-
Notifications
You must be signed in to change notification settings - Fork 62
/
ActiveDirectoryAppUser.cs
138 lines (123 loc) · 5.68 KB
/
ActiveDirectoryAppUser.cs
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
using System;
using System.Collections.Generic;
using System.Security.Claims;
using IdentityModel;
using IdentityServer.LdapExtension.Extensions;
using Novell.Directory.Ldap;
namespace IdentityServer.LdapExtension.UserModel
{
/// <summary>
/// Application User Details. Note that these details are mainly used for the claims.
/// </summary>
/// <seealso cref="IdentityServer.LdapExtension.UserModel.IAppUser" />
/// <remarks>In the future, this might become a base class instead of inherithing from an interface.</remarks>
public class ActiveDirectoryAppUser : IAppUser
{
private string _subjectId = null;
public string SubjectId
{
get => _subjectId ?? Username;
set => _subjectId = value;
}
public string ProviderSubjectId { get; set; }
public string ProviderName { get; set; }
public string DisplayName { get; set; }
public string Username { get; set; }
public bool IsActive
{
get { return true; } // Always true for us, but we should look if the account have been locked out.
set { }
}
public ICollection<Claim> Claims { get; set; }
public string[] LdapAttributes => Enum<ActiveDirectoryLdapAttributes>.Descriptions;
/// <summary>
/// Fills the claims.
/// </summary>
/// <param name="user">The user.</param>
public void FillClaims(LdapEntry user)
{
// Example in LDAP we have display name as displayName (normal field)
//const string DisplayNameAttribute = "displayName";
this.Claims = new List<Claim>
{
GetClaimFromLdapAttributes(user, JwtClaimTypes.Name, ActiveDirectoryLdapAttributes.DisplayName),
GetClaimFromLdapAttributes(user, JwtClaimTypes.FamilyName, ActiveDirectoryLdapAttributes.LastName),
GetClaimFromLdapAttributes(user, JwtClaimTypes.GivenName, ActiveDirectoryLdapAttributes.FirstName),
GetClaimFromLdapAttributes(user, JwtClaimTypes.Email, ActiveDirectoryLdapAttributes.EMail),
GetClaimFromLdapAttributes(user, JwtClaimTypes.PhoneNumber, ActiveDirectoryLdapAttributes.TelephoneNumber),
GetClaimFromLdapAttributes(user, "createdOn", ActiveDirectoryLdapAttributes.CreatedOn),
GetClaimFromLdapAttributes(user, "updatedOn", ActiveDirectoryLdapAttributes.UpdatedOn),
};
// Add claims based on the user groups
// add the groups as claims -- be careful if the number of groups is too large
if (true)
{
try
{
var userRoles = user.getAttribute(ActiveDirectoryLdapAttributes.MemberOf.ToDescriptionString()).StringValues;
while (userRoles.MoveNext())
{
this.Claims.Add(new Claim(JwtClaimTypes.Role, userRoles.Current.ToString()));
}
//var roles = userRoles.Current (x => new Claim(JwtClaimTypes.Role, x.Value));
//id.AddClaims(roles);
//Claims = this.Claims.Concat(new List<Claim>()).ToList();
}
catch (Exception)
{
// No roles exists it seems.
}
}
}
/// <summary>
/// Requesteds the LDAP attributes.
/// </summary>
/// <returns>Returns a special/requested ldap attribute.</returns>
/// <exception cref="NotImplementedException"></exception>
public static string[] RequestedLdapAttributes()
{
throw new NotImplementedException();
}
/// <summary>
/// Gets the claim from LDAP attributes.
/// </summary>
/// <param name="user">The user.</param>
/// <param name="claim">The claim.</param>
/// <param name="ldapAttribute">The LDAP attribute.</param>
/// <returns>Returns the claim.</returns>
internal Claim GetClaimFromLdapAttributes(LdapEntry user, string claim, ActiveDirectoryLdapAttributes ldapAttribute)
{
string value = string.Empty;
try
{
value = user.getAttribute(ldapAttribute.ToDescriptionString()).StringValue;
return new Claim(claim, value);
}
catch (Exception)
{
// Should do something... But basically the attribute is not found
}
return new Claim(claim, value); // Return an empty claim
}
/// <summary>
/// This will set the base details such as:
/// - DisplayName
/// - Username
/// - ProviderName
/// - SubjectId
/// - ProviderSubjectId
/// - Fill the claims
/// </summary>
/// <param name="ldapEntry">Ldap Entry</param>
/// <param name="providerName">Specific provider such as Google, Facebook, etc.</param>
public void SetBaseDetails(LdapEntry ldapEntry, string providerName)
{
DisplayName = ldapEntry.getAttribute(ActiveDirectoryLdapAttributes.DisplayName.ToDescriptionString()).StringValue;
Username = ldapEntry.getAttribute(ActiveDirectoryLdapAttributes.UserName.ToDescriptionString()).StringValue;
ProviderName = providerName;
SubjectId = Username; // We could use the uidNumber instead in a sha algo.
ProviderSubjectId = Username;
FillClaims(ldapEntry);
}
}
}