I am using OpenIdConnect provider with Owin/Katana for authentication in my asp.net mvc application. OpenIdConnect Provide authenticates users against Active Directory. I wanted to do a simple authorization check once the user is authenticated and redirect the user to another view.
app.UseOpenIdConnectAuthentication(new OpenIdConnectAuthenticationOptions()
{
Authority = "url",
Scope="scopes",
ResponseType = "response",
ClientId = "clientid",
SignInAsAuthenticationType = "Cookies",
Notifications = new OpenIdConnectAuthenticationNotifications()
{
SecurityTokenValidated = (context) =>
{
var identity = context.AuthenticationTicket.Identity;
var emailClaim = identity.Claims.Where(r => r.Type == ClaimTypes.Email).FirstOrDefault();
var user = dbContext.Users.Where(u=>u.Email==emailClaim.Value);
if (user != null)
{
//add user information to claims.
identity.AddClaim(new Claim(CustomClaimTypes.PersonId, user.Name.ToString()));
}
else
{
//redirect to a page
}
return Task.FromResult(0);
}
}
});
How can I redirect the user if he is not in my database.
To add to the accepted answer in case someone battles with this like I did. I found that the following options worked for me -
Option 1
//redirect to a page
context.AuthenticationTicket.Properties.RedirectUri = "Url";
Option 2
//redirect to a page
context.HandleResponse();
context.Response.Redirect("/Error?message=" + context.Exception.Message);
Be aware that the second option caused my HttpContext.User.Identity to be null. I suppose because HandlResponse discontinues all processing. Still useful if that is not a concern.
I was able to achieve this by writing custom AuthorizeAttribute and using it on every class in my application. In the custom authorize attribute I am checking for the a Claim which will be available if the authorization check is successful and redirecting the user to a separate view if not authorized.
public class CustomAuthorize : AuthorizeAttribute
{
public override void OnAuthorization(System.Web.Mvc.AuthorizationContext filterContext)
{
base.OnAuthorization(filterContext);
if (filterContext.HttpContext.User.Identity.IsAuthenticated)
{
if(UserClaims.PersonId == 0)
{
UrlHelper helper = new UrlHelper(filterContext.RequestContext);
string url = helper.Action("Unauthorized","Error",null,filterContext.HttpContext.Request.Url.Scheme);
filterContext.Result = new RedirectResult(url);
}
}
}
}
If you love us? You can donate to us via Paypal or buy me a coffee so we can maintain and grow! Thank you!
Donate Us With