Reputation: 10068
ASP MVC 5 - Extending Identity 2.0
I have the following ApplicationUser class, is there a way to add a claim or extend identity so that I can check if user is in a project group by doing something like: User.Identity.IsInProjectGroup(1).
Currently I have to keep going into the database to get the user and then call the IsInProjectGroup method.
public class ApplicationUser : IdentityUser
{
public ApplicationUser()
{
Id = Guid.NewGuid().ToString();
Groups = new Collection<Group>();
}
public string FirstName { get; set; }
public ICollection<Group> Groups { get; set; }
public bool IsInProjectGroup(int projectId)
{
return Groups.Any(g => g.Projects.Select(x => x.Id).Contains(projectId));
}
public async Task<ClaimsIdentity> GenerateUserIdentityAsync(UserManager<ApplicationUser> manager)
{
var userIdentity = await manager.CreateIdentityAsync(this, DefaultAuthenticationTypes.ApplicationCookie);
// how do you add claim???
userIdentity.AddClaim(new Claim("Group", ???));
return userIdentity;
}
}
Is there a way to add a claim to call a method or is there another way to achieve this?
I was thinking of an extension as follows but unsure of how I add such a claim inside my ApplicationUser class and how to check the claim in the extension method below:
namespace App.Extensions
{
public static class IdentityExtensions
{
public static bool IsInProjectGroup(this IIdentity identity, int projectId)
{
// how would i do the check here???
}
}
}
Upvotes: 2
Views: 279
Answers (1)
Reputation: 246998
Here is a simple example.
First create a constant to use as a key for the claim
public class Constants {
public class Security {
public class ClaimTypes
public const string ProjectGroups = "ProjectGroups";
}
}
}
Then you can create the claims when creating your identity
public async Task<ClaimsIdentity> GenerateUserIdentityAsync(UserManager<ApplicationUser> manager) {
var userIdentity = await manager.CreateIdentityAsync(this, DefaultAuthenticationTypes.ApplicationCookie);
// how do you add claim???
if(Groups.Any()) { //assuming this is a navigation property
//create a claim type/name/key
//replace with you desired key. Store in a constant for later use
var claimName = Constants.Security.ClaimTypes.ProjectGroup;
//create claims from current groups.
var claims = Groups.SelectMany(g => g.Projects.Select(x => x.Id))
.Select(id => new System.Security.Claims.Claim(claimName, id.ToString()));
userIdentity.AddClaims(claims);
}
return userIdentity;
}
For retrieval you can create you own extension method to check the groups within the claim itself and not hit the database.
public static class IdentityExtensions {
public static bool IsInProjectGroup(this IIdentity identity, int projectId) {
// how would i do the check here???
if(identity != null) {
var claimsIdentity = identity as ClaimsIdentity;
if (claimsIdentity != null) {
return claimsIdentity
.FindAll(Constants.Security.ClaimTypes.ProjectGroups)
.Any(claim => claim.Value == projectId.ToString());
}
}
return false;
}
}
Upvotes: 2
Related Questions
- How to add claims in ASP.NET Identity
- ASP.NET Identity and Claims
- Extending ASP.NET Identity
- Transforming / Modifying claims in asp.net identity 2
- ASP.NET Identity and Claim-based
- Extending asp.net identity in asp.net mvc 5 application
- ClaimsIdentity in ASP.NET MVC 5
- Extending claims identity in MVC5 application
- Claims Based Identity
- Extending ClaimsIdentity in MVC3