public ClaimMapResult Map(IHeaderDictionary headers)
{
var isIgnored =
_easyAuthOptions.Value.IgnoreClaimTypes.Any(c =>
c.Equals(ClaimTypes.System, StringComparison.OrdinalIgnoreCase));
// try and map the header claims from a value in the header
if (!isIgnored && headers.ContainsKey(CustomHeaderDictionaryTransformer.HeaderName))
{
return(ClaimMapResult.Success(new[]
{
new Claim(ClaimTypes.System, headers[CustomHeaderDictionaryTransformer.HeaderName].First()),
new Claim(ClaimTypes.Webpage, _contextAccessor.HttpContext.Request.Path),
}));
}
return(ClaimMapResult.NoResult);
}
public ClaimMapResult Map(IHeaderDictionary headers)
{
if (!string.IsNullOrEmpty(headers[KnownEasyAuthHeaders.PrincipalObjectHeader]))
{
var claims = new List <Claim>();
_logger.LogTrace($"Building claims from payload in {KnownEasyAuthHeaders.PrincipalObjectHeader} header.");
try
{
var headerValue = headers[KnownEasyAuthHeaders.PrincipalObjectHeader].First();
var payload = Encoding.UTF8.GetString(Convert.FromBase64String(headerValue));
var headerPrincipalModel = JsonSerializer.Deserialize <EasyAuthHeaderPrincipalModel>(payload);
var config = _easyAuthOptions.Value;
foreach (var claimsModel in headerPrincipalModel.Claims)
{
var claimType = claimsModel.Type;
var ignoreClaimType = config.IgnoreClaimTypes.Any(c =>
c.Equals(claimType, StringComparison.OrdinalIgnoreCase));
if (!ignoreClaimType)
{
var commaSeparated =
config.ClaimTypesWithCommaSeparatedValues.Any(c =>
c.Equals(claimType, StringComparison.OrdinalIgnoreCase));
_logger.LogTrace($"ClaimType \"{claimType}\" value is treated as comma separated = {commaSeparated}");
if (claimsModel.Type.Equals(KnownEasyAuthClaimAliases.Roles, StringComparison.OrdinalIgnoreCase))
{
claimType = string.IsNullOrEmpty(headerPrincipalModel.RoleClaimType) ? ClaimTypes.Role : headerPrincipalModel.RoleClaimType;
}
else if (claimsModel.Type.Equals(KnownEasyAuthClaimAliases.Name, StringComparison.OrdinalIgnoreCase))
{
claimType = string.IsNullOrEmpty(headerPrincipalModel.NameClaimType) ? ClaimTypes.Name : headerPrincipalModel.NameClaimType;
}
if (commaSeparated)
{
claims.AddRange(claimsModel.Value.Split(',')
.Select(c => new Claim(claimType, c)));
}
else
{
claims.Add(new Claim(claimType, claimsModel.Value));
}
}
else
{
_logger.LogTrace($"Ignoring ClaimType: {claimType}");
}
}
return(ClaimMapResult.Success(claims));
}
catch (Exception e)
{
_logger.LogError(e, "Building claims from header failed");
}
}
return(ClaimMapResult.Fail($"{KnownEasyAuthHeaders.PrincipalObjectHeader} header was not present or in the expected format."));
}
