protected override async Task <ClaimsIdentity> GenerateClaimsAsync(IdentityUser user)
{
var identity = await base.GenerateClaimsAsync(user);
var rtoPCalcer = new CalcAllowedPermissions(_extraAuthDbContext);
identity.AddClaim(new Claim(PermissionConstants.PackedPermissionClaimType,
await rtoPCalcer.CalcPermissionsForUser(identity.Claims)));
return(identity);
}
public async Task ValidateAsync(CookieValidatePrincipalContext context)
{
if (context.Principal.Claims.Any(x => x.Type == PermissionConstants.PackedPermissionClaimType))
{
return;
}
//No permissions in the claims, so we need to add it. This is only happen once after the user has logged in
var claims = new List <Claim>();
claims.AddRange(context.Principal.Claims); //Copy over existing claims
//Now calculate the Permissions Claim value and add it
claims.Add(new Claim(PermissionConstants.PackedPermissionClaimType,
await _rtoPCalcer.CalcPermissionsForUser(context.Principal.Claims)));
//Build a new ClaimsPrincipal and use it to replace the current ClaimsPrincipal
var identity = new ClaimsIdentity(claims, "Cookie");
var newPrincipal = new ClaimsPrincipal(identity);
context.ReplacePrincipal(newPrincipal);
//THIS IS IMPORTANT: This updates the cookie, otherwise this calc will be done every HTTP request
context.ShouldRenew = true;
}