Copied to clipboard

Flag this post as spam?

This post will be reported to the moderators as potential spam to be looked at


  • Openfield Creative 62 posts 222 karma points
    Apr 04, 2016 @ 18:48
    Openfield Creative
    0

    Problem retrieving roles in Identity claims

    I'm trying to connect to a clients Identity Server and retrieve the roles that have been assigned to a user. When viewing the list of roles on their test application they come through as:

    role
    ViewIssue

    And when viewing them through my umbraco application they come through as:

    http://schemas.microsoft.com/ws/2008/06/identity/claims/role
    ViewIssue

    I've compared startup files for both the test application and mine and there are no significant differences. My hunch is that it has something to do with my startup inheriting from UmbracoDefaultOwinStartup but i'm not sure what to add to get the desired behavior. Has anyone ran into and fixed this before?

    Here is my startup.cs

    using Microsoft.IdentityModel.Protocols;
    using Microsoft.Owin.Security;
    using Microsoft.Owin.Security.Cookies;
    using Microsoft.Owin.Security.OpenIdConnect;
    using Owin;
    using System;
    using System.Collections.Generic;
    using System.IdentityModel.Tokens;
    using System.Linq;
    using System.Security.Claims;
    using System.Text;
    using System.Threading.Tasks;
    using IdentityModel.Client;
    
    using Microsoft.Owin;
    using System.Security.Cryptography.X509Certificates;
    using System.Net.Security;
    using Umbraco.Web;
    
    [assembly: OwinStartupAttribute(typeof(Astute.Portal.UmbracoStandardOwinStartup))]
    namespace Astute.Portal
    {
        public partial class UmbracoStandardOwinStartup : UmbracoDefaultOwinStartup
        {
            public override void Configuration(IAppBuilder app)
            {
                app.UseCookieAuthentication(new CookieAuthenticationOptions
                {
                    AuthenticationType = "cookies",
                });
    
                app.UseOpenIdConnectAuthentication(new OpenIdConnectAuthenticationOptions
                {
                    AuthenticationType = "oidc",
                    SignInAsAuthenticationType = "cookies",
                    UseTokenLifetime = false,
                    Authority = Astute.Portal.Constants.ServerUri.IdentityServer,
                    ClientId = "supportCenter",
                    RedirectUri = Astute.Portal.Constants.ServerUri.ePowerCenterMVC,
                    ResponseType = "id_token token",
                    Scope = "openid profile roles epowercenterapi",
                    Notifications = new OpenIdConnectAuthenticationNotifications
                    {
                        SecurityTokenValidated = n =>
                        {
                            var user = n.AuthenticationTicket.Identity;
                            user.AddClaim(new Claim("access_token", n.ProtocolMessage.AccessToken));
                            user.AddClaim(new Claim("id_token", n.ProtocolMessage.IdToken));
                            return Task.FromResult(0);
    
                        },
                        RedirectToIdentityProvider = x =>
                        {
                            if (x.ProtocolMessage.RequestType == OpenIdConnectRequestType.LogoutRequest)
                            {
                                var idTokenHint = x.OwinContext.Authentication.User.FindFirst("id_token").Value;
                                x.ProtocolMessage.IdTokenHint = idTokenHint;
                            }
                            return Task.FromResult(0);
                        }
    
                    }
                });
    
                base.Configuration(app);
            }
    
        }
    }
    

    Thanks,

    Owen

Please Sign in or register to post replies

Write your reply to:

Draft