c# - Get ClaimsIdentity during OWIN middleware when issuing new access token -


i've implemented oauth 2 authentication in web api 2 using taiseer joudeh's excellent blog posts. reasons beyond scope of question, need implement functionality enables admin users log in other users.

after thought came conclusion best way admin request new access token username of user wants log in as, using current access token. way, know requestor is, , if indeed admin (validated through claims) skip password validation part , issue him new access token based on username has provided.

now, in owin middleware handling oauth authorization requests, have following code overrides way access tokens issued: 

public override async task grantresourceownercredentials(oauthgrantresourceownercredentialscontext context) {     using (authrepository _repo = new authrepository())     {         bool uservalidated = _repo.validateuser(context.username, context.password);          if (!uservalidated)         {             context.seterror("invalid_grant", "the user name or password incorrect.");             return;         }     }      var identity = new claimsidentity(context.options.authenticationtype);     identity.addclaim(new claim(claimtypes.name, context.username));     identity.addclaim(new claim("role", "user"));      var props = new authenticationproperties(new dictionary<string, string>         {             {                 "as:client_id", (context.clientid == null) ? string.empty : context.clientid             },             {                 "username", context.username             }         });      var ticket = new authenticationticket(identity, props);     context.validated(ticket); }

somehow need able see claims of user requesting new access token. oauthgrantresourceownercredentialscontext context contains necessary information, access token of requestor (should there one). however, unlike in apicontroller part of web api not have principal object here, cannot identity , cast claimsidentity in order claims me validate requesting user indeed admin.

context.request.user empty, , seems , information regarding user performing request has not been resolved yet in method. thing accessible me authorization header containing access token found in context.owincontext.

is there way me claims of user access token present in request in middleware?


Comments

Post a Comment

Popular posts from this blog

aws api gateway - SerializationException in posting new Records via Dynamodb Proxy Service in API -

i getting "__type": "com.amazon.coral.service#serializationexception" as reply in postman & in test console in api gateway trying post record directly dynamodb using api proxy services.. referring aws article - https://aws.amazon.com/blogs/compute/using-amazon-api-gateway-as-a-proxy-for-dynamodb/ here's mapping { "tablename": "tablenamegoeshere", "item": { "id" : "$context.requestid" "eventname" : "$input.path('$.eventname')", "timestamp" : $input.path('$.timestamp'), "answers": "$util.parsejson($input.path('$.answers'))" } } update: did asked ... , worked if try add array of json objects gives me above same error - here's trying now. please - couldnt find on google well #set($inputroot = $input.path('$')) { "tablename": "answer", "item": {
Read more

asp.net - Problems sending emails from forum -

i have been redesigning site has message board, has been written guy looked after site. it has few problems , written in .asp , uses .mdb files database. you can see whole thing here . feel free post if helps, test thing have set using original files , new database. the basic problem when posts message, supposed email sent them, have posted it. when replies, originator supposed message, replier has been posted. i’d have thought @ point in process there should script/file in postmessage.asp? the postmessage.asp page below. <% option explicit %> <!-- #include virtual="common/adovbs.inc" --> <html> <head> <meta http-equiv="content-type" content="text/html; charset=windows-1252"> <meta name="generator" content="microsoft frontpage 4.0"> <meta name="progid" content="frontpage.editor.document"> <title>new page 2</title> <base target="_self"
Read more