/// <summary> /// Cookie auth provider that adds extra role claims on the identity /// Role claims are kept in cache and added on the identity on every request /// </summary> /// <returns></returns> private static CookieAuthenticationProvider GetMyCookieAuthenticationProvider() { var cookieAuthenticationProvider = new CookieAuthenticationProvider(); cookieAuthenticationProvider.OnValidateIdentity = async context => { var cookieValidatorFunc = SecurityStampValidator.OnValidateIdentity <UserManager, ApplicationUser>( TimeSpan.FromMinutes(10), (manager, user) => { var identity = manager.GenerateUserIdentityAsync(user); return(identity); }); await cookieValidatorFunc.Invoke(context); if (context.Identity == null || !context.Identity.IsAuthenticated) { return; } // get list of roles on the user var userRoles = context.Identity .Claims .Where(c => c.Type == ClaimTypes.Role) .Select(c => c.Value) .ToList(); foreach (var roleName in userRoles) { var cacheKey = ApplicationRole.GetCacheKey(roleName); var cachedClaims = System.Web.HttpContext.Current.Cache[cacheKey] as IEnumerable <Claim>; if (cachedClaims == null) { var roleManager = DependencyResolver.Current.GetService <RoleManager>(); cachedClaims = await roleManager.GetClaimsAsync(roleName); System.Web.HttpContext.Current.Cache[cacheKey] = cachedClaims; } context.Identity.AddClaims(cachedClaims); } }; cookieAuthenticationProvider.OnApplyRedirect = ctx => { if (!IsApiRequest(ctx.Request)) { ctx.Response.Redirect(ctx.RedirectUri); } }; return(cookieAuthenticationProvider); }
public async System.Threading.Tasks.Task <IHttpActionResult> EditClaimsAsync([FromBody] RoleClaimsViewModel viewModel) { var role = await _roleManager.FindByIdAsync(viewModel.RoleId); role.Name = viewModel.RoleName; var roleResult = await _roleManager.UpdateAsync(role); var roleClaims = await _roleManager.GetClaimsAsync(role.Name); // this is ugly. Deletes all the claims and adds them back in. // can be done in a better fashion foreach (var removedClaim in roleClaims) { await _roleManager.RemoveClaimAsync(role.Id, removedClaim); } var submittedClaims = viewModel .SelectedClaims .Select(s => { var tokens = s.Split('#'); if (tokens.Count() != 2) { throw new Exception(String.Format("Claim {0} can't be processed because it is in incorrect format", s)); } return(new Claim(tokens[0], tokens[1])); }).ToList(); roleClaims = await _roleManager.GetClaimsAsync(role.Name); foreach (var submittedClaim in submittedClaims) { var hasClaim = roleClaims.Any(c => c.Value == submittedClaim.Value && c.Type == submittedClaim.Type); if (!hasClaim) { await _roleManager.AddClaimAsync(role.Id, submittedClaim); } } roleClaims = await _roleManager.GetClaimsAsync(role.Name); var cacheKey = ApplicationRole.GetCacheKey(role.Name); System.Web.HttpContext.Current.Cache.Remove(cacheKey); return(CCOk(roleClaims)); }