CODEWITHSUNDEEP
azureowinopenid-connect
Jamie
Jamie

Reputation: 3372

OpenID OWIN auth and lack of user permissions

I may be handling this totally incorrect, but I am using OpenID with MS Azure to authentication my users, then I check to make sure the user has a user account in the notifications of the OpenID middleware, if the user is not found, I am throwing a security exception. How do I return a You do not have access to this applicaiton type page. Am I just missing the hook?

Here is the example: https://gist.github.com/phillipsj/3200ddda158eddac74ca

Upvotes: 0

Views: 121

Answers (1)

ezile
ezile

Reputation: 571

You can use try...catch inside the notifications, something along these lines:

SecurityTokenValidated = (context) =>
{
   try
   {
       // retriever caller data from the incoming principal
       var username = context.AuthenticationTicket.Identity.FindFirst(ClaimTypes.Name).Value.Split('@')[0];
       var database = DependencyResolver.Current.GetService(typeof (IDatabase)) as IDatabase;
       var employee = database.Query(new GetEmployeeByUsername(username));

       if (employee == null)
       {
          throw new SecurityTokenValidationException();
       }
         // I add my custom claims here
         context.AuthenticationTicket.Identity.AddClaims(claims);
         return Task.FromResult(0);
   }
   catch (SecurityTokenValidationException ex)
   {
       context.HandleResponse();   // This will skip executing rest of the code in the middleware
       context.Response.Redirect(....);
       return Task.FromResult(0);
   }
}

Upvotes: 1

Related Questions