diff --git a/NDB.Security.Authentication.Identity/Constants/ClaimTypes.cs b/NDB.Security.Authentication.Identity/Constants/ClaimTypes.cs index 8255fa4..e18c776 100644 --- a/NDB.Security.Authentication.Identity/Constants/ClaimTypes.cs +++ b/NDB.Security.Authentication.Identity/Constants/ClaimTypes.cs @@ -3,6 +3,10 @@ public struct ClaimTypes { public const string - IsGuestUser = "IsGuestUser"; + UserName = "UserName", + FirstName = "FirstName", + LastName = "LastName", + IsGuestUser = "IsGuestUser", + ProfilePictureUrl = "ProfilePictureUrl"; } } diff --git a/NDB.Security.Authentication.Identity/IdentityAuthenticationHandler.cs b/NDB.Security.Authentication.Identity/IdentityAuthenticationHandler.cs index d28fbbf..e633b55 100644 --- a/NDB.Security.Authentication.Identity/IdentityAuthenticationHandler.cs +++ b/NDB.Security.Authentication.Identity/IdentityAuthenticationHandler.cs @@ -4,6 +4,8 @@ using Microsoft.AspNetCore.Authentication; using Microsoft.Extensions.Logging; using Microsoft.Extensions.Options; using NDB.Security.Authentication.Identity.Abstractions; +using System.Collections.Generic; +using System.Linq; using System.Net.Http.Headers; using System.Security.Claims; using System.Text.Encodings.Web; @@ -30,40 +32,71 @@ namespace NDB.Security.Authentication.Identity var authenticateAsGuest = _authenticationOptions.AuthenticateAsGuest?.Invoke(Request) ?? false; if (authenticateAsGuest) { - var guestTicket = GetAuthenticationTicket(new User() { UserId = _authenticationOptions.GuestUserId, UserName = _authenticationOptions.GuestUserName }, true); + var guestTicket = GetGuestAuthenticationTicket(_authenticationOptions.GuestUserId, _authenticationOptions.GuestUserName); return AuthenticateResult.Success(guestTicket); } return AuthenticateResult.Fail("Missing Authorization Header"); } - User user; + TokenCore tokenCore; try { var authorizationHeader = AuthenticationHeaderValue.Parse(Request.Headers["Authorization"]); var token = authorizationHeader.Parameter; - user = await _identityService.Authorize(token); + tokenCore = await _identityService.Authorize(token); } catch { - return AuthenticateResult.Fail("Invalid Authorization Header"); + return AuthenticateResult.Fail("Invalid authorization header"); } - if (user == null) - return AuthenticateResult.Fail("Invalid Username or Password"); + if (tokenCore == null) + return AuthenticateResult.Fail("Invalid token"); - var ticket = GetAuthenticationTicket(user); + var ticket = GetAuthenticationTicket(tokenCore); return AuthenticateResult.Success(ticket); } - private AuthenticationTicket GetAuthenticationTicket(User user, bool isGuest = false) + private AuthenticationTicket GetGuestAuthenticationTicket(int guestId, string guestName) { var claims = new[] { - new Claim(ClaimTypes.NameIdentifier, user.UserId.ToString()), - new Claim(ClaimTypes.Name, user.UserName), - new Claim(Constants.ClaimTypes.IsGuestUser, isGuest.ToString()) + new Claim(ClaimTypes.NameIdentifier, guestId.ToString()), + new Claim(ClaimTypes.Name, guestName), + new Claim(Constants.ClaimTypes.IsGuestUser, bool.TrueString) }; + var ticket = GetAuthenticationTicket(claims); + return ticket; + } + + private AuthenticationTicket GetAuthenticationTicket(TokenCore tokenCore) + { + var claimCollection = new Dictionary() + { + { ClaimTypes.NameIdentifier, tokenCore.UserId.ToString() }, + { ClaimTypes.Name, tokenCore.UserName }, + { Constants.ClaimTypes.UserName, tokenCore.UserName }, + { Constants.ClaimTypes.FirstName, tokenCore.FirstName }, + { Constants.ClaimTypes.LastName, tokenCore.LastName }, + { Constants.ClaimTypes.ProfilePictureUrl, tokenCore.ProfilePictureUrl }, + { ClaimTypes.Email, tokenCore.Email } + }; + + if (tokenCore.Claims != null && tokenCore.Claims.Any()) + { + foreach (var claim in tokenCore.Claims) + claimCollection.Add(claim.Key, claim.Value); + } + + var claims = claimCollection.Select(z => new Claim(z.Key, z.Value)).ToArray(); + var ticket = GetAuthenticationTicket(claims); + + return ticket; + } + + private AuthenticationTicket GetAuthenticationTicket(Claim[] claims) + { var identity = new ClaimsIdentity(claims, Scheme.Name); var principal = new ClaimsPrincipal(identity); var ticket = new AuthenticationTicket(principal, Scheme.Name); diff --git a/NDB.Security.Authentication.Identity/NDB.Security.Authentication.Identity.csproj b/NDB.Security.Authentication.Identity/NDB.Security.Authentication.Identity.csproj index e9e4654..6333dcc 100644 --- a/NDB.Security.Authentication.Identity/NDB.Security.Authentication.Identity.csproj +++ b/NDB.Security.Authentication.Identity/NDB.Security.Authentication.Identity.csproj @@ -11,7 +11,7 @@ - +