Add ClaimType to the options

- Add the possibility to override the ClaimType
  for `User.Identity.Name` field
- Update Sample

+semver: feature

Author: kirkone

README.md

@@ -83,6 +83,22 @@ public string UserName()
 
 If you want to add roles to the `User` property you can have a look in `Transformers/ClaimsTransformer.cs` in the Sample project. There you can see an example how to get started with this.
 
+### Custom options
+
+You can provide additional options vor the middleware:
+
+```
+).AddEasyAuth(
+                options =>
+                {
+                    // Override the default claim for the User.Identity.Name field 
+                    options.NameClaimType = ClaimTypes.Email;
+                }
+            );
+```
+
+The `NameClaimType` is the ClaimType of the value which one will be used to fill the `User.Identity.Name` field.
+
 ### Local Debugging
 
 For debugging your application you can place a `me.json` in the `wwwroot/.auth` folder of your web app and add some configuration to the `AddEasyAuth` call.  

src/KK.AspNetCore.EasyAuthAuthentication.Sample/Startup.cs

@@ -12,6 +12,7 @@ namespace KK.AspNetCore.EasyAuthAuthentication.Sample
     using Microsoft.AspNetCore.Authentication;
     using KK.AspNetCore.EasyAuthAuthentication.Sample.Transformers;
     using KK.AspNetCore.EasyAuthAuthentication.Sample.Repositories;
+    using System.Security.Claims;
 
     public class Startup
     {
@@ -51,6 +52,9 @@ public void ConfigureServices(IServiceCollection services)
                         // in publish site output which is desirable in this case.
                         options.AuthEndpoint = ".auth/me.json";
                     }
+
+                    // Override the default claim for the User.Identity.Name field 
+                    options.NameClaimType = ClaimTypes.Email;
                 }
             );
 
@@ -76,9 +80,9 @@ public void Configure(IApplicationBuilder app, IHostingEnvironment env)
             {
                 app.UseExceptionHandler("/Error");
                 app.UseHsts();
+                app.UseHttpsRedirection();
             }
 
-            app.UseHttpsRedirection();
             app.UseStaticFiles();
             app.UseSpaStaticFiles();
 

src/KK.AspNetCore.EasyAuthAuthentication.Sample/Transformers/ClaimsTransformer.cs

@@ -31,8 +31,6 @@ public async Task<ClaimsPrincipal> TransformAsync(ClaimsPrincipal principal)
         {
             if (principal.Identity.IsAuthenticated)
             {
-
-
                 var claimsIdentity = (ClaimsIdentity)principal.Identity;
                 var userIdentifier = claimsIdentity.Name;
                 List<string> roles;
@@ -47,8 +45,6 @@ public async Task<ClaimsPrincipal> TransformAsync(ClaimsPrincipal principal)
                     var dbRoles = await this.repository.GetRoles(userIdentifier);
 
                     roles.AddRange(dbRoles);
-
-
                 }
 
                 roles.AddRange(claimsIdentity.Claims.Where(c => c.Type == ClaimTypes.Role).Select(c => c.Value));

src/KK.AspNetCore.EasyAuthAuthentication/AuthenticationTicketBuilder.cs

@@ -12,21 +12,20 @@ internal static class AuthenticationTicketBuilder
         /// Build a `AuthenticationTicket` from the given payload, the principal name and the provider name.
         /// </summary>
         /// <param name="claimsPayload">A array of JObjects that have a `type` and a `val` property.</param>
-        /// <param name="userid">The user ID of the current user.</param>
         /// <param name="providerName">The provider name of the current auth provider.</param>
+        /// <param name="options">The <c>EasyAuthAuthenticationOptions</c> to use.</param>
         /// <returns>A `AuthenticationTicket`.</returns>
-        public static AuthenticationTicket Build(IEnumerable<JObject> claimsPayload, string userid, string providerName)
+        public static AuthenticationTicket Build(IEnumerable<JObject> claimsPayload, string providerName, EasyAuthAuthenticationOptions options)
         {
             // setting ClaimsIdentity.AuthenticationType to value that Azure AD non-EasyAuth setups use
             var identity = new ClaimsIdentity(
                 CreateClaims(claimsPayload),
                 AuthenticationTypesNames.Federation,
-                ClaimTypes.Upn,
-                ClaimTypes.Role
+                options.NameClaimType,
+                options.RoleClaimType
             );
 
             AddScopeClaim(identity);
-            AddUserIdClaim(identity, userid);
             AddProviderNameClaim(identity, providerName);
             var genericPrincipal = new ClaimsPrincipal(identity);
 
@@ -79,11 +78,11 @@ private static void AddProviderNameClaim(ClaimsIdentity identity, string provide
             }
         }
 
-        private static void AddUserIdClaim(ClaimsIdentity identity, string userid)
+        private static void AddUserIdClaim(ClaimsIdentity identity, string claimType, string userid)
         {
-            if (!identity.Claims.Any(claim => claim.Type == ClaimTypes.Upn))
+            if (!identity.Claims.Any(claim => claim.Type == claimType))
             {
-                identity.AddClaim(new Claim(ClaimTypes.Upn, userid));
+                identity.AddClaim(new Claim(claimType, userid));
             }
         }
     }

src/KK.AspNetCore.EasyAuthAuthentication/EasyAuthAuthenticationHandler.cs

@@ -21,11 +21,11 @@ public class EasyAuthAuthenticationHandler : AuthenticationHandler<EasyAuthAuthe
         private static readonly Func<IHeaderDictionary, string, bool> IsHeaderSet =
             (headers, headerName) => !string.IsNullOrEmpty(headers[headerName].ToString());
 
-        private static readonly Func<IHeaderDictionary, ClaimsPrincipal, HttpRequest, string, bool> CanUseEasyAuthJson =
-            (headers, user, request, authEndpoint) =>
+        private static readonly Func<IHeaderDictionary, ClaimsPrincipal, HttpRequest, EasyAuthAuthenticationOptions, bool> CanUseEasyAuthJson =
+            (headers, user, request, options) =>
                 IsContextUserNotAuthenticated(user)
                 && !IsHeaderSet(headers, AuthTokenHeaderNames.AADIdToken)
-                && request.Path != "/" + $"{authEndpoint}";
+                && request.Path != "/" + $"{options.AuthEndpoint}";
 
         private readonly Func<IHeaderDictionary, ClaimsPrincipal, bool> canUseHeaderAuth =
             (headers, user) => IsContextUserNotAuthenticated(user) &&
@@ -53,11 +53,11 @@ protected override async Task<AuthenticateResult> HandleAuthenticateAsync()
 
             if (this.canUseHeaderAuth(this.Context.Request.Headers, this.Context.User))
             {
-                return EasyAuthWithHeaderService.AuthUser(this.Logger, this.Context);
+                return EasyAuthWithHeaderService.AuthUser(this.Logger, this.Context, this.Options);
             }
-            else if (CanUseEasyAuthJson(this.Context.Request.Headers, this.Context.User, this.Context.Request, this.Options.AuthEndpoint))
+            else if (CanUseEasyAuthJson(this.Context.Request.Headers, this.Context.User, this.Context.Request, this.Options))
             {
-                return await EasyAuthWithAuthMeService.AuthUser(this.Logger, this.Context, this.Options.AuthEndpoint);
+                return await EasyAuthWithAuthMeService.AuthUser(this.Logger, this.Context, this.Options);
             }
             else
             {

src/KK.AspNetCore.EasyAuthAuthentication/EasyAuthAuthenticationOptions.cs

@@ -1,6 +1,7 @@
 namespace KK.AspNetCore.EasyAuthAuthentication
 {
     using System;
+    using System.Security.Claims;
     using Microsoft.AspNetCore.Authentication;
 
     /// <summary>
@@ -13,5 +14,17 @@ public class EasyAuthAuthenticationOptions : AuthenticationSchemeOptions
         /// </summary>
         /// <value>A relative path to the <c>wwwroot</c> folder.</value>
         public string AuthEndpoint { get; set; } = ".auth/me";
+
+        /// <summary>
+        /// The <c>ClaimType</c> for the Idendity User.
+        /// </summary>
+        /// <value>The Claim Type to use for the User. Default is <c>ClaimTypes.Name</c>.</value>
+        public string NameClaimType { get; set; } = ClaimTypes.Name;
+        
+        /// <summary>
+        /// The <c>ClaimType</c> for the Idendity Role.
+        /// </summary>
+        /// <value>The Claim Type to use for the Roles. Default is <c>ClaimTypes.Role</c>.</value>
+        public string RoleClaimType { get; set; } = ClaimTypes.Role;
     }
 }

src/KK.AspNetCore.EasyAuthAuthentication/Services/EasyAuthWithAuthMeService.cs

@@ -19,13 +19,13 @@ private EasyAuthWithAuthMeService(
             string host,
             IRequestCookieCollection cookies,
             IHeaderDictionary headers,
-            string authEndPoint)
+            EasyAuthAuthenticationOptions options)
         {
             this.HttpSchema = httpSchema;
             this.Host = host;
             this.Cookies = cookies;
             this.Headers = headers;
-            this.AuthEndPoint = authEndPoint;
+            this.Options = options;
             this.Logger = logger;
         }
 
@@ -35,7 +35,7 @@ private EasyAuthWithAuthMeService(
 
         private IHeaderDictionary Headers { get; }
 
-        private string AuthEndPoint { get; }
+        private EasyAuthAuthenticationOptions Options { get; }
 
         private ILogger Logger { get; }
 
@@ -47,9 +47,9 @@ private EasyAuthWithAuthMeService(
         /// </summary>
         /// <param name="logger">An instance of <see cref="ILogger"/>.</param>
         /// <param name="context">The http context with the missing user claim.</param>
-        /// <param name="authEndpoint">The auth endpoint where we find the easy auth json.</param>
+        /// <param name="options">The <c>EasyAuthAuthenticationOptions</c> to use.</param>
         /// <returns>An <see cref="AuthenticateResult" />.</returns>
-        public static async Task<AuthenticateResult> AuthUser(ILogger logger, HttpContext context, string authEndpoint)
+        public static async Task<AuthenticateResult> AuthUser(ILogger logger, HttpContext context, EasyAuthAuthenticationOptions options)
         {
             try
             {
@@ -59,7 +59,7 @@ public static async Task<AuthenticateResult> AuthUser(ILogger logger, HttpContex
                     context.Request.Host.ToString(),
                     context.Request.Cookies,
                     context.Request.Headers,
-                    authEndpoint);
+                    options);
 
                 var ticket = await authService.CreateUserTicket();
                 logger.LogInformation("Set identity to user context object.");
@@ -91,16 +91,14 @@ private async Task<AuthenticationTicket> CreateUserTicket()
 
         private AuthenticationTicket BuildIdentityFromEasyAuthMeJson(JObject payload)
         {
-            var userid = payload["user_id"].Value<string>();
-            this.Logger.LogDebug($"payload was fetched from easyauth me json, name: {userid}");
             var providerName = payload["provider_name"].Value<string>();
             this.Logger.LogDebug($"payload was fetched from easyauth me json, provider: {providerName}");
 
             this.Logger.LogInformation("building claims from payload...");
             return AuthenticationTicketBuilder.Build(
                     payload["user_claims"].Children<JObject>(),
-                    userid,
-                    providerName
+                    providerName,
+                    this.Options
                 );
         }
 
@@ -132,7 +130,7 @@ private async Task<JArray> GetAuthMe(HttpClientHandler handler, HttpRequestMessa
 
         private HttpRequestMessage CreateAuthRequest(ref CookieContainer cookieContainer)
         {
-            this.Logger.LogInformation($"identity not found, attempting to fetch from auth endpoint '/{this.AuthEndPoint}'");
+            this.Logger.LogInformation($"identity not found, attempting to fetch from auth endpoint '/{this.Options.AuthEndpoint}'");
 
             var uriString = $"{this.HttpSchema}://{this.Host}";
 
@@ -152,13 +150,13 @@ private HttpRequestMessage CreateAuthRequest(ref CookieContainer cookieContainer
 
             // fetch value from endpoint
             var authMeEndpoint = string.Empty;
-            if (this.AuthEndPoint.StartsWith("http"))
+            if (this.Options.AuthEndpoint.StartsWith("http"))
             {
-                authMeEndpoint = this.AuthEndPoint; // enable pulling from places like storage account private blob container
+                authMeEndpoint = this.Options.AuthEndpoint; // enable pulling from places like storage account private blob container
             }
             else
             {
-                authMeEndpoint = $"{uriString}/{this.AuthEndPoint}"; // localhost relative path, e.g. wwwroot/.auth/me.json
+                authMeEndpoint = $"{uriString}/{this.Options.AuthEndpoint}"; // localhost relative path, e.g. wwwroot/.auth/me.json
             }
 
             var request = new HttpRequestMessage(HttpMethod.Get, authMeEndpoint);

src/KK.AspNetCore.EasyAuthAuthentication/Services/EasyAuthWithHeaderService.cs

@@ -15,25 +15,30 @@ internal class EasyAuthWithHeaderService
 
         private EasyAuthWithHeaderService(
             ILogger logger,
-            IHeaderDictionary headers)
+            IHeaderDictionary headers,
+            EasyAuthAuthenticationOptions options)
         {
             this.Logger = logger;
             this.Headers = headers;
+            this.Options = options;
         }
 
         private ILogger Logger { get; }
 
         private IHeaderDictionary Headers { get; }
 
+        private EasyAuthAuthenticationOptions Options { get; }
+
         /// <summary>
         /// build up identity from X-MS-TOKEN-AAD-ID-TOKEN header set by EasyAuth filters if user openId connect session cookie or oauth bearer token authenticated ...
         /// </summary>
         /// <param name="logger">An instance of <see cref="ILogger"/>.</param>
         /// <param name="context">Http context of the request.</param>
+        /// <param name="options">The <c>EasyAuthAuthenticationOptions</c> to use.</param>
         /// <returns>An <see cref="AuthenticateResult" />.</returns>
-        public static AuthenticateResult AuthUser(ILogger logger, HttpContext context)
+        public static AuthenticateResult AuthUser(ILogger logger, HttpContext context, EasyAuthAuthenticationOptions options)
         {
-            var service = new EasyAuthWithHeaderService(logger, context.Request.Headers);
+            var service = new EasyAuthWithHeaderService(logger, context.Request.Headers, options);
             var ticket = service.BuildIdentityFromEasyAuthRequestHeaders();
 
             logger.LogInformation("Set identity to user context object.");
@@ -45,8 +50,6 @@ public static AuthenticateResult AuthUser(ILogger logger, HttpContext context)
 
         private AuthenticationTicket BuildIdentityFromEasyAuthRequestHeaders()
         {
-            var userid = this.Headers[PrincipalNameHeader][0];
-            this.Logger.LogDebug($"payload was fetched from EasyAuth headers, name: {userid}");
             var providerName = this.Headers[PrincipalIdpHeaderName][0];
             this.Logger.LogDebug($"payload was fetched from easyauth me json, provider: {providerName}");
 
@@ -59,7 +62,7 @@ private AuthenticationTicket BuildIdentityFromEasyAuthRequestHeaders()
 
             var claims = xMsClientPrincipal["claims"].Children<JObject>();
 
-            return AuthenticationTicketBuilder.Build(claims, userid, providerName);
+            return AuthenticationTicketBuilder.Build(claims, providerName, this.Options);
         }
     }
 }