public ClaimsIdentity GenerateUserIdentity(UserManager <UserModel, int> manager, string authenticationType)
{
this.claims = manager.CreateIdentity(this, authenticationType);
var stsId = ShortGuid.NewGuid();
this.claims.AddClaim(new Claim("sts:id", stsId, ClaimValueTypes.String));
var stsData = manager.GetSecurityStamp(Id);
this.claims.AddClaim(new Claim("sts:ds", CryptographService.CreateMacCode(stsData, stsId), ClaimValueTypes.String));
this.claims.AddClaim(new Claim(System.IdentityModel.Tokens.JwtRegisteredClaimNames.AuthTime, DateTime.UtcNow.Ticks.ToString(), ClaimValueTypes.Integer64));
this.claims.AddClaim(new Claim("name", this.Name, ClaimValueTypes.String));
// 不要なクレームを削除
var delClaim = this.claims.Claims.Where(c => c.Type == "AspNet.Identity.SecurityStamp").SingleOrDefault();
if (delClaim != null)
{
this.claims.TryRemoveClaim(delClaim);
}
delClaim = this.claims.Claims.Where(c => c.Type == "http://schemas.microsoft.com/accesscontrolservice/2010/07/claims/identityprovider").SingleOrDefault();
if (delClaim != null)
{
this.claims.TryRemoveClaim(delClaim);
}
return(this.claims);
}
public override Task ValidateIdentity(OAuthValidateIdentityContext context)
{
ClaimsIdentity claimIdentity = context.Ticket.Identity;
var claims = claimIdentity.Claims;
var userManager = context.OwinContext.GetUserManager <ApplicationUserManager>();
var user = userManager.FindByName(claimIdentity.Name);
var sts = userManager.GetSecurityStamp(user.Id);
var owin = HttpContext.Current.GetOwinContext();
var stsid = claims.Where(c => c.Type == "sts:id").Select(c => c.Value).SingleOrDefault();
var stsdata = claims.Where(c => c.Type == "sts:ds").Select(c => c.Value).SingleOrDefault();
if (string.IsNullOrEmpty(sts) || string.IsNullOrEmpty(stsid) || string.IsNullOrEmpty(stsdata))
{
context.Rejected();
}
else if (stsdata != CryptographService.CreateMacCode(sts, stsid))
{
context.Rejected();
}
return(base.ValidateIdentity(context));
}
