Fix Orleans identity core claim helpers

KSemenenko · KSemenenko · commit d6352e3b7eee · 2026-05-05T19:12:39.000+02:00
diff --git a/ManagedCode.Orleans.Identity.Core/Extensions/OrleansExtensions.cs b/ManagedCode.Orleans.Identity.Core/Extensions/OrleansExtensions.cs
@@ -1,7 +1,5 @@
-using System;
 using System.Security.Claims;
 using ManagedCode.Orleans.Identity.Core.Constants;
-using ManagedCode.Orleans.Identity.Core.Extensions;
 using Orleans;
 using Orleans.Runtime;
 
@@ -15,6 +13,7 @@ public static class OrleansExtensions
     /// <param name="filter">The incoming grain call filter instance.</param>
     public static string[] GetRoles(this IIncomingGrainCallFilter filter)
     {
-        return RequestContext.Get(ClaimTypes.Role) as string[] ?? [];
+        var requestContext = RequestContext.Get(OrleansIdentityConstants.USER_CLAIMS);
+        return requestContext is ClaimsPrincipal user ? user.GetRoles() : [];
     }
 }
diff --git a/ManagedCode.Orleans.Identity.Core/Serializations/ClaimSurrogate.cs b/ManagedCode.Orleans.Identity.Core/Serializations/ClaimSurrogate.cs
@@ -1,3 +1,4 @@
+using System.Collections.Generic;
 using System.Security.Claims;
 using Orleans;
 
@@ -8,6 +9,8 @@ namespace ManagedCode.Orleans.Identity.Core.Serializations;
 [GenerateSerializer]
 public struct ClaimSurrogate(string type, string value, string valueType, string issuer, string originalIssuer)
 {
+    private const int PropertiesFieldId = 5;
+
     [Id(0)]
     public string Issuer { get; set; } = issuer;
 
@@ -22,6 +25,9 @@ public struct ClaimSurrogate(string type, string value, string valueType, string
 
     [Id(4)]
     public string ValueType { get; set; } = valueType;
+
+    [Id(PropertiesFieldId)]
+    public Dictionary<string, string>? Properties { get; set; }
 }
 
-// This is a converter which converts between the surrogate and the foreign type.
+// This is a converter which converts between the surrogate and the foreign type.
diff --git a/ManagedCode.Orleans.Identity.Core/Serializations/ClaimSurrogateConverter.cs b/ManagedCode.Orleans.Identity.Core/Serializations/ClaimSurrogateConverter.cs
@@ -1,3 +1,4 @@
+using System.Collections.Generic;
 using System.Security.Claims;
 using Orleans;
 
@@ -8,11 +9,25 @@ public sealed class ClaimSurrogateConverter : IConverter<Claim, ClaimSurrogate>
 {
     public Claim ConvertFromSurrogate(in ClaimSurrogate surrogate)
     {
-        return new Claim(surrogate.Type, surrogate.Value, surrogate.ValueType, surrogate.Issuer, surrogate.OriginalIssuer);
+        var claim = new Claim(surrogate.Type, surrogate.Value, surrogate.ValueType, surrogate.Issuer, surrogate.OriginalIssuer);
+        if (surrogate.Properties is null)
+        {
+            return claim;
+        }
+
+        foreach (var property in surrogate.Properties)
+        {
+            claim.Properties[property.Key] = property.Value;
+        }
+
+        return claim;
     }
 
     public ClaimSurrogate ConvertToSurrogate(in Claim value)
     {
-        return new ClaimSurrogate(value.Type, value.Value, value.ValueType, value.Issuer, value.OriginalIssuer);
+        return new ClaimSurrogate(value.Type, value.Value, value.ValueType, value.Issuer, value.OriginalIssuer)
+        {
+            Properties = value.Properties.Count == 0 ? null : new Dictionary<string, string>(value.Properties),
+        };
     }
-}
+}
diff --git a/ManagedCode.Orleans.Identity.Tests/CoreExtensionTests.cs b/ManagedCode.Orleans.Identity.Tests/CoreExtensionTests.cs
@@ -1,4 +1,5 @@
 using System.Security.Claims;
+using ManagedCode.Orleans.Identity.Core.Constants;
 using ManagedCode.Orleans.Identity.Core.Extensions;
 using ManagedCode.Orleans.Identity.Core.Serializations;
 using Orleans.Runtime;
@@ -10,6 +11,8 @@ namespace ManagedCode.Orleans.Identity.Tests;
 public class CoreExtensionTests
 {
     private const string AuthenticationType = "test";
+    private const string ClaimPropertyKey = "metadata-key";
+    private const string ClaimPropertyValue = "metadata-value";
     private const string ClaimValue = "claim-value";
     private const string CustomClaimType = "custom";
     private const string Delimiter = "|";
@@ -55,10 +58,10 @@ public void OrleansExtensions_ReadRolesFromRequestContext()
     {
         try
         {
-            var roles = new[] { RoleUser, RoleAdmin };
-            RequestContext.Set(ClaimTypes.Role, roles);
+            var user = CreatePrincipal();
+            RequestContext.Set(OrleansIdentityConstants.USER_CLAIMS, user);
 
-            OrleansExtensions.GetRoles(null!).ShouldBe(roles);
+            OrleansExtensions.GetRoles(null!).ShouldBe([RoleUser, RoleAdmin], ignoreOrder: true);
         }
         finally
         {
@@ -87,6 +90,18 @@ public void ClaimConverters_RoundTripClaimsPrincipal()
         convertedPrincipal.Identity!.AuthenticationType.ShouldBe(AuthenticationType);
     }
 
+    [Fact]
+    public void ClaimConverter_RoundTripsClaimProperties()
+    {
+        var converter = new ClaimSurrogateConverter();
+        var claim = new Claim(CustomClaimType, ClaimValue);
+        claim.Properties[ClaimPropertyKey] = ClaimPropertyValue;
+
+        var convertedClaim = converter.ConvertFromSurrogate(converter.ConvertToSurrogate(claim));
+
+        convertedClaim.Properties[ClaimPropertyKey].ShouldBe(ClaimPropertyValue);
+    }
+
     [Fact]
     public void ClaimsPrincipalConverter_ReturnsEmptyPrincipalForEmptySurrogate()
     {

Original file line number	Diff line number	Diff line change
`@@ -1,7 +1,5 @@`
`1`		`-using System;`
`2`	`1`	`using System.Security.Claims;`
`3`	`2`	`using ManagedCode.Orleans.Identity.Core.Constants;`
`4`		`-using ManagedCode.Orleans.Identity.Core.Extensions;`
`5`	`3`	`using Orleans;`
`6`	`4`	`using Orleans.Runtime;`
`7`	`5`
`@@ -15,6 +13,7 @@ public static class OrleansExtensions`
`15`	`13`	`/// <param name="filter">The incoming grain call filter instance.</param>`
`16`	`14`	`public static string[] GetRoles(this IIncomingGrainCallFilter filter)`
`17`	`15`	`{`
`18`		`- return RequestContext.Get(ClaimTypes.Role) as string[] ?? [];`
	`16`	`+ var requestContext = RequestContext.Get(OrleansIdentityConstants.USER_CLAIMS);`
	`17`	`+ return requestContext is ClaimsPrincipal user ? user.GetRoles() : [];`
`19`	`18`	`}`
`20`	`19`	`}`