I'm trying to connect to a clients Identity Server and retrieve the roles that have been assigned to a user. When viewing the list of roles on their test application they come through as:
role ViewIssue
And when viewing them through my umbraco application they come through as:
I've compared startup files for both the test application and mine and there are no significant differences. My hunch is that it has something to do with my startup inheriting from UmbracoDefaultOwinStartup but i'm not sure what to add to get the desired behavior. Has anyone ran into and fixed this before?
Here is my startup.cs
using Microsoft.IdentityModel.Protocols;
using Microsoft.Owin.Security;
using Microsoft.Owin.Security.Cookies;
using Microsoft.Owin.Security.OpenIdConnect;
using Owin;
using System;
using System.Collections.Generic;
using System.IdentityModel.Tokens;
using System.Linq;
using System.Security.Claims;
using System.Text;
using System.Threading.Tasks;
using IdentityModel.Client;
using Microsoft.Owin;
using System.Security.Cryptography.X509Certificates;
using System.Net.Security;
using Umbraco.Web;
[assembly: OwinStartupAttribute(typeof(Astute.Portal.UmbracoStandardOwinStartup))]
namespace Astute.Portal
{
public partial class UmbracoStandardOwinStartup : UmbracoDefaultOwinStartup
{
public override void Configuration(IAppBuilder app)
{
app.UseCookieAuthentication(new CookieAuthenticationOptions
{
AuthenticationType = "cookies",
});
app.UseOpenIdConnectAuthentication(new OpenIdConnectAuthenticationOptions
{
AuthenticationType = "oidc",
SignInAsAuthenticationType = "cookies",
UseTokenLifetime = false,
Authority = Astute.Portal.Constants.ServerUri.IdentityServer,
ClientId = "supportCenter",
RedirectUri = Astute.Portal.Constants.ServerUri.ePowerCenterMVC,
ResponseType = "id_token token",
Scope = "openid profile roles epowercenterapi",
Notifications = new OpenIdConnectAuthenticationNotifications
{
SecurityTokenValidated = n =>
{
var user = n.AuthenticationTicket.Identity;
user.AddClaim(new Claim("access_token", n.ProtocolMessage.AccessToken));
user.AddClaim(new Claim("id_token", n.ProtocolMessage.IdToken));
return Task.FromResult(0);
},
RedirectToIdentityProvider = x =>
{
if (x.ProtocolMessage.RequestType == OpenIdConnectRequestType.LogoutRequest)
{
var idTokenHint = x.OwinContext.Authentication.User.FindFirst("id_token").Value;
x.ProtocolMessage.IdTokenHint = idTokenHint;
}
return Task.FromResult(0);
}
}
});
base.Configuration(app);
}
}
}
Problem retrieving roles in Identity claims
I'm trying to connect to a clients Identity Server and retrieve the roles that have been assigned to a user. When viewing the list of roles on their test application they come through as:
role
ViewIssue
And when viewing them through my umbraco application they come through as:
http://schemas.microsoft.com/ws/2008/06/identity/claims/role
ViewIssue
I've compared startup files for both the test application and mine and there are no significant differences. My hunch is that it has something to do with my startup inheriting from UmbracoDefaultOwinStartup but i'm not sure what to add to get the desired behavior. Has anyone ran into and fixed this before?
Here is my startup.cs
Thanks,
Owen
is working on a reply...