NDB.Security.Authentication.Identity upgrade
parent
14ea9a7112
commit
f24972375d
|
|
@ -3,6 +3,10 @@
|
||||||
public struct ClaimTypes
|
public struct ClaimTypes
|
||||||
{
|
{
|
||||||
public const string
|
public const string
|
||||||
IsGuestUser = "IsGuestUser";
|
UserName = "UserName",
|
||||||
|
FirstName = "FirstName",
|
||||||
|
LastName = "LastName",
|
||||||
|
IsGuestUser = "IsGuestUser",
|
||||||
|
ProfilePictureUrl = "ProfilePictureUrl";
|
||||||
}
|
}
|
||||||
}
|
}
|
||||||
|
|
|
||||||
|
|
@ -4,6 +4,8 @@ using Microsoft.AspNetCore.Authentication;
|
||||||
using Microsoft.Extensions.Logging;
|
using Microsoft.Extensions.Logging;
|
||||||
using Microsoft.Extensions.Options;
|
using Microsoft.Extensions.Options;
|
||||||
using NDB.Security.Authentication.Identity.Abstractions;
|
using NDB.Security.Authentication.Identity.Abstractions;
|
||||||
|
using System.Collections.Generic;
|
||||||
|
using System.Linq;
|
||||||
using System.Net.Http.Headers;
|
using System.Net.Http.Headers;
|
||||||
using System.Security.Claims;
|
using System.Security.Claims;
|
||||||
using System.Text.Encodings.Web;
|
using System.Text.Encodings.Web;
|
||||||
|
|
@ -30,40 +32,71 @@ namespace NDB.Security.Authentication.Identity
|
||||||
var authenticateAsGuest = _authenticationOptions.AuthenticateAsGuest?.Invoke(Request) ?? false;
|
var authenticateAsGuest = _authenticationOptions.AuthenticateAsGuest?.Invoke(Request) ?? false;
|
||||||
if (authenticateAsGuest)
|
if (authenticateAsGuest)
|
||||||
{
|
{
|
||||||
var guestTicket = GetAuthenticationTicket(new User() { UserId = _authenticationOptions.GuestUserId, UserName = _authenticationOptions.GuestUserName }, true);
|
var guestTicket = GetGuestAuthenticationTicket(_authenticationOptions.GuestUserId, _authenticationOptions.GuestUserName);
|
||||||
return AuthenticateResult.Success(guestTicket);
|
return AuthenticateResult.Success(guestTicket);
|
||||||
}
|
}
|
||||||
|
|
||||||
return AuthenticateResult.Fail("Missing Authorization Header");
|
return AuthenticateResult.Fail("Missing Authorization Header");
|
||||||
}
|
}
|
||||||
|
|
||||||
User user;
|
TokenCore tokenCore;
|
||||||
try
|
try
|
||||||
{
|
{
|
||||||
var authorizationHeader = AuthenticationHeaderValue.Parse(Request.Headers["Authorization"]);
|
var authorizationHeader = AuthenticationHeaderValue.Parse(Request.Headers["Authorization"]);
|
||||||
var token = authorizationHeader.Parameter;
|
var token = authorizationHeader.Parameter;
|
||||||
user = await _identityService.Authorize(token);
|
tokenCore = await _identityService.Authorize(token);
|
||||||
}
|
}
|
||||||
catch
|
catch
|
||||||
{
|
{
|
||||||
return AuthenticateResult.Fail("Invalid Authorization Header");
|
return AuthenticateResult.Fail("Invalid authorization header");
|
||||||
}
|
}
|
||||||
|
|
||||||
if (user == null)
|
if (tokenCore == null)
|
||||||
return AuthenticateResult.Fail("Invalid Username or Password");
|
return AuthenticateResult.Fail("Invalid token");
|
||||||
|
|
||||||
var ticket = GetAuthenticationTicket(user);
|
var ticket = GetAuthenticationTicket(tokenCore);
|
||||||
return AuthenticateResult.Success(ticket);
|
return AuthenticateResult.Success(ticket);
|
||||||
}
|
}
|
||||||
|
|
||||||
private AuthenticationTicket GetAuthenticationTicket(User user, bool isGuest = false)
|
private AuthenticationTicket GetGuestAuthenticationTicket(int guestId, string guestName)
|
||||||
{
|
{
|
||||||
var claims = new[] {
|
var claims = new[] {
|
||||||
new Claim(ClaimTypes.NameIdentifier, user.UserId.ToString()),
|
new Claim(ClaimTypes.NameIdentifier, guestId.ToString()),
|
||||||
new Claim(ClaimTypes.Name, user.UserName),
|
new Claim(ClaimTypes.Name, guestName),
|
||||||
new Claim(Constants.ClaimTypes.IsGuestUser, isGuest.ToString())
|
new Claim(Constants.ClaimTypes.IsGuestUser, bool.TrueString)
|
||||||
};
|
};
|
||||||
|
|
||||||
|
var ticket = GetAuthenticationTicket(claims);
|
||||||
|
return ticket;
|
||||||
|
}
|
||||||
|
|
||||||
|
private AuthenticationTicket GetAuthenticationTicket(TokenCore tokenCore)
|
||||||
|
{
|
||||||
|
var claimCollection = new Dictionary<string, string>()
|
||||||
|
{
|
||||||
|
{ ClaimTypes.NameIdentifier, tokenCore.UserId.ToString() },
|
||||||
|
{ ClaimTypes.Name, tokenCore.UserName },
|
||||||
|
{ Constants.ClaimTypes.UserName, tokenCore.UserName },
|
||||||
|
{ Constants.ClaimTypes.FirstName, tokenCore.FirstName },
|
||||||
|
{ Constants.ClaimTypes.LastName, tokenCore.LastName },
|
||||||
|
{ Constants.ClaimTypes.ProfilePictureUrl, tokenCore.ProfilePictureUrl },
|
||||||
|
{ ClaimTypes.Email, tokenCore.Email }
|
||||||
|
};
|
||||||
|
|
||||||
|
if (tokenCore.Claims != null && tokenCore.Claims.Any())
|
||||||
|
{
|
||||||
|
foreach (var claim in tokenCore.Claims)
|
||||||
|
claimCollection.Add(claim.Key, claim.Value);
|
||||||
|
}
|
||||||
|
|
||||||
|
var claims = claimCollection.Select(z => new Claim(z.Key, z.Value)).ToArray();
|
||||||
|
var ticket = GetAuthenticationTicket(claims);
|
||||||
|
|
||||||
|
return ticket;
|
||||||
|
}
|
||||||
|
|
||||||
|
private AuthenticationTicket GetAuthenticationTicket(Claim[] claims)
|
||||||
|
{
|
||||||
var identity = new ClaimsIdentity(claims, Scheme.Name);
|
var identity = new ClaimsIdentity(claims, Scheme.Name);
|
||||||
var principal = new ClaimsPrincipal(identity);
|
var principal = new ClaimsPrincipal(identity);
|
||||||
var ticket = new AuthenticationTicket(principal, Scheme.Name);
|
var ticket = new AuthenticationTicket(principal, Scheme.Name);
|
||||||
|
|
|
||||||
|
|
@ -11,7 +11,7 @@
|
||||||
</PropertyGroup>
|
</PropertyGroup>
|
||||||
|
|
||||||
<ItemGroup>
|
<ItemGroup>
|
||||||
<PackageReference Include="IdentityServer.Wrapper" Version="1.0.1" />
|
<PackageReference Include="IdentityServer.Wrapper" Version="1.1.0" />
|
||||||
<PackageReference Include="Microsoft.AspNetCore.Authentication" Version="2.2.0" />
|
<PackageReference Include="Microsoft.AspNetCore.Authentication" Version="2.2.0" />
|
||||||
</ItemGroup>
|
</ItemGroup>
|
||||||
|
|
||||||
|
|
|
||||||
Loading…
Reference in New Issue