OAuthSection

src/Gemstone.Security/AuthenticationProviders/IAuthenticationBuilder.cs

@@ -77,6 +77,11 @@ public IEnumerable<string> GetProviderIdentities()
             return ProviderClaims.TryGetValue(providerIdentity, out List<(Claim, Claim)>? claims)
                 ? claims.AsEnumerable() : [];
         }
+
+        public void ExtendClaimPrincipal(ClaimsPrincipal claimsPrincipal, string providerIdentity)
+        {
+            //no default implementation, but this allows for the setup to extend the claim principle with additional claims or identities as needed 
+        }
     }
 
     private class AuthenticationRuntime(IServiceCollection services, IAuthenticationSetup setup, Func<string, IAuthenticationProvider?> providerLookup) : IAuthenticationRuntime
@@ -106,6 +111,8 @@ public IEnumerable<Claim> GetAssignedClaims(string providerIdentity, ClaimsPrinc
 
             string userIdentity = provider.GetIdentity(principal);
 
+            Setup.ExtendClaimPrincipal(principal, providerIdentity);
+
             IEnumerable<Claim> providerClaims = Setup
                 .GetProviderClaims(providerIdentity)
                 .Join(principal.Claims, ToKey, ToKey, (providerClaim, _) => providerClaim.Assigned)

src/Gemstone.Security/AuthenticationProviders/IAuthenticationSetup.cs

@@ -44,4 +44,12 @@ public interface IAuthenticationSetup
     /// <param name="providerIdentity">The identity of the authentication provider</param>
     /// <returns>The list of mappings between provider claims and assigned claims.</returns>
     IEnumerable<(Claim Match, Claim Assigned)> GetProviderClaims(string providerIdentity);
+
+    /// <summary>
+    /// Extends the given <see cref="ClaimsPrincipal"/> with additional claims or identities
+    /// based on the specified authentication provider.
+    /// </summary>
+    /// <param name="claimsPrincipal">The claims principal to extend.</param>
+    /// <param name="providerIdentity">The identity of the authentication provider.</param>
+    void ExtendClaimPrincipal(ClaimsPrincipal claimsPrincipal, string providerIdentity);
 }

src/Gemstone.Security/AuthenticationProviders/OAuthAuthenticationProvider.cs

@@ -90,6 +90,9 @@ private class ProviderClaim(string value, string description) : IProviderClaim
         public string LongDescription => string.Empty;
     }
 
+    //Constants
+    public const string SettingsSection = "Security.OpenIDConnect";
+
     #endregion
 
     #region [ Constructors ]
@@ -161,7 +164,7 @@ private static ClaimType[] ClaimTypes
     /// <param name="settings"></param>
     public static void DefineSettings(Settings settings)
     {
-        dynamic section = settings["Security.OpenIDConnect"];
+        dynamic section = settings[SettingsSection];
 
         section.Scopes = ("profile", "Defines the scopes requested from the OpenID Connect provider in a comma sepperated list.");
         section.ClientId = ("ClientID", "Defines the client ID of the application.");

src/Gemstone.Security/AuthenticationProviders/WindowsAuthenticationProvider.cs

@@ -26,10 +26,10 @@
 using System.DirectoryServices;
 using System.Linq;
 using System.Management;
-using System.Runtime.CompilerServices;
 using System.Security.Claims;
 using System.Security.Principal;
 using System.Text.RegularExpressions;
+using Gemstone.Configuration;
 using Microsoft.Extensions.DependencyInjection;
 
 namespace Gemstone.Security.AuthenticationProviders;
@@ -57,6 +57,11 @@ public class WindowsAuthenticationProviderOptions
 public partial class WindowsAuthenticationProvider(WindowsAuthenticationProviderOptions options) : IAuthenticationProvider
 {
     #region [ Members ]
+    //Constants
+    /// <summary>
+    /// The section of the configuration file used to configure the provider when using the default options.
+    /// </summary>
+    public const string SettingsSection = "WindowsAuthentication";
 
     // Nested Types
     private static class ClaimTypeAliases
@@ -304,6 +309,18 @@ private static string Escape(string ldapValue)
     [GeneratedRegex(@"\\.|[()\0]")]
     private static partial Regex SpecialCharacterPattern();
 
+    /// <summary>
+    /// Defines the settings used to configure the <see cref="OAuthAuthenticationProvider"/> in the Configuration File.
+    /// </summary>
+    /// <param name="settings">The settings to define.</param>
+    public static void DefineSettings(Settings settings)
+    {
+        dynamic section = settings[SettingsSection];
+
+        section.LDAPPath = ("", "LDAP path to use for Windows Authentication");
+        section.AllowLocalAccounts = (false, "Allow local accounts to authenticate with Windows Authentication");
+    }
+
     #endregion
 }