private async ValueTask <SharePointUserTokenResult> UserSessionTokenHandler(string key, Uri target)
{
if (target == null)
{
return(null);
}
var tokenResult = GetSessionValueOrDefault <SharePointUserTokenResult>(key);
if (tokenResult == null || tokenResult.Expires.AddMinutes(-1) <= DateTime.UtcNow)
{
var tokenResponse = await GetS2SAccessTokenWithWindowsIdentity(target, GetWindowsIdentity());
var user = await _sharePointClient.GetSharePointContextUser(target, tokenResponse.AccessToken);
tokenResult = new SharePointUserTokenResult(tokenResponse.AccessToken, tokenResponse.Expires, user);
SetSessionValue(key, tokenResult);
}
return(tokenResult);
}
internal static ClaimsPrincipal ToClaimsPrincipal(this SharePointUserTokenResult tokenResult, string authenticationType, IEnumerable <string> roles = null)
{
var claimsIdentity = new ClaimsIdentity(authenticationType);
claimsIdentity.AddClaims(new[]
{
new Claim(ClaimTypes.NameIdentifier, tokenResult.User.Id.ToString()),
new Claim(ClaimTypes.Upn, tokenResult.User.UserPrincipalName),
new Claim(ClaimTypes.Name, tokenResult.User.Title),
new Claim(ClaimTypes.Email, tokenResult.User.Email),
new Claim(SharePointAuthentication.AccessTokenClaim, tokenResult.AccessToken),
});
if (roles != null)
{
foreach (var role in roles)
{
claimsIdentity.AddClaim(new Claim(ClaimTypes.Role, role));
}
}
return(new ClaimsPrincipal(claimsIdentity));
}
