All geek questions in one place

Extending resource requirements in MVC3

I have my requirements related to MVC3 using azure and everything is going well.

Now I need to expand the Claims Identity identifier, which in the current thread / http context, and add my own information (DOB, Address .. something like this)

so my question is: where is the best place to do this? any examples would be great ..

I assume that when the user is authenticated with id, then you need to go to the database and discard the corresponding record for the user, and then add it to the user's Identity Identity?

+4
source share
1 answer

Typically, you will have an http module that will check cookies, and once the FedAuth token is found, you have a hook to create the claims and credentials principle.

Usually you do not need to save the entire user profile, just useful things that usually do not change often. I do this inside an ActionFilter.

Here is the code I found that does all this.

https://github.com/wcpro/ScaffR/tree/master/src/ScaffR.Security/content/CodeTemplates/Scaffolders/ScaffR.Security

You may have to dig a little, but everything is there.

Here is the code for the http module

public class ClaimsTransformationHttpModule : IHttpModule { public void Init(HttpApplication context) { context.PostAuthenticateRequest += context_PostAuthenticateRequest; } void context_PostAuthenticateRequest(object sender, EventArgs e) { var context = ((HttpApplication) sender).Context; if (FederatedAuthentication.SessionAuthenticationModule != null && FederatedAuthentication.SessionAuthenticationModule.ContainsSessionTokenCookie(context.Request.Cookies)) { return; } var transformer = FederatedAuthentication.FederationConfiguration.IdentityConfiguration.ClaimsAuthenticationManager; if (transformer != null) { var transformedPrincipal = transformer.Authenticate(context.Request.RawUrl, context.User as ClaimsPrincipal); context.User = transformedPrincipal; Thread.CurrentPrincipal = transformedPrincipal; } } public void Dispose() { } }

Here is the Transformer Claims

  public partial class ClaimsTransformer : ClaimsAuthenticationManager { partial void SetCustomPrincipalClaims(IUserService userService, ref ClaimsPrincipal principal); public override ClaimsPrincipal Authenticate(string resourceName, ClaimsPrincipal incomingPrincipal) { if (!incomingPrincipal.Identity.IsAuthenticated) { return incomingPrincipal; } var newPrincipal = Transform(incomingPrincipal); EstablishSession(newPrincipal); return newPrincipal; } ClaimsPrincipal Transform(ClaimsPrincipal incomingPrincipal) { var nameClaim = incomingPrincipal.Identities.First().FindFirst(ClaimTypes.Name); var userService = DependencyResolver.Current.GetService<IUserService>(); var user = userService.GetByUsername(nameClaim.Value); var id = new ApplicationIdentity(user); var principal = new ClaimsPrincipal(id); SetCustomPrincipalClaims(userService, ref principal); return principal; } private void EstablishSession(ClaimsPrincipal principal) { if (HttpContext.Current != null) { var sessionToken = new SessionSecurityToken(principal); FederatedAuthentication.SessionAuthenticationModule.WriteSessionTokenToCookie(sessionToken); } } }

Then here is the configuration

 <?xml version="1.0" encoding="utf-8"?> <system.identityModel> <identityConfiguration> <claimsAuthenticationManager type="Barbarella.Core.Common.Security.ClaimsTransformer, Barbarella.Core" /> </identityConfiguration> </system.identityModel>

And this...

  <system.identityModel.services> <federationConfiguration> <cookieHandler mode="Default" requireSsl="false" /> </federationConfiguration> </system.identityModel.services>

And this...

 <system.webServer> <validation validateIntegratedModeConfiguration="false" /> <modules runAllManagedModulesForAllRequests="true"> <add name="ClaimsTransformationModule" type="Barbarella.Core.Common.Security.ClaimsTransformationHttpModule, Barbarella.Core" /> <add name="SessionAuthenticationModule" type="System.IdentityModel.Services.SessionAuthenticationModule, System.IdentityModel.Services, Version=4.0.0.0, Culture=neutral, PublicKeyToken=b77a5c561934e089" /> </modules>

Remember to add configuration sections

  <section name="system.identityModel" type="System.IdentityModel.Configuration.SystemIdentityModelSection, System.IdentityModel, Version=4.0.0.0, Culture=neutral, PublicKeyToken=B77A5C561934E089" /> <section name="system.identityModel.services" type="System.IdentityModel.Services.Configuration.SystemIdentityModelServicesSection, System.IdentityModel.Services, Version=4.0.0.0, Culture=neutral, PublicKeyToken=B77A5C561934E089" />

Here is my code for ApplicationIdentity (overrides ClaimsIDentity) ... This is the code that really answers your question ...

  public sealed partial class ApplicationIdentity : ClaimsIdentity { partial void SetCustomIdentityClaims(User user); private readonly User _user; public ApplicationIdentity(User user) : base("Application") { _user = user; AddClaim(new Claim(ClaimTypes.Name, user.Username)); AddClaim(new Claim(ApplicationClaimTypes.UserId, user.Id.ToString(CultureInfo.InvariantCulture))); AddClaim(new Claim(ApplicationClaimTypes.FirstName, user.FirstName)); AddClaim(new Claim(ApplicationClaimTypes.LastName, user.LastName)); AddClaim(new Claim("Time", DateTime.Now.ToString())); SetCustomIdentityClaims(_user); } public User User { get { return _user; } } public int UserId { get { return int.Parse(FindFirst(ApplicationClaimTypes.UserId).Value); } } public string Username { get { return FindFirst(ClaimTypes.Name).Value; } } }
+22
source

Source: https://habr.com/ru/post/1433759/

More articles:


All Articles