1

In my scenario, I have a many-to-many relationship between users and businesses. So, a business can have many employees, and a user can be an employee to many businesses.

On the login page, I only want to show email & password textboxes. Once they authenticate successfully, I'd like to redirect them to a page that has a dropdown of the businesses they're employed with.

Since they have already authenticated, their claims have already been populated. How do I add another claim (their BusinessID) afterwards?

Jason T
  • 13
  • 3
  • I think your question is duplicated with https://stackoverflow.com/questions/53292286/is-there-a-way-to-add-claims-in-an-asp-net-core-middleware-after-authentication – Sourcerer Jan 25 '21 at 19:35
  • Does this answer your question? [Is there a way to add claims in an ASP.NET Core middleware after Authentication?](https://stackoverflow.com/questions/53292286/is-there-a-way-to-add-claims-in-an-asp-net-core-middleware-after-authentication) – Sourcerer Jan 25 '21 at 19:35
  • I'm not positive, but I don't think so because I need the ability to pass the BusinessID that the user chooses into it. – Jason T Jan 25 '21 at 20:13
  • Check 2nd and 3rd answer. It works. I had the same problem, but for other questions, I created my own User class, inheriting from Identity user, and adding the relation with business (clients in my case). – Sourcerer Jan 25 '21 at 23:08

1 Answers1

1

The answer from refers when to you authenticate and get the claims from an OAUTH server. We don't know if you are using local identity tables, or OAUTH, but in any case.

  1. Define your own UserClaimsPrincipalFactory class implementation
  2. Register as a services in startup ConfigureServices
  3. Invoke the GenerateClaimsAsync method when the user select the Business type.

I include some old code (finally we implemented in another way), but maybe can help you.

  1. Define you own UserClaimsPrincipalFactory. For this, I have customized the User class, and add a new factory
    using System;
    using System.ComponentModel.DataAnnotations.Schema;
    using System.Security.Claims;
    using System.Text.Json.Serialization;
    using System.Threading.Tasks;
    using Microsoft.AspNetCore.Identity;
    using Microsoft.Extensions.Options;
    
    namespace Common.Models.Identity {
        public class User : IdentityUser<int> {
    
    
            public bool SendAlertByEmail { get; set; }
            public int ClientId { get; set; } = Client.DefaultClientId;
            [JsonIgnore, ForeignKey("ClientId")]
            public virtual Client Client { get; set; } = null!;
        }
    
        public class ApplicationUserClaimsPrincipalFactory : UserClaimsPrincipalFactory<User> {
            public ApplicationUserClaimsPrincipalFactory(
                            UserManager<User> userManager,
                            IOptions<IdentityOptions> optionsAccessor)
                            : base(userManager, optionsAccessor) {
            }
    
            protected override async Task<ClaimsIdentity> GenerateClaimsAsync(User user) {
                ClaimsIdentity identity;
    
                identity = await base.GenerateClaimsAsync(user);
                identity.AddClaim(new Claim("ClientId", user.ClientId.ToString()));
                identity.AddClaim(new Claim("ClientDescription", user.Client.Description));
                return identity;
            }
        }
    }

  1. In your ConfigureServices, configure this

     #region Configure identity
 services
     .AddDefaultIdentity<User>(
         options => {
             options.SignIn.RequireConfirmedAccount = true;
             options.Stores.MaxLengthForKeys = 256;            // Max length for key. Regenerate migration if change this
         })
     .AddEntityFrameworkStores<ApplicationDbContext>()
     .AddDefaultUI()
     .AddDefaultTokenProviders()
     .AddClaimsPrincipalFactory<ApplicationUserClaimsPrincipalFactory>();

 services.Configure<IdentityOptions>(options => {
     // Password settings.
     options.Password.RequireDigit = true;
     options.Password.RequireLowercase = true;
     options.Password.RequireNonAlphanumeric = true;
     options.Password.RequireUppercase = true;
     options.Password.RequiredLength = 6;
     options.Password.RequiredUniqueChars = 1;

     // Lockout settings.
     options.Lockout.DefaultLockoutTimeSpan = TimeSpan.FromMinutes(5);
     options.Lockout.MaxFailedAccessAttempts = 5;
     options.Lockout.AllowedForNewUsers = true;

     // User settings.
     options.User.AllowedUserNameCharacters =
     "abcdefghijklmnopqrstuvwxyzABCDEFGHIJKLMNOPQRSTUVWXYZ0123456789-._@+";
     options.User.RequireUniqueEmail = false;
 });

 services.ConfigureApplicationCookie(options => {
     // Cookie settings
     options.Cookie.HttpOnly = true;
     options.ExpireTimeSpan = TimeSpan.FromMinutes(5);

     options.LoginPath = "/Identity/Account/Login";
     options.AccessDeniedPath = "/Identity/Account/AccessDenied";
     options.SlidingExpiration = true;
 });
 #endregion Configure identity

  2. Use IoC to pass your ApplicationUserClaimsPrincipalFactory to your "Select business/client" request, and use it for add the claim

Sourcerer
  • 1,891
  • 1
  • 19
  • 32