Modifying User Access Token¶
This article contains information on how to create custom properties and logic using the user’s access token. Custom properties can be useful for adding conditions to determine whether a user’s token is valid or for implementing hidden filters. Below is a general guide of how to perform these tasks. Note that this guide is not applicable to deployment mode 0.
Adding a custom property to the User Info¶
You can add your own custom property to the application’s UserInfo object, which is used to create the access token. Please note that this model is different from the User object native within Izenda.
public class UserInfo { public string UserName { get; set; } // This corresponds to the 'TenantID' field in the IzendaTenant table public string TenantUniqueName { get; set; } // add a custom property public string FavoriteGroup { get; set; } // default constructor public UserInfo() { //Set our custom property for now, but in the future this can be set in a different place FavoriteGroup = "ID"; } }
After modifying the UserInfo object definition in your integrated environment, the new property can be set in various ways in your code. Below is an example of setting the property using the GenerateToken method.
[HttpGet] [Authorize] public ActionResult GenerateToken() { var username = User.Identity.GetUserName(); var tenantName = ((System.Security.Claims.ClaimsIdentity)User.Identity).FindFirstValue("tenantName"); var favoriteGroup = ((System.Security.Claims.ClaimsIdentity)User.Identity).FindFirstValue("favoriteGroup"); var user = new UserInfo { UserName = username, TenantUniqueName = tenantName, FavoriteGroup = favoriteGroup }; var token = IzendaBoundary.IzendaTokenAuthorization.GetToken(user); return Json(new { token = token }, JsonRequestBehavior.AllowGet); }
In the above example, we are obtaining the value from the ClaimsIdentity used inside the application. Such a claim can be set when the user logs in or after selecting a specific option. Then any time the user accesses Izenda, the FavoriteGroup property in the UserInfo will be set and integrated into the access token. The FavoriteGroup property can then be used in the ValidateIzendaAuthToken route to perform custom logic.
Adding decryption logic to IAdHocExtension¶
If you are running a deployment mode 1 or 2 solution, you will need to add the same decryption logic used to decrypt the access token within the application to the IAdHocExtension solution. In this example, we will use the IzendaBoundary resources from the MVC5 starter kit. If you are running a deployment mode 3 solution, the IzendaBoundary resources and IAdHocExtension class will exist in the same solution and will thus be available in all contexts.
- If you are using the IAdHocExtension sample from the github repository, copy IzendaTokenAuthorization.cs, StringCipher.cs, and UserInfo.cs (located in the models sub-folder) from the IzendaBoundary folder in your MVC5 starter kit. You may need to change the namespaces on these files.
- IzendaTokenAuthorization.cs requires the Newtonsoft.Json NuGet package, so you will need to add the package to your IAdHocExtension solution (ensure it’s the same version as the one in the bin/Web.config of your MVC5 starter kit)
- Add a reference to System.Configuration