public Task ValidatePrincipal(CookieValidatePrincipalContext context)
{
//
// TODO: uncomment this after next release of aspnet core
// and fix the broken
// it needs to resolve options per tenant
//await securityStampValidator.ValidateAsync(context);
var tenant = context.HttpContext.GetTenant<SiteContext>();
if (tenant == null)
{
context.RejectPrincipal();
}
var siteGuidClaim = new Claim("SiteGuid", tenant.Id.ToString());
if (!context.Principal.HasClaim(siteGuidClaim.Type, siteGuidClaim.Value))
{
logger.LogInformation("rejecting principal because it does not have siteguid");
context.RejectPrincipal();
}
//TODO: should we lookup the user here and reject if locked out or deleted?
return Task.FromResult(0);
}
