger.LogError($"Response body: {exception.RawResponseBody}"); } } return(initialUser); }
public async override ValueTask <ClaimsPrincipal> CreateUserAsync( RemoteUserAccount account, RemoteAuthenticationUserOptions options) { var initialUser = await base.CreateUserAsync(account, options); if (initialUser.Identity.IsAuthenticated) { var userIdentity = (ClaimsIdentity)initialUser.Identity; try { var graphClient = ActivatorUtilities .CreateInstance <GraphServiceClient>(serviceProvider); var request = graphClient.Me.Request(); var user = await request.GetAsync(); if (user != null) { userIdentity.AddClaim(new Claim("mobilephone", user.MobilePhone)); } } catch (ServiceException exception) { logger.LogError("Graph API service failure: {Message}", exception.Message); } } return(initialUser); }
public override async ValueTask <ClaimsPrincipal> CreateUserAsync( RemoteUserAccount account, RemoteAuthenticationUserOptions options) { var initialUser = await base.CreateUserAsync(account, options).ConfigureAwait(true); var token = await TokenProvider.RequestAccessToken().ConfigureAwait(true); var tokenStatus = token.Status; if (initialUser.Identity is not ClaimsIdentity userIdentity || tokenStatus != AccessTokenResultStatus.Success || !userIdentity.IsAuthenticated) { return(initialUser); } _logger.LogInformation("Connecting logged in user"); userIdentity.AddRolesFromExtensionClaim(); try { var client = _clientFactory.CreateClient("NRZMyk.ServerAPI"); var response = await client.GetAsync("api/user/connect").ConfigureAwait(true); if (response.IsSuccessStatusCode) { var connectedAccount = await response.Content.ReadFromJsonAsync <ConnectedAccount>().ConfigureAwait(true); if (connectedAccount != null) { _logger.LogInformation("Connect success, {displayName}, IsGuest={isGuest}", connectedAccount.Account.DisplayName, connectedAccount.IsGuest); if (!connectedAccount.IsGuest && !userIdentity.HasClaim(ClaimTypes.Role, nameof(Role.User))) { userIdentity.AddClaim(new Claim(ClaimTypes.Role, nameof(Role.User))); userIdentity.RemoveClaim(userIdentity.Claims.FirstOrDefault(c => c.Type == ClaimTypes.Role && c.Value == nameof(Role.Guest))); } } else { _logger.LogError("Failed to connect account as it deserialized as 'null'"); } } else { _logger.LogError("Connect API request failed with status code: " + response.StatusCode); } } catch (Exception exception) { _logger.LogError(exception, "Connect API request failed: " + exception.Message); } return(initialUser); }
public override async ValueTask <ClaimsPrincipal> CreateUserAsync( RemoteUserAccount account, RemoteAuthenticationUserOptions options) { var user = await base.CreateUserAsync(account, options); var claimsIdentity = (ClaimsIdentity)user.Identity; if (account != null) { MapArrayClaimsToMultipleSeparateClaims(account, claimsIdentity); } return(user); }
public async override ValueTask <ClaimsPrincipal> CreateUserAsync(CustomRemoteUserAccount account, RemoteAuthenticationUserOptions options) { var userClaimsPrincipal = await base.CreateUserAsync(account, options); if (userClaimsPrincipal.Identity.IsAuthenticated) { ClaimsIdentity claimsIdentity = userClaimsPrincipal.Identity as ClaimsIdentity; var userObjectId = claimsIdentity.Claims.GetAzureAdB2CUserObjectId(); var httpClient = this.HttpClientService.CreateAuthorizedClient(); var userRole = await httpClient.GetStringAsync($"api/User/GetUserRole?userAdB2CObjectId={userObjectId}"); claimsIdentity.AddClaim(new Claim("Role", userRole)); } return(userClaimsPrincipal); }
public async Task WhenAccessTokenRequiresRedirect_UserDoesNotHaveAnyRole() { var remoteAccount = new RemoteUserAccount { AdditionalProperties = new Dictionary <string, object>() }; var accessToken = new AccessTokenResult(AccessTokenResultStatus.RequiresRedirect, new AccessToken(), ""); var options = new RemoteAuthenticationUserOptions { AuthenticationType = "Basic" }; var sut = CreateSut(out var tokenProvider, out _, out _); tokenProvider.TokenProvider.RequestAccessToken().Returns(accessToken); var claims = await sut.CreateUserAsync(remoteAccount, options).ConfigureAwait(true); claims.IsInRole(Role.Guest.ToString()).Should().BeFalse(); claims.IsInRole(Role.User.ToString()).Should().BeFalse(); }
public async Task WhenGetConnectReturnsAccountButDeserializationFails_UserIsTreatedAsGuest() { var remoteAccount = new RemoteUserAccount { AdditionalProperties = new Dictionary <string, object>() }; var accessToken = new AccessTokenResult(AccessTokenResultStatus.Success, new AccessToken(), ""); var options = new RemoteAuthenticationUserOptions { AuthenticationType = "Basic" }; var sut = CreateSut(out var tokenProvider, out var mockHttp, out var logger); tokenProvider.TokenProvider.RequestAccessToken().Returns(accessToken); mockHttp.When(HttpMethod.Get, "http://localhost/api/user/connect").Respond("application/json", "{ baz }"); var claims = await sut.CreateUserAsync(remoteAccount, options).ConfigureAwait(true); claims.IsInRole(Role.Guest.ToString()).Should().BeTrue(); claims.IsInRole(Role.User.ToString()).Should().BeFalse(); }
public async Task WhenGetConnectFails_UserIsTreatedAsGuest() { var remoteAccount = new RemoteUserAccount { AdditionalProperties = new Dictionary <string, object>() }; var accessToken = new AccessTokenResult(AccessTokenResultStatus.Success, new AccessToken(), ""); var options = new RemoteAuthenticationUserOptions { AuthenticationType = "Basic" }; var sut = CreateSut(out var tokenProvider, out _, out var logger); tokenProvider.TokenProvider.RequestAccessToken().Returns(accessToken); var claims = await sut.CreateUserAsync(remoteAccount, options).ConfigureAwait(true); claims.IsInRole(Role.Guest.ToString()).Should().BeTrue(); claims.IsInRole(Role.User.ToString()).Should().BeFalse(); logger.Received(1).LogError(Arg.Any <Exception>(), "Connect API request failed with status code: NotFound"); }
public async override ValueTask <ClaimsPrincipal> CreateUserAsync( RemoteUserAccount account, RemoteAuthenticationUserOptions options) { var user = await base.CreateUserAsync(account, options); if (user.Identity.IsAuthenticated) { var identity = (ClaimsIdentity)user.Identity; // delete all the role claims var roleClaims = identity.FindAll(identity.RoleClaimType).ToArray(); if (roleClaims != null && roleClaims.Any()) { foreach (var existingClaim in roleClaims) { identity.RemoveClaim(existingClaim); } // load the claim (role: "Admin" or role: [ "User, "Admin,..] an array ) // (set in Programs.cs: options.UserOptions.RoleClaim = "role";) var rolesElem = account.AdditionalProperties[identity.RoleClaimType]; if (rolesElem is JsonElement roles) { if (roles.ValueKind == JsonValueKind.Array) { // loop the role array foreach (var role in roles.EnumerateArray()) { //add the role as claim type: ClaimsType.Role identity.AddClaim(new Claim(options.RoleClaim, role.GetString())); } } else //is not an array, load it directly { identity.AddClaim(new Claim(options.RoleClaim, roles.GetString())); } } } } return(user); }
public override async ValueTask <ClaimsPrincipal> CreateUserAsync( RemoteUserAccount account, RemoteAuthenticationUserOptions options) { var user = await base.CreateUserAsync(account, options); if (user.Identity.IsAuthenticated) { var identity = (ClaimsIdentity)user.Identity; var rolesClaim = identity.Claims.Single(c => c.Type == "roles").Value; var roles = JsonSerializer.Deserialize <string[]>(rolesClaim); foreach (var role in roles) { identity.AddClaim(new Claim(ClaimTypes.Role, role)); } } return(user); }
public override async ValueTask <ClaimsPrincipal> CreateUserAsync( CpkAccount account, RemoteAuthenticationUserOptions options) { var initialUser = await base.CreateUserAsync(account, options); if (initialUser.Identity.IsAuthenticated) { foreach (var value in account.AuthenticationMethod) { ((ClaimsIdentity)initialUser.Identity).AddClaim(new Claim("amr", value)); } foreach (var value in account.Roles.Split(',', StringSplitOptions.RemoveEmptyEntries)) { ((ClaimsIdentity)initialUser.Identity).AddClaim(new Claim("client_role", value)); } } return(initialUser); }
public override async ValueTask <ClaimsPrincipal> CreateUserAsync( OidcAccount account, RemoteAuthenticationUserOptions options) { var initialUser = await base.CreateUserAsync(account, options); if (initialUser.Identity.IsAuthenticated) { foreach (var value in account.AuthenticationMethod) { ((ClaimsIdentity)initialUser.Identity).AddClaim(new Claim("amr", value)); } var tokenResponse = await TokenProvider.RequestAccessToken(); if (tokenResponse.TryGetToken(out var token)) { var request = new HttpRequestMessage(HttpMethod.Get, "Preferences/HasCompletedAdditionalInformation"); request.Headers.Authorization = new AuthenticationHeaderValue("Bearer", token.Value); var response = await _httpClient.SendAsync(request); if (response.StatusCode != HttpStatusCode.OK) { throw new InvalidOperationException("Error accessing additional user info."); } var hasInfo = JsonSerializer.Deserialize <bool>(await response.Content.ReadAsStringAsync()); if (!hasInfo) { // The actual pattern would be to cache this info to avoid constant queries to the server per auth update. // (By default once every minute) ((ClaimsIdentity)initialUser.Identity).AddClaim(new Claim("NewUser", "true")); } } } return(initialUser); }
public async override ValueTask <ClaimsPrincipal> CreateUserAsync( AuthZUserAccount account, RemoteAuthenticationUserOptions options) { var initialUser = await base.CreateUserAsync(account, options); if (initialUser.Identity.IsAuthenticated) { foreach (var value in account.Roles) { ((ClaimsIdentity)initialUser.Identity) .AddClaim(new Claim("roles", value)); } foreach (var value in account.Groups) { ((ClaimsIdentity)initialUser.Identity) .AddClaim(new Claim("groups", value)); } } return(initialUser); }
public async override ValueTask <ClaimsPrincipal> CreateUserAsync( CustomUserAccount account, RemoteAuthenticationUserOptions options) { var initialUser = await base.CreateUserAsync(account, options); if (initialUser.Identity is null) { throw new NullReferenceException(); } if (initialUser.Identity.IsAuthenticated) { var userIdentity = (ClaimsIdentity)initialUser.Identity; foreach (var role in account.Roles) { userIdentity.AddClaim(new Claim("role", role)); } } return(initialUser); }
public async override ValueTask <ClaimsPrincipal> CreateUserAsync( CustomUserAccount account, RemoteAuthenticationUserOptions options) { var initialUser = await base.CreateUserAsync(account, options); if (initialUser.Identity.IsAuthenticated) { var userIdentity = (ClaimsIdentity)initialUser.Identity; foreach (var role in account.Roles) { userIdentity.AddClaim(new Claim("role", role)); } //if (userIdentity.HasClaim(c => c.Type == "hasgroups")) //{ // try // { // var client = _clientFactory.CreateClient("GraphAPI"); // var response = await client.GetAsync("v1.0/me/memberOf"); // if (response.IsSuccessStatusCode) // { // var userObjects = await response.Content // .ReadFromJsonAsync<DirectoryObjects>(); // foreach (var obj in userObjects?.Values) // { // userIdentity.AddClaim(new Claim("group", obj.Id)); // } // var claim = userIdentity.Claims.FirstOrDefault( // c => c.Type == "hasgroups"); // userIdentity.RemoveClaim(claim); // } // else // { // _logger.LogError("Graph API request failure: {REASON}", // response.ReasonPhrase); // } // } // catch (AccessTokenNotAvailableException exception) // { // _logger.LogError("Graph API access token failure: {MESSAGE}", // exception.Message); // } //} //else //{ // foreach (var group in account.Groups) // { // userIdentity.AddClaim(new Claim("group", group)); // } //} } return(initialUser); }
public override async ValueTask <ClaimsPrincipal> CreateUserAsync(RemoteUserAccount account, RemoteAuthenticationUserOptions options) { var user = await base.CreateUserAsync(account, options); if (user.Identity.IsAuthenticated) { var identity = user.Identity as ClaimsIdentity; _logger.LogInformation($"User connected {identity.Name}"); foreach (var claim in user.Claims.ToArray()) { var value = claim.Value; if (value.StartsWith("[")) { var values = JsonSerializer.Deserialize <IEnumerable <string> >(value); var type = claim.Type; foreach (var item in values) { _logger.LogDebug($"Add {type} claim {item}"); identity.AddClaim(new Claim(type, item)); } identity.RemoveClaim(claim); } } } return(user); }
public override async ValueTask <ClaimsPrincipal> CreateUserAsync(RemoteUserAccount account, RemoteAuthenticationUserOptions options) { Console.WriteLine("Entered Create User Async"); var localDoZenStore = services.GetRequiredService <LocalDoZenStore>(); var result = await base.CreateUserAsync(account, options); if (result.Identity.IsAuthenticated) { Console.WriteLine("Entered Create User Async: Is Authenticated"); await localDoZenStore.SaveUserAccountAsync(result); } else { Console.WriteLine("Entered Create User Async: Else"); result = await localDoZenStore.LoadUserAccountAsync(); } Console.WriteLine("Entered Create User Async: Returning Result"); return(result); }
public override async ValueTask <ClaimsPrincipal> CreateUserAsync(RemoteUserAccount account, RemoteAuthenticationUserOptions options) { ClaimsPrincipal result = await base.CreateUserAsync(account, options); if (result.Identity.IsAuthenticated) { await _userService.SetAsync(result); } else if (!_networkService.IsOnline) { return(await _userService.GetAsync()); } return(result); }
public async override ValueTask <ClaimsPrincipal> CreateUserAsync(RemoteUserAccount account, RemoteAuthenticationUserOptions options) { var initialUser = await base.CreateUserAsync(account, options); if (initialUser?.Identity?.IsAuthenticated ?? false) { var userIdentity = (ClaimsIdentity)initialUser.Identity; account.AdditionalProperties.TryGetValue(ClaimTypes.Role, out var roleClaimValue); if (roleClaimValue is not null && roleClaimValue is JsonElement element && element.ValueKind == JsonValueKind.Array) { userIdentity.RemoveClaim(userIdentity.FindFirst(ClaimTypes.Role)); var claims = element.EnumerateArray() .Select(x => new Claim(ClaimTypes.Role, x.ToString())); userIdentity.AddClaims(claims); } } return(initialUser ?? new ClaimsPrincipal()); }
public async override ValueTask <ClaimsPrincipal> CreateUserAsync(TAccount account, RemoteAuthenticationUserOptions options) { ClaimsPrincipal user = await base.CreateUserAsync(account, options); if (account != null) { ClaimsIdentity?claimsIdentity = (ClaimsIdentity?)user.Identity; if (claimsIdentity != null) { foreach (KeyValuePair <string, object> kvp in account.AdditionalProperties) { if (kvp.Value is JsonElement element && element.ValueKind == JsonValueKind.Array) { claimsIdentity.RemoveClaim(claimsIdentity.FindFirst(kvp.Key)); IEnumerable <Claim> claims = element .EnumerateArray() .Select(e => e.ToString()) .Where(v => !string.IsNullOrWhiteSpace(v)) .Select(v => new Claim(kvp.Key, v !)) .ToList(); claimsIdentity.AddClaims(claims); } } } } return(user); }
public override async ValueTask <ClaimsPrincipal> CreateUserAsync(RemoteUserAccount account, RemoteAuthenticationUserOptions options) { var user = await base.CreateUserAsync(account, options); if (user.Identity?.IsAuthenticated == true) { var identity = (ClaimsIdentity)user.Identity; foreach (var claim in identity.Claims.ToList()) { if (account.AdditionalProperties.TryGetValue(claim.Type, out var claimObj) && claimObj is JsonElement jsonElement && jsonElement.ValueKind == JsonValueKind.Array) { identity.RemoveClaim(claim); foreach (var arrayElement in jsonElement.EnumerateArray()) { identity.AddClaim(new Claim(claim.Type, arrayElement.GetString() ?? string.Empty)); } } } } return(user); }
public override async ValueTask <ClaimsPrincipal> CreateUserAsync(RemoteUserAccount account, RemoteAuthenticationUserOptions options) { var localVehiclesStore = services.GetRequiredService <LocalVehiclesStore>(); var result = await base.CreateUserAsync(account, options); if (result.Identity.IsAuthenticated) { await localVehiclesStore.SaveUserAccountAsync(result); } else { result = await localVehiclesStore.LoadUserAccountAsync(); } return(result); }
public async override ValueTask <ClaimsPrincipal> CreateUserAsync(CustomUserAccount account, RemoteAuthenticationUserOptions options) { var initialUser = await base.CreateUserAsync(account, options); if (initialUser.Identity.IsAuthenticated) { ((ClaimsIdentity)initialUser.Identity).AddClaim(new Claim("picture", account.ProfilePicture)); } return(initialUser); }
// when a user belongs to multiple roles, IS4 returns a single claim with a serialised array of values // this class improves the original factory by deserializing the claims in the correct way public async override ValueTask <ClaimsPrincipal> CreateUserAsync(TAccount account, RemoteAuthenticationUserOptions options) { var user = await base.CreateUserAsync(account, options); var claimsIdentity = (ClaimsIdentity)user.Identity; if (account != null) { foreach (var kvp in account.AdditionalProperties) { var name = kvp.Key; var value = kvp.Value; if (value != null && (value is JsonElement element && element.ValueKind == JsonValueKind.Array)) { claimsIdentity.RemoveClaim(claimsIdentity.FindFirst(kvp.Key)); var claims = element.EnumerateArray() .Select(x => new Claim(kvp.Key, x.ToString())); claimsIdentity.AddClaims(claims); } } } return(user); }
/// <inheritdoc/> public async override ValueTask <ClaimsPrincipal> CreateUserAsync(AzureAdRemoteUserAccount account, RemoteAuthenticationUserOptions options) { var initialUser = await base.CreateUserAsync(account, options); if (initialUser.Identity.IsAuthenticated) { var userIdentity = initialUser.Identity as ClaimsIdentity; if (userIdentity == null) { return(initialUser); } foreach (var role in account.Roles) { userIdentity.AddClaim(new Claim("appRole", role)); } foreach (var wid in account.Wids) { userIdentity.AddClaim(new Claim("directoryRole", wid)); } } return(initialUser); }
public async override ValueTask <ClaimsPrincipal> CreateUserAsync(CustomUserAccount account, RemoteAuthenticationUserOptions options) { var initial = await base.CreateUserAsync(account, options); if (initial.Identity.IsAuthenticated) { foreach (var value in account.AuthenticationMethod) { ((ClaimsIdentity)initial.Identity).AddClaim(new Claim("amr", value)); } } return(initial); }