Permalink
Browse files

Added a class to intercept the creation of a claims authentication id…

…entity and add role claims for the groups a user is a member of
  • Loading branch information...
robdmoore committed Oct 24, 2014
1 parent ff84059 commit cdffd2a17123d1ed69d0a5406d862a0e24371085
@@ -160,6 +160,7 @@
<DependentUpon>Global.asax</DependentUpon>
</Compile>
<Compile Include="Infrastructure\Auth\AzureADGraphConnection.cs" />
+ <Compile Include="Infrastructure\Auth\AzureADGraphClaimsAuthenticationManager.cs" />
<Compile Include="Properties\AssemblyInfo.cs" />
</ItemGroup>
<ItemGroup>
@@ -0,0 +1,27 @@
+using System.Configuration;
+using System.Security.Claims;
+
+namespace AzureAdMvcExample.Infrastructure.Auth
+{
+ public class AzureADGraphClaimsAuthenticationManager : ClaimsAuthenticationManager
+ {
+ public override ClaimsPrincipal Authenticate(string resourceName, ClaimsPrincipal incomingPrincipal)
+ {
+ if (incomingPrincipal == null || !incomingPrincipal.Identity.IsAuthenticated)
+ return incomingPrincipal;
+
+ // Ideally this should be the code below so the connection is resolved from a DI container, but for simplicity of the demo I'll leave it as a new statement
+ //var graphConnection = DependencyResolver.Current.GetService<IAzureAdConnection>();
+ var graphConnection = new AzureADGraphConnection(
+ ConfigurationManager.AppSettings["AzureADTenant"],
+ ConfigurationManager.AppSettings["ida:ClientId"],
+ ConfigurationManager.AppSettings["ida:Password"]);
+
+ var roles = graphConnection.GetRolesForUser(incomingPrincipal);
+ foreach (var r in roles)
+ ((ClaimsIdentity)incomingPrincipal.Identity).AddClaim(
+ new Claim(ClaimTypes.Role, r, ClaimValueTypes.String, "GRAPH"));
+ return incomingPrincipal;
+ }
+ }
+}

0 comments on commit cdffd2a

Please sign in to comment.