I have asp.net web application (.NET Framework 4.8), which has ADFS at this point of time for authentication. Now I am working on migration of ADFS authentication to Azure AD with Authorization code flow and OIDC protocol.
I have added a SecurityTokenValidated notification in the OIDC middleware where I am trying to perform validation and add code for custom claim with following code:
SecurityTokenValidated = notification =>
{
AddUserClaimsToPrincipal(notification.AuthenticationTicket.Identity);
return Task.FromResult(0);
}
private void AddUserClaimsToPrincipal(ClaimsIdentity identity)
{
string nameClaimValue = string.Empty; // Get Alias
string emailClaimValue = string.Empty; // Get Email
string displayClaimNameValue = string.Empty; // Get Display Name
IPrincipal principal;
Claim displayNameClaim = identity.FindFirst(t => t.Type == CLAIM_DISPLAYNAME);
Claim emailClaim = identity.FindFirst(t => t.Type == CLAIM_EMAIL);
if (displayNameClaim != null)
{
displayClaimNameValue = displayNameClaim.Value;
}
if (emailClaim != null)
{
emailClaimValue = emailClaim.Value;
}
nameClaimValue = emailClaimValue;
List<string> roles;
bool userExists = ValidateUser(nameClaimValue, out roles);
identity.AddClaim(new Claim("SampleApp_UserAuthorized", userExists.ToString()));
if (identity.FindFirst(t => t.Type == CLAIM_Role) == null)
{
foreach (var role in roles)
{
identity.AddClaim(new Claim(CLAIM_Role, role));
}
}
}
Now I am trying to validate the user authorization in Global.asax file using the event : Application_PostAuthenticateRequest
protected void Application_PostAuthenticateRequest(object sender, EventArgs e)
{
if (Thread.CurrentPrincipal.Identity.IsAuthenticated && Thread.CurrentPrincipal is ClaimsIdentity)
{
// Code to fetch the claims
// If the incoming claim contains the custom claim : SampleApp_UserAuthorized then send the user to
// unaurhorized.html page
}
}
In the above code I see Thread.CurrentPrincipal.Identity.IsAuthenticated is returning true but on the other hand Thread.CurrentPrincipal is ClaimsIdentity is returning false.
I want to fetch the custom claim:SampleApp_UserAuthorized in the Application_PostAuthenticateRequest to send the user to the unauthorized.html page
Can anyone help me with some code sample to fix this issue.
I have fixed the issue with the following code and it works fine for me now:
protected void Application_PostAuthenticateRequest(object sender, EventArgs e)
{
if (!User.Identity.IsAuthenticated)
{
//this.Context.GetOwinContext().Authentication.Challenge(new AuthenticationProperties { RedirectUri = "/" }, WsFederationAuthenticationDefaults.AuthenticationType);
this.Context.GetOwinContext().Authentication.Challenge(new AuthenticationProperties{RedirectUri = "/"}, OpenIdConnectAuthenticationDefaults.AuthenticationType);
}
if (Thread.CurrentPrincipal.Identity.IsAuthenticated && Thread.CurrentPrincipal is System.Security.Claims.ClaimsPrincipal)
{
if (!Convert.ToBoolean(((System.Security.Claims.ClaimsPrincipal)Thread.CurrentPrincipal).FindFirst(c => c.Type == "SampleApp_UserAuthorized").Value))
{
//Avoid Redirection for static files (used in Access denied page)
List<string> staticcontentpaths = new List<string>{".css", ".js", ".png", ".gif", ".jpg", ".jpeg", ".ico", ".svg", ".woff", ".ttf"};
string extension = Path.GetExtension(HttpContext.Current.Request.PhysicalPath).ToLower();
if (!staticcontentpaths.Contains(extension))
{
Server.Execute("~/errors/auth.html");
HttpContext.Current.ApplicationInstance.CompleteRequest();
}
}
}
}
The technical post webpages of this site follow the CC BY-SA 4.0 protocol. If you need to reprint, please indicate the site URL or the original address.Any question please contact:yoyou2525@163.com.