internal DigidUser AuthenticateFakeUser() { var properties = new NameValueCollection(); properties.Add(DigidConstants.Uid, "900003509"); properties.Add(DigidConstants.Organization, "someOrganization"); properties.Add(DigidConstants.TgtExpTime, "645643632"); var digidUser = new DigidUser(properties); return(digidUser); }
public async Task <DigidUser> VerifyUser(string aselectCredentials, string rid) { // Call to SIAM server var siamUrl = _config["DigidCgi:SiamServer"]; var aSelectServer = _config["DigidCgi:SiamServerName"]; var sharedSecret = _config["DigidCgi:SharedSecret"]; var extraAttributes = "givenName"; var url = string.Format(SiamRequestVerifyUserUrl, siamUrl, aSelectServer, rid, aselectCredentials, sharedSecret, extraAttributes); var response = await _digidClient.GetAsync(url); string result = await response.Content.ReadAsStringAsync(); var digidValues = HttpUtility.ParseQueryString(result); var resultCode = digidValues[DigidConstants.ResultCode]; if (!resultCode.Equals(DigidConstants.ResultCodeOk)) { throw new Exception($"SIAM Result code: {resultCode}"); } var demandedAuthenticationLevel = int.Parse(digidValues[DigidConstants.AppLevel]); var usedAuthenticationLevel = int.Parse(digidValues[DigidConstants.AuthspLevel]); if (demandedAuthenticationLevel > usedAuthenticationLevel) { // DigiD should make sure the user can only login at the desired level or higher. We just throw an exception when this happens. throw new Exception("Het gebruikte authenticatieniveau is {usedAuthenticationLevel}, maar moet minimaal {demandedAuthenticationLevel} zijn."); } var digidUser = new DigidUser(digidValues); return(digidUser); }
internal string GenerateJsonWebToken(DigidUser digidUser, SignInProvider signInProvider) { return(CreateJwtSecurityToken(digidUser.Bsn, signInProvider)); }