38 lines
1.5 KiB
C#
38 lines
1.5 KiB
C#
// Copyright (c) .NET Foundation. All rights reserved.
|
|
// Licensed under the Apache License, Version 2.0. See License.txt in the project root for license information.
|
|
|
|
using System.Security.Claims;
|
|
using Microsoft.AspNet.Http;
|
|
using Microsoft.Framework.Internal;
|
|
|
|
namespace Microsoft.AspNet.Authentication
|
|
{
|
|
/// <summary>
|
|
/// Helper code used when implementing authentication middleware
|
|
/// </summary>
|
|
public static class SecurityHelper
|
|
{
|
|
/// <summary>
|
|
/// Add all ClaimsIdenities from an additional ClaimPrincipal to the ClaimsPrincipal
|
|
/// </summary>
|
|
/// <param name="identity"></param>
|
|
public static void AddUserPrincipal([NotNull] HttpContext context, [NotNull] ClaimsPrincipal principal)
|
|
{
|
|
var existingPrincipal = context.User;
|
|
if (existingPrincipal != null)
|
|
{
|
|
foreach (var existingClaimsIdentity in existingPrincipal.Identities)
|
|
{
|
|
// REVIEW: No longer use auth type for anything, so we could remove this check, except for the default one HttpContext.user creates
|
|
// REVIEW: Need to ignore any identities that did not come from an authentication scheme?
|
|
if (existingClaimsIdentity.IsAuthenticated)
|
|
{
|
|
principal.AddIdentity(existingClaimsIdentity);
|
|
}
|
|
}
|
|
}
|
|
context.User = principal;
|
|
}
|
|
}
|
|
}
|