-
Notifications
You must be signed in to change notification settings - Fork 10.3k
/
Copy pathSecurityHelper.cs
46 lines (39 loc) · 1.75 KB
/
SecurityHelper.cs
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
// Licensed to the .NET Foundation under one or more agreements.
// The .NET Foundation licenses this file to you under the MIT license.
#nullable enable
using System.Linq;
using System.Security.Claims;
namespace Microsoft.Extensions.Internal;
/// <summary>
/// Helper code used when implementing authentication middleware
/// </summary>
internal static class SecurityHelper
{
/// <summary>
/// Add all ClaimsIdentities from an additional ClaimPrincipal to the ClaimsPrincipal
/// Merges a new claims principal, placing all new identities first, and eliminating
/// any empty unauthenticated identities from context.User
/// </summary>
/// <param name="existingPrincipal">The <see cref="ClaimsPrincipal"/> containing existing <see cref="ClaimsIdentity"/>.</param>
/// <param name="additionalPrincipal">The <see cref="ClaimsPrincipal"/> containing <see cref="ClaimsIdentity"/> to be added.</param>
public static ClaimsPrincipal MergeUserPrincipal(ClaimsPrincipal? existingPrincipal, ClaimsPrincipal? additionalPrincipal)
{
// For the first principal, just use the new principal rather than copying it
if (existingPrincipal == null && additionalPrincipal != null)
{
return additionalPrincipal;
}
var newPrincipal = new ClaimsPrincipal();
// New principal identities go first
if (additionalPrincipal != null)
{
newPrincipal.AddIdentities(additionalPrincipal.Identities);
}
// Then add any existing non empty or authenticated identities
if (existingPrincipal != null)
{
newPrincipal.AddIdentities(existingPrincipal.Identities.Where(i => i.IsAuthenticated || i.Claims.Any()));
}
return newPrincipal;
}
}