public Task TransformAsync(CustomClaimsProviderContext context)
{
if (context.WindowsPrincipal.IsInRole(AdminWindowsGroupName))
{
context.OutgoingSubject.AddClaim(new Claim("IdentityAdmin", "IdentityAdmin"));
}
return(Task.FromResult(0));
}
public Task TransformAsync(CustomClaimsProviderContext context)
{
// find name claim on outgoing subject
var nameClaim = context.OutgoingSubject.Claims.FirstOrDefault(c => c.Type == "name");
if (nameClaim != null && nameClaim.Value == @"MARVIN-SURFACE\Kevin")
{
// add an e-mail claim to the outgoing claims
context.OutgoingSubject.AddClaim(
new System.Security.Claims.Claim("email", "*****@*****.**"));
}
return(Task.FromResult(0));
}
public async Task <SignInResponseMessage> GenerateAsync(SignInRequestMessage request, WindowsPrincipal windowsPrincipal)
{
Logger.Info("Creating WS-Federation signin response");
// create subject
var outgoingSubject = SubjectGenerator.Create(windowsPrincipal, _options);
// call custom claims tranformation logic
var context = new CustomClaimsProviderContext
{
WindowsPrincipal = windowsPrincipal,
OutgoingSubject = outgoingSubject
};
await _options.CustomClaimsProvider.TransformAsync(context);
// create token for user
var token = CreateSecurityToken(context.OutgoingSubject);
// return response
var rstr = new RequestSecurityTokenResponse
{
AppliesTo = new EndpointReference(_options.IdpRealm),
Context = request.Context,
ReplyTo = _options.IdpReplyUrl,
RequestedSecurityToken = new RequestedSecurityToken(token)
};
var serializer = new WSFederationSerializer(
new WSTrust13RequestSerializer(),
new WSTrust13ResponseSerializer());
var mgr = SecurityTokenHandlerCollectionManager.CreateEmptySecurityTokenHandlerCollectionManager();
mgr[SecurityTokenHandlerCollectionManager.Usage.Default] = CreateSupportedSecurityTokenHandler();
var responseMessage = new SignInResponseMessage(
new Uri(_options.IdpReplyUrl),
rstr,
serializer,
new WSTrustSerializationContext(mgr));
return(responseMessage);
}
public override async Task GrantCustomExtension(OAuthGrantCustomExtensionContext context)
{
var windowsPrincipal = context.OwinContext.Authentication.User as WindowsPrincipal;
if (windowsPrincipal == null)
{
context.SetError("User is not a Windows user");
return;
}
var subject = SubjectGenerator.Create(windowsPrincipal, _options);
var transformationContext = new CustomClaimsProviderContext
{
WindowsPrincipal = windowsPrincipal,
OutgoingSubject = subject
};
await _options.CustomClaimsProvider.TransformAsync(transformationContext);
context.Validated(transformationContext.OutgoingSubject);
}
public Task TransformAsync(CustomClaimsProviderContext context)
{
return(Task.FromResult(0));
}
public async Task TransformAsync(CustomClaimsProviderContext context)
{
var email = await GetEmailFromActiveDirectoryAsync(context.OutgoingSubject);
context.OutgoingSubject.AddClaim(new Claim(ClaimTypes.Email, email));
}
