auth improvements related to multi-tenancy

Oqtane.Client/Providers/IdentityAuthenticationStateProvider.cs

@@ -1,29 +1,27 @@
 using System;
+using System.Net;
 using System.Net.Http;
 using System.Net.Http.Json;
 using System.Security.Claims;
-using System.Threading;
 using System.Threading.Tasks;
 using Microsoft.AspNetCore.Components;
 using Microsoft.AspNetCore.Components.Authorization;
 using Microsoft.Extensions.DependencyInjection;
 using Oqtane.Models;
-using Oqtane.Services;
+using Oqtane.Security;
 using Oqtane.Shared;
 
 namespace Oqtane.Providers
 {
     public class IdentityAuthenticationStateProvider : AuthenticationStateProvider
     {
-        private readonly NavigationManager _navigationManager;
-        private readonly SiteState _siteState;
         private readonly IServiceProvider _serviceProvider;
-
-        public IdentityAuthenticationStateProvider(NavigationManager navigationManager, SiteState siteState, IServiceProvider serviceProvider)
+        private readonly NavigationManager _navigationManager;
+ 
+        public IdentityAuthenticationStateProvider(IServiceProvider serviceProvider, NavigationManager navigationManager)
         {
-            _navigationManager = navigationManager;
-            _siteState = siteState;
             _serviceProvider = serviceProvider;
+            _navigationManager = navigationManager;
         }
 
         public override async Task<AuthenticationState> GetAuthenticationStateAsync()
@@ -32,17 +30,14 @@ namespace Oqtane.Providers
 
             // get HttpClient lazily from IServiceProvider as you cannot use standard dependency injection due to the AuthenticationStateProvider being initialized prior to NavigationManager(https://github.com/aspnet/AspNetCore/issues/11867 )
             var http = _serviceProvider.GetRequiredService<HttpClient>();
-            string apiurl = "/api/User/authenticate";
-            User user = await http.GetFromJsonAsync<User>(apiurl);
+            // get alias as SiteState has not been initialized ( cannot use AliasService as it is not yet registered )
+            var path = new Uri(_navigationManager.Uri).LocalPath.Substring(1);
+            var alias = await http.GetFromJsonAsync<Alias>($"/api/Alias/name/?path={WebUtility.UrlEncode(path)}&sync={DateTime.UtcNow.ToString("yyyyMMddHHmmssfff")}");
+            // get user
+            User user = await http.GetFromJsonAsync<User>(Utilities.TenantUrl(alias, "/api/User/authenticate"));
             if (user.IsAuthenticated)
             {
-                identity = new ClaimsIdentity("Identity.Application");
-                identity.AddClaim(new Claim(ClaimTypes.Name, user.Username));
-                identity.AddClaim(new Claim(ClaimTypes.PrimarySid, user.UserId.ToString()));
-                foreach (string role in user.Roles.Split(new[] { ';' }, StringSplitOptions.RemoveEmptyEntries))
-                {
-                    identity.AddClaim(new Claim(ClaimTypes.Role, role));
-                }
+                identity = UserSecurity.CreateClaimsIdentity(alias, user);
             }
 
             return new AuthenticationState(new ClaimsPrincipal(identity));