public Task OnAuthenticated(AuthenticatedContext context, bool resolveNestedGroups = true)
{
var loggerFactory = context.HttpContext.RequestServices.GetRequiredService <ILoggerFactory>();
var logger = loggerFactory.CreateLogger("LinuxAdapter");
var user = context.Principal.Identity.Name;
var userAccountName = user.Substring(0, user.IndexOf('@'));
string filter = $"(&(objectClass=user)(sAMAccountName={userAccountName}))"; // This is using ldap search query language, it is looking on the server for someUser
SearchRequest searchRequest = new SearchRequest(_distinguishedName, filter, SearchScope.Subtree, null);
SearchResponse searchResponse = (SearchResponse)_connection.SendRequest(searchRequest);
if (searchResponse.Entries.Count > 0)
{
if (searchResponse.Entries.Count > 1)
{
logger.LogWarning($"More than one response received for query: {filter} with distinguished name: {_distinguishedName}");
}
var userFound = searchResponse.Entries[0]; //Get the object that was found on ldap
var memberof = userFound.Attributes["memberof"]; // You can access ldap Attributes with Attributes property
var claimsIdentity = context.Principal.Identity as ClaimsIdentity;
foreach (var group in memberof)
{
// Example distinguished name: CN=TestGroup,DC=KERB,DC=local
var groupDN = $"{Encoding.UTF8.GetString((byte[])group)}";
var groupCN = groupDN.Split(',')[0].Substring("CN=".Length);
if (resolveNestedGroups)
{
GetNestedGroups(claimsIdentity, groupCN, logger);
}
else
{
AddRole(claimsIdentity, groupCN);
}
}
}
else
{
logger.LogWarning($"No response received for query: {filter} with distinguished name: {_distinguishedName}");
}
return(Task.CompletedTask);
}
/// <summary> /// Invoked after the authentication is complete and a ClaimsIdentity has been generated. /// </summary> public virtual Task Authenticated(AuthenticatedContext context) => OnAuthenticated(context);