Search code examples
azureasp.net-core-mvcclaims-based-identityopenid-connectkatana

Add Claims (asp.net core mvc OpenID Owin Katana Authentication )

I am following this tutorial link. I am able login with azure ad user. but once the user gets authenticated. we want to store it into Identity claims for authentication. We are migrating Asp.net MVC application into asp.net core MVC 1.0. In Asp.net MVC application we are adding the claims like this

context.AuthenticationTicket.Identity.AddClaim(new System.Security.Claims.Claim("urn:Projectname:access_token", result.AccessToken, XmlSchemaString, "Projectname"));

I want to know how to add the claims identity in the above tutorial.

Code Snippet

app.UseOpenIdConnectAuthentication(new OpenIdConnectOptions
    {
        ClientId = clientId,
        ClientSecret = clientSecret,  
        Authority = authority,
        CallbackPath = Configuration["AzureAd:AuthCallback"],
        ResponseType = OpenIdConnectResponseType.CodeIdToken,
        PostLogoutRedirectUri = "/signed-out",
        Events = new OpenIdConnectEvents()
        {
            OnAuthorizationCodeReceived = async context =>
            {
                var request = context.HttpContext.Request;
                var currentUri = UriHelper.BuildAbsolute(request.Scheme, request.Host,request.PathBase, request.Path);
                var credential = new ClientCredential(clientId, clientSecret);
                var authContext = new AuthenticationContext(authority, AuthPropertiesTokenCache.ForCodeRedemption(context.Properties));
                var result = await authContext.AcquireTokenByAuthorizationCodeAsync(
                    context.ProtocolMessage.Code, new Uri(currentUri), credential, resource);

             // In result variable , we are getting the AccessToken and we want to add this into claims identity here.

                context.HandleCodeRedemption();
            }
        }
    });

Update

we are storing tokens,domain name ( Getting it from DB), Tenant Info for middle layer Authentication. Like in very controller action methods, we are getting the stored info from claims. Something like that(Old Asp.net MVC Application code).

In Startup.Auth.cs class

enter image description here

In All controller action methods

enter image description here

We are migrating Asp.net MVC application into asp.net core MVC 1.0. So is there any equivalent method in asp.net core for adding the claims. I am following This sample. I am able login with azure ad user. but once the user gets authenticated. we want to store it into Identity claims for authentication(middle layer).

Solution

  • The Code 

      ClaimsPrincipal claimsPrincipal = await TransformClaims(context.Ticket.Principal, result);

                 context.Ticket = new AuthenticationTicket(
                     claimsPrincipal,
                     context.Ticket.Properties,
                     context.Ticket.AuthenticationScheme);

    TransformClaims method Something like that

       private Task<ClaimsPrincipal> TransformClaims(ClaimsPrincipal principal, AuthenticationResult result)
    {
        if (principal.Identity.IsAuthenticated)
        {
            // get this from cache or db
            var nickname = "Nanu";
            (principal.Identity as ClaimsIdentity).AddClaim(new Claim("Nickname", nickname));

            (principal.Identity as ClaimsIdentity).AddClaim(new Claim("urn:innubex:access_token", result.AccessToken));
        }
        return Task.FromResult(principal);
    }

    Access the claims

    string accesstoken = "", Nickname = "";
        var claimsIdentity = User.Identity as ClaimsIdentity;
        if (claimsIdentity.IsAuthenticated)
        {
            accesstoken = claimsIdentity.FindAll("urn:access_token").FirstOrDefault().Value;
            Nickname = claimsIdentity.FindAll("Nickname").FirstOrDefault().Value;
        }