public ClaimsIdentity GenerateUserIdentity(UserManager <UserModel, int> manager, string authenticationType) { this.claims = manager.CreateIdentity(this, authenticationType); var stsId = ShortGuid.NewGuid(); this.claims.AddClaim(new Claim("sts:id", stsId, ClaimValueTypes.String)); var stsData = manager.GetSecurityStamp(Id); this.claims.AddClaim(new Claim("sts:ds", CryptographService.CreateMacCode(stsData, stsId), ClaimValueTypes.String)); this.claims.AddClaim(new Claim(System.IdentityModel.Tokens.JwtRegisteredClaimNames.AuthTime, DateTime.UtcNow.Ticks.ToString(), ClaimValueTypes.Integer64)); this.claims.AddClaim(new Claim("name", this.Name, ClaimValueTypes.String)); // 不要なクレームを削除 var delClaim = this.claims.Claims.Where(c => c.Type == "AspNet.Identity.SecurityStamp").SingleOrDefault(); if (delClaim != null) { this.claims.TryRemoveClaim(delClaim); } delClaim = this.claims.Claims.Where(c => c.Type == "http://schemas.microsoft.com/accesscontrolservice/2010/07/claims/identityprovider").SingleOrDefault(); if (delClaim != null) { this.claims.TryRemoveClaim(delClaim); } return(this.claims); }
public override Task ValidateIdentity(OAuthValidateIdentityContext context) { ClaimsIdentity claimIdentity = context.Ticket.Identity; var claims = claimIdentity.Claims; var userManager = context.OwinContext.GetUserManager <ApplicationUserManager>(); var user = userManager.FindByName(claimIdentity.Name); var sts = userManager.GetSecurityStamp(user.Id); var owin = HttpContext.Current.GetOwinContext(); var stsid = claims.Where(c => c.Type == "sts:id").Select(c => c.Value).SingleOrDefault(); var stsdata = claims.Where(c => c.Type == "sts:ds").Select(c => c.Value).SingleOrDefault(); if (string.IsNullOrEmpty(sts) || string.IsNullOrEmpty(stsid) || string.IsNullOrEmpty(stsdata)) { context.Rejected(); } else if (stsdata != CryptographService.CreateMacCode(sts, stsid)) { context.Rejected(); } return(base.ValidateIdentity(context)); }