/// <summary> /// Called when the security stamp has been verified. /// </summary> /// <param name="user">The user who has been verified.</param> /// <param name="context">The <see cref="CookieValidatePrincipalContext"/>.</param> /// <returns>A task.</returns> protected virtual async Task SecurityStampVerified(TUser user, CookieValidatePrincipalContext context) { var newPrincipal = await SignInManager.CreateUserPrincipalAsync(user); if (Options.OnRefreshingPrincipal != null) { var replaceContext = new SecurityStampRefreshingPrincipalContext { CurrentPrincipal = context.Principal, NewPrincipal = newPrincipal }; // Note: a null principal is allowed and results in a failed authentication. await Options.OnRefreshingPrincipal(replaceContext); newPrincipal = replaceContext.NewPrincipal; } // REVIEW: note we lost login authentication method context.ReplacePrincipal(newPrincipal); context.ShouldRenew = true; if (!context.Options.SlidingExpiration) { // On renewal calculate the new ticket length relative to now to avoid // extending the expiration. context.Properties.IssuedUtc = Clock.UtcNow; } }
/// <summary> /// Maintains the claims captured at login time that are not being created by ASP.NET Identity. /// This is needed to preserve claims such as idp, auth_time, amr. /// </summary> /// <param name="context">The context.</param> /// <returns></returns> public static Task UpdatePrincipal(SecurityStampRefreshingPrincipalContext context) { var newClaimTypes = context.NewPrincipal.Claims.Select(x => x.Type).ToArray(); var currentClaimsToKeep = context.CurrentPrincipal.Claims.Where(x => !newClaimTypes.Contains(x.Type)).ToArray(); var id = context.NewPrincipal.Identities.First(); id.AddClaims(currentClaimsToKeep); return(Task.CompletedTask); }
/// <summary> /// Called when the security stamp has been verified. /// </summary> /// <param name="user">The user who has been verified.</param> /// <param name="context">The <see cref="CookieValidatePrincipalContext"/>.</param> /// <returns>A task.</returns> protected virtual async Task SecurityStampVerified(User user, CookieValidatePrincipalContext context) { var newPrincipal = await SignInManager.CreateUserPrincipalAsync(user); if (Options.OnRefreshingPrincipal != null) { var replaceContext = new SecurityStampRefreshingPrincipalContext { CurrentPrincipal = context.Principal, NewPrincipal = newPrincipal }; // Note: a null principal is allowed and results in a failed authentication. await Options.OnRefreshingPrincipal(replaceContext); newPrincipal = replaceContext.NewPrincipal; } //当默认安全戳验证器替换cookie中的用户CalimsEngor时调用。 context.ReplacePrincipal(newPrincipal); context.ShouldRenew = true; }
public async Task SecurityStampVerified(CookieValidatePrincipalContext context) { var newPrincipal = new ClaimsPrincipal(new ClaimsIdentity(context.Principal?.Claims, CookieAuthenticationDefaults.AuthenticationScheme)); if (Options.OnRefreshingPrincipal != null) { var replaceContext = new SecurityStampRefreshingPrincipalContext { CurrentPrincipal = context.Principal, NewPrincipal = newPrincipal }; // Note: a null principal is allowed and results in a failed authentication. await Options.OnRefreshingPrincipal(replaceContext); newPrincipal = replaceContext.NewPrincipal; } // REVIEW: note we lost login authentication method context.ReplacePrincipal(newPrincipal); context.ShouldRenew = true; }