In my scenario, I have a many-to-many relationship between users and businesses. So, a business can have many employees, and a user can be an employee to many businesses.
On the login page, I only want to show email & password textboxes. Once they authenticate successfully, I'd like to redirect them to a page that has a dropdown of the businesses they're employed with.
Since they have already authenticated, their claims have already been populated. How do I add another claim (their BusinessID) afterwards?
The answer from refers when to you authenticate and get the claims from an OAUTH server. We don't know if you are using local identity tables, or OAUTH, but in any case.
I include some old code (finally we implemented in another way), but maybe can help you.
using System;
using System.ComponentModel.DataAnnotations.Schema;
using System.Security.Claims;
using System.Text.Json.Serialization;
using System.Threading.Tasks;
using Microsoft.AspNetCore.Identity;
using Microsoft.Extensions.Options;
namespace Common.Models.Identity {
public class User : IdentityUser<int> {
public bool SendAlertByEmail { get; set; }
public int ClientId { get; set; } = Client.DefaultClientId;
[JsonIgnore, ForeignKey("ClientId")]
public virtual Client Client { get; set; } = null!;
}
public class ApplicationUserClaimsPrincipalFactory : UserClaimsPrincipalFactory<User> {
public ApplicationUserClaimsPrincipalFactory(
UserManager<User> userManager,
IOptions<IdentityOptions> optionsAccessor)
: base(userManager, optionsAccessor) {
}
protected override async Task<ClaimsIdentity> GenerateClaimsAsync(User user) {
ClaimsIdentity identity;
identity = await base.GenerateClaimsAsync(user);
identity.AddClaim(new Claim("ClientId", user.ClientId.ToString()));
identity.AddClaim(new Claim("ClientDescription", user.Client.Description));
return identity;
}
}
}
In your ConfigureServices, configure this
#region Configure identity
services
.AddDefaultIdentity<User>(
options => {
options.SignIn.RequireConfirmedAccount = true;
options.Stores.MaxLengthForKeys = 256; // Max length for key. Regenerate migration if change this
})
.AddEntityFrameworkStores<ApplicationDbContext>()
.AddDefaultUI()
.AddDefaultTokenProviders()
.AddClaimsPrincipalFactory<ApplicationUserClaimsPrincipalFactory>();
services.Configure<IdentityOptions>(options => {
// Password settings.
options.Password.RequireDigit = true;
options.Password.RequireLowercase = true;
options.Password.RequireNonAlphanumeric = true;
options.Password.RequireUppercase = true;
options.Password.RequiredLength = 6;
options.Password.RequiredUniqueChars = 1;
// Lockout settings.
options.Lockout.DefaultLockoutTimeSpan = TimeSpan.FromMinutes(5);
options.Lockout.MaxFailedAccessAttempts = 5;
options.Lockout.AllowedForNewUsers = true;
// User settings.
options.User.AllowedUserNameCharacters =
"abcdefghijklmnopqrstuvwxyzABCDEFGHIJKLMNOPQRSTUVWXYZ0123456789-._@+";
options.User.RequireUniqueEmail = false;
});
services.ConfigureApplicationCookie(options => {
// Cookie settings
options.Cookie.HttpOnly = true;
options.ExpireTimeSpan = TimeSpan.FromMinutes(5);
options.LoginPath = "/Identity/Account/Login";
options.AccessDeniedPath = "/Identity/Account/AccessDenied";
options.SlidingExpiration = true;
});
#endregion Configure identity
Use IoC to pass your ApplicationUserClaimsPrincipalFactory to your "Select business/client" request, and use it for add the claim