BLAZOR 6.0 Getting the ClaimsPrincipal on business object

[jhuerta3]

Hello All,

Im trying to pass around the logon user GUID ID so that I can use it when inserting new records into the database. Can someone tell me how I can get that value from the business object e.g PersonEdit. Also how you all use that data on the razor components. I have been trying to get the id value throughout the application but have not found a good way to do so. I created a CustomAccountFactory : AccountClaimsPrincipalFactory with all the claims that I need including PersonID as claim but it has been difficult to extract it since PersonID is not a specific ClaimTypes

Thank you.

[michaelcsikos]

You can add any claims that you want — each claim is basically a key/value pair. We're doing something like:

public ClaimsPrincipal GetPrincipal()
{
    var identity = new ClaimsIdentity(AuthenticationType);

    if (!string.IsNullOrWhiteSpace(Name))
    {
        identity.AddClaim(new Claim(Person.ID, Id.ToString()));
        identity.AddClaim(new Claim(ClaimTypes.Name, Name));

        if (CompanyId.HasValue)
            identity.AddClaim(new Claim(Person.COMPANY_ID, CompanyId.ToString()));

        if (Roles != null)
        {
            foreach (var item in Roles)
                identity.AddClaim(new Claim(ClaimTypes.Role, item));
        }
    }

    return new ClaimsPrincipal(identity);
}

And we've added some extension methods to make life easier:

public static class ClaimsPrincipalExtensions
{
    public static Guid GetId(this ClaimsPrincipal instance)
    {
        var claim = instance.Claims.Where(c => c.Type == Person.ID).FirstOrDefault();

        if (claim != null)
            return Guid.Parse(claim.Value);

        return Guid.Empty;
    }

    public static Guid? GetCompanyId(this ClaimsPrincipal instance)
    {
        var claim = instance.Claims.Where(c => c.Type == Person.COMPANY_ID).FirstOrDefault();

        if (claim != null)
            return Guid.Parse(claim.Value);

        return null;
    }
}

CSLA objects can access the ClaimsPrincipal via ApplicationContext.Principal.

If you haven't implemented the log in yet, the Blazor Server and Blazor Client examples show how it's done. They're quite different approaches, unfortunately.

[jhuerta3]

Sharing this in case someone else can use it. I have a CustomAccountFactory and I was trying to get namespace.Shared.EmployeeEdit business object during the login process. I was not aware of how I can set the so that the controller would Authorized the access. I was empty since the code had not set it yet and my fetch would fail. We are authenticating with MS.Graph Azure

 ApplicationContext appcontex = serviceProvider.GetService<Csla.ApplicationContext>();
                appcontex.Principal = initialUser;


public class CustomAccountFactory : AccountClaimsPrincipalFactory<CustomUserAccount>
{
    private readonly ILogger<CustomAccountFactory> logger;
    private readonly IServiceProvider serviceProvider;

    public CustomAccountFactory(IAccessTokenProviderAccessor accessor,
        IServiceProvider serviceProvider,
        ILogger<CustomAccountFactory> logger)
        : base(accessor)
    {
        this.serviceProvider = serviceProvider;
        this.logger = logger;
    }
    public override async ValueTask<ClaimsPrincipal> CreateUserAsync(
        CustomUserAccount account,
        RemoteAuthenticationUserOptions options)
    {

        var initialUser = await base.CreateUserAsync(account, options);

        if (initialUser.Identity.IsAuthenticated)
        {
            var userIdentity = (ClaimsIdentity)initialUser.Identity;

            foreach (var role in account.Roles)
            {
                userIdentity.AddClaim(new Claim("appRole", role));
            }

            foreach (var wid in account.Wids)
            {
                userIdentity.AddClaim(new Claim("directoryRole", wid));
            }

            try
            {
                var graphClient = ActivatorUtilities.CreateInstance<GraphServiceClient>(serviceProvider);
                var requestMe = graphClient.Me.Request();
                var user = await requestMe.GetAsync();
                ApplicationContext appcontex = serviceProvider.GetService<Csla.ApplicationContext>();
                appcontex.Principal = initialUser;
                var portal = serviceProvider.GetService<Csla.IDataPortalFactory>();
                var obj = portal.GetPortal<namespace.Shared.EmployeeEdit>();
               namespace.Shared.EmployeeEdit employee = await obj.FetchAsync(user.Mail);

                
                if (user != null && employee != null)
                {
                    userIdentity.AddClaim(new Claim("EmployeeID", employee.EmployeeID.ToString()));
                    userIdentity.AddClaim(new Claim("PrimarySid", employee.EmployeeID.ToString()));
                    userIdentity.AddClaim(new Claim("EmployeeNumber", employee.EmployeeNumber.ToString()));
                    userIdentity.AddClaim(new Claim("EmployeeDeptID", employee.DeptID.ToString()));
                    userIdentity.AddClaim(new Claim("GroupSid", employee.DeptID.ToString()));
                    userIdentity.AddClaim(new Claim("EmployeeName", employee.DisplayName.ToString()));
                }

            }
            catch (ServiceException exception)
            {
                logger.LogError("Csla DataPortal API service failure: {Message}",
                    exception.Message);
            }

        }

        return initialUser;
    }
}