internal DigidUser AuthenticateFakeUser()
{
var properties = new NameValueCollection();
properties.Add(DigidConstants.Uid, "900003509");
properties.Add(DigidConstants.Organization, "someOrganization");
properties.Add(DigidConstants.TgtExpTime, "645643632");
var digidUser = new DigidUser(properties);
return(digidUser);
}
public async Task <DigidUser> VerifyUser(string aselectCredentials, string rid)
{
// Call to SIAM server
var siamUrl = _config["DigidCgi:SiamServer"];
var aSelectServer = _config["DigidCgi:SiamServerName"];
var sharedSecret = _config["DigidCgi:SharedSecret"];
var extraAttributes = "givenName";
var url = string.Format(SiamRequestVerifyUserUrl, siamUrl, aSelectServer, rid, aselectCredentials, sharedSecret, extraAttributes);
var response = await _digidClient.GetAsync(url);
string result = await response.Content.ReadAsStringAsync();
var digidValues = HttpUtility.ParseQueryString(result);
var resultCode = digidValues[DigidConstants.ResultCode];
if (!resultCode.Equals(DigidConstants.ResultCodeOk))
{
throw new Exception($"SIAM Result code: {resultCode}");
}
var demandedAuthenticationLevel = int.Parse(digidValues[DigidConstants.AppLevel]);
var usedAuthenticationLevel = int.Parse(digidValues[DigidConstants.AuthspLevel]);
if (demandedAuthenticationLevel > usedAuthenticationLevel)
{
// DigiD should make sure the user can only login at the desired level or higher. We just throw an exception when this happens.
throw new Exception("Het gebruikte authenticatieniveau is {usedAuthenticationLevel}, maar moet minimaal {demandedAuthenticationLevel} zijn.");
}
var digidUser = new DigidUser(digidValues);
return(digidUser);
}
internal string GenerateJsonWebToken(DigidUser digidUser, SignInProvider signInProvider)
{
return(CreateJwtSecurityToken(digidUser.Bsn, signInProvider));
}
