c# - ASP.NET Identity and Claim-based -
how use claims? example, want set access each page (resource) each user. understand, can using roles, understand, claim-based more effectively. when try create claim, see following method:
useridentity.addclaim(new claim(claimtypes.role, "test role")); first parameter of constructor of claim class claimtypes enum, has many "strange" members email, phone etc. want set claim , check claim have access resource. i'm on wrong way? how it?
from code above, assuming have added claim in startup class on authenticated of provider below.
context.identity.addclaim(new claim("urn:google:name", context.identity.findfirstvalue(claimtypes.name))); // added claim reading google name context.identity.addclaim(new claim("urn:google:email", context.identity.findfirstvalue(claimtypes.email))); // , email once have added claims in startup, when request processed check if callback , if yes, read claims below(in ihttphandler).
public void processrequest(httpcontext context) { iauthenticationmanager authmanager = context.getowincontext().authentication; if (string.isnullorempty(context.request.querystring[callbackkey])) { string providername = context.request.querystring["provider"] ?? "google";//i have multiple providers checking if google redirecttoprovider(context, authmanager, providername); } else { externallogincallback(context, authmanager); } } if 1st call redirect provider
private static void redirecttoprovider(httpcontext context, iauthenticationmanager authmanager, string providername) { var loginproviders = authmanager.getexternalauthenticationtypes(); var loginprovider = loginproviders.single(x => x.caption == providername); var properties = new authenticationproperties() { redirecturi = string.format("{0}&{1}=true", context.request.url, callbackkey) }; //string[] authtypes = { loginprovider.authenticationtype, defaultauthenticationtypes.externalcookie }; authmanager.challenge(properties, loginprovider.authenticationtype); //without redirect forms login page context.response.suppressformsauthenticationredirect = true; } and read claims back
public void externallogincallback(httpcontext context, iauthenticationmanager authmanager) { var logininfo = authmanager.getexternallogininfo(); if (logininfo == null) { throw new system.security.securityexception("failed login"); } var loginprovider = logininfo.login.loginprovider; var externalloginconfirmation = logininfo.defaultusername; var externalidentity = authmanager.getexternalidentityasync(defaultauthenticationtypes.externalcookie); var emailclaim = externalidentity.result.claims.firstordefault(c => c.type == claimtypes.email); var email = emailclaim.value; var pictureclaim = externalidentity.result.claims.firstordefault(c => c.type.equals("picture")); var pictureurl = pictureclaim.value; loginbyemail(context, email, loginprovider); //redirects method of adding claimed user logged in, use yours. }
Comments
Post a Comment