From 0d5d60d393fac788bcfa956b3bbe2591a9ca6719 Mon Sep 17 00:00:00 2001 From: prestoncraw Date: Wed, 3 Jun 2026 15:43:57 -0400 Subject: [PATCH 1/3] Add public const SettingsSection --- .../AuthenticationProviders/OAuthAuthenticationProvider.cs | 5 ++++- 1 file changed, 4 insertions(+), 1 deletion(-) diff --git a/src/Gemstone.Security/AuthenticationProviders/OAuthAuthenticationProvider.cs b/src/Gemstone.Security/AuthenticationProviders/OAuthAuthenticationProvider.cs index 7d18a4bc..ad1d339b 100644 --- a/src/Gemstone.Security/AuthenticationProviders/OAuthAuthenticationProvider.cs +++ b/src/Gemstone.Security/AuthenticationProviders/OAuthAuthenticationProvider.cs @@ -90,6 +90,9 @@ private class ProviderClaim(string value, string description) : IProviderClaim public string LongDescription => string.Empty; } + //Constants + public const string SettingsSection = "Security.OpenIDConnect"; + #endregion #region [ Constructors ] @@ -161,7 +164,7 @@ private static ClaimType[] ClaimTypes /// public static void DefineSettings(Settings settings) { - dynamic section = settings["Security.OpenIDConnect"]; + dynamic section = settings[SettingsSection]; section.Scopes = ("profile", "Defines the scopes requested from the OpenID Connect provider in a comma sepperated list."); section.ClientId = ("ClientID", "Defines the client ID of the application."); From 7a63685b9680431301e16bb2898408d13e3407a7 Mon Sep 17 00:00:00 2001 From: prestoncraw Date: Fri, 5 Jun 2026 09:21:00 -0400 Subject: [PATCH 2/3] Add DefineSettings method to WindowsProvider --- .../WindowsAuthenticationProvider.cs | 19 ++++++++++++++++++- 1 file changed, 18 insertions(+), 1 deletion(-) diff --git a/src/Gemstone.Security/AuthenticationProviders/WindowsAuthenticationProvider.cs b/src/Gemstone.Security/AuthenticationProviders/WindowsAuthenticationProvider.cs index 7fdf3a0e..cb421bb7 100644 --- a/src/Gemstone.Security/AuthenticationProviders/WindowsAuthenticationProvider.cs +++ b/src/Gemstone.Security/AuthenticationProviders/WindowsAuthenticationProvider.cs @@ -26,10 +26,10 @@ using System.DirectoryServices; using System.Linq; using System.Management; -using System.Runtime.CompilerServices; using System.Security.Claims; using System.Security.Principal; using System.Text.RegularExpressions; +using Gemstone.Configuration; using Microsoft.Extensions.DependencyInjection; namespace Gemstone.Security.AuthenticationProviders; @@ -57,6 +57,11 @@ public class WindowsAuthenticationProviderOptions public partial class WindowsAuthenticationProvider(WindowsAuthenticationProviderOptions options) : IAuthenticationProvider { #region [ Members ] + //Constants + /// + /// The section of the configuration file used to configure the provider when using the default options. + /// + public const string SettingsSection = "WindowsAuthentication"; // Nested Types private static class ClaimTypeAliases @@ -304,6 +309,18 @@ private static string Escape(string ldapValue) [GeneratedRegex(@"\\.|[()\0]")] private static partial Regex SpecialCharacterPattern(); + /// + /// Defines the settings used to configure the in the Configuration File. + /// + /// The settings to define. + public static void DefineSettings(Settings settings) + { + dynamic section = settings[SettingsSection]; + + section.LDAPPath = ("", "LDAP path to use for Windows Authentication"); + section.AllowLocalAccounts = (false, "Allow local accounts to authenticate with Windows Authentication"); + } + #endregion } From 04519d7f1c6c23d2bed416162208d470baa81c94 Mon Sep 17 00:00:00 2001 From: prestoncraw Date: Fri, 5 Jun 2026 09:22:39 -0400 Subject: [PATCH 3/3] Add ExtendClaimPrincipal to IAuthenticationSetup --- .../AuthenticationProviders/IAuthenticationBuilder.cs | 7 +++++++ .../AuthenticationProviders/IAuthenticationSetup.cs | 8 ++++++++ 2 files changed, 15 insertions(+) diff --git a/src/Gemstone.Security/AuthenticationProviders/IAuthenticationBuilder.cs b/src/Gemstone.Security/AuthenticationProviders/IAuthenticationBuilder.cs index 669af0dd..9238b602 100644 --- a/src/Gemstone.Security/AuthenticationProviders/IAuthenticationBuilder.cs +++ b/src/Gemstone.Security/AuthenticationProviders/IAuthenticationBuilder.cs @@ -77,6 +77,11 @@ public IEnumerable GetProviderIdentities() return ProviderClaims.TryGetValue(providerIdentity, out List<(Claim, Claim)>? claims) ? claims.AsEnumerable() : []; } + + public void ExtendClaimPrincipal(ClaimsPrincipal claimsPrincipal, string providerIdentity) + { + //no default implementation, but this allows for the setup to extend the claim principle with additional claims or identities as needed + } } private class AuthenticationRuntime(IServiceCollection services, IAuthenticationSetup setup, Func providerLookup) : IAuthenticationRuntime @@ -106,6 +111,8 @@ public IEnumerable GetAssignedClaims(string providerIdentity, ClaimsPrinc string userIdentity = provider.GetIdentity(principal); + Setup.ExtendClaimPrincipal(principal, providerIdentity); + IEnumerable providerClaims = Setup .GetProviderClaims(providerIdentity) .Join(principal.Claims, ToKey, ToKey, (providerClaim, _) => providerClaim.Assigned) diff --git a/src/Gemstone.Security/AuthenticationProviders/IAuthenticationSetup.cs b/src/Gemstone.Security/AuthenticationProviders/IAuthenticationSetup.cs index e7fc8b25..56399259 100644 --- a/src/Gemstone.Security/AuthenticationProviders/IAuthenticationSetup.cs +++ b/src/Gemstone.Security/AuthenticationProviders/IAuthenticationSetup.cs @@ -44,4 +44,12 @@ public interface IAuthenticationSetup /// The identity of the authentication provider /// The list of mappings between provider claims and assigned claims. IEnumerable<(Claim Match, Claim Assigned)> GetProviderClaims(string providerIdentity); + + /// + /// Extends the given with additional claims or identities + /// based on the specified authentication provider. + /// + /// The claims principal to extend. + /// The identity of the authentication provider. + void ExtendClaimPrincipal(ClaimsPrincipal claimsPrincipal, string providerIdentity); }