# User Identity Provider `IIdentityProviderService` in assembly SanteDB.Core.Api version 3.0.1980.0 ## Summary Identity provider service ## Events | Event | Type | Description | | -------------- | -------------------------------------- | ------------------------------------------------- | | Authenticating | EventHandler\ | Fired prior to an authentication event | | Authenticated | EventHandler\ | Fired after an authentication decision being made | ## Operations | Operation | Response/Return | Input/Parameter | Description | | ------------------------ | -------------------- | ------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------ | ----------------------------------------------------------------------------------------------------------- | | GetIdentity | IIdentity | *String* **userName** | Retrieves an identity from the object | | GetIdentity | IIdentity | *Guid* **sid** | Retrieves an identity from the object | | CreateIdentity | IIdentity |

String userName
String password
IPrincipal principal
Nullable\ withSid

| Create a basic identity in the provider | | Authenticate | IPrincipal |

String userName
String password
IEnumerable\ clientClaimAssertions
IEnumerable\ demandedScopes

| Authenticate the user creating an identity | | Authenticate | IPrincipal |

String userName
String password
String tfaSecret
IEnumerable\ clientClaimAssertions
IEnumerable\ demandedScopes

| Authenticate the user creating an identity | | ReAuthenticate | IPrincipal | *IPrincipal* **principal** | Recheck the authentication of an already authenticated . | | ChangePassword | void |

String userName
String newPassword
IPrincipal principal
Boolean isSynchronizationOperation

| Change user password | | DeleteIdentity | void |

String userName
IPrincipal principal

| Delete an identity | | SetLockout | void |

String userName
Boolean lockout
IPrincipal principal

| Set lockout | | AddClaim | void |

String userName
IClaim claim
IPrincipal principal
Nullable\ expiry

| Adds a claim to the specified user account | | RemoveClaim | void |

String userName
String claimType
IPrincipal principal

| Removes a claim from the specified user account | | GetClaims | IEnumerable\ | *String* **userName** | Get all active claims for the specified user | | GetSid | Guid | *String* **userName** | Get the SID for the named user | | GetAuthenticationMethods | AuthenticationMethod | *String* **userName** | Gets the applicable authentication methods from the identity provider for | | ExpirePassword | void |

String userName
IPrincipal principal

| Indicates that the password for the should be immediately expired (user must change password at next login) | ## Implementations ### BridgedIdentityProvider - (SanteDB.Client) Represents an identity provider which bridges local and upstream #### Service Registration ```markup ...
... ... ``` ### UpstreamIdentityProvider - (SanteDB.Client) Represents an implementation of the [IIdentityProviderService](http://santesuite.org/assets/doc/net/html/T_SanteDB_Core_Security_Services_IIdentityProviderService.htm) which uses an upstream oauth server #### Service Registration ```markup ...
... ... ``` ### AdoIdentityProvider - (SanteDB.Persistence.Data) An identity provider implemented for .NET #### Service Registration ```markup ...
... ... ``` ## Example Implementation ```csharp /// Example Implementation using SanteDB.Core.Security.Services; /// Other usings here public class MyIdentityProviderService : SanteDB.Core.Security.Services.IIdentityProviderService { public String ServiceName => "My own IIdentityProviderService service"; /// /// Fired prior to an authentication event /// public event EventHandler Authenticating; /// /// Fired after an authentication decision being made /// public event EventHandler Authenticated; /// /// Retrieves an identity from the object /// public IIdentity GetIdentity(String userName){ throw new System.NotImplementedException(); } /// /// Retrieves an identity from the object /// public IIdentity GetIdentity(Guid sid){ throw new System.NotImplementedException(); } /// /// Create a basic identity in the provider /// public IIdentity CreateIdentity(String userName,String password,IPrincipal principal,Nullable withSid){ throw new System.NotImplementedException(); } /// /// Authenticate the user creating an identity /// public IPrincipal Authenticate(String userName,String password,IEnumerable clientClaimAssertions,IEnumerable demandedScopes){ throw new System.NotImplementedException(); } /// /// Authenticate the user creating an identity /// public IPrincipal Authenticate(String userName,String password,String tfaSecret,IEnumerable clientClaimAssertions,IEnumerable demandedScopes){ throw new System.NotImplementedException(); } /// /// Recheck the authentication of an already authenticated . /// public IPrincipal ReAuthenticate(IPrincipal principal){ throw new System.NotImplementedException(); } /// /// Change user password /// public void ChangePassword(String userName,String newPassword,IPrincipal principal,Boolean isSynchronizationOperation){ throw new System.NotImplementedException(); } /// /// Delete an identity /// public void DeleteIdentity(String userName,IPrincipal principal){ throw new System.NotImplementedException(); } /// /// Set lockout /// public void SetLockout(String userName,Boolean lockout,IPrincipal principal){ throw new System.NotImplementedException(); } /// /// Adds a claim to the specified user account /// public void AddClaim(String userName,IClaim claim,IPrincipal principal,Nullable expiry){ throw new System.NotImplementedException(); } /// /// Removes a claim from the specified user account /// public void RemoveClaim(String userName,String claimType,IPrincipal principal){ throw new System.NotImplementedException(); } /// /// Get all active claims for the specified user /// public IEnumerable GetClaims(String userName){ throw new System.NotImplementedException(); } /// /// Get the SID for the named user /// public Guid GetSid(String userName){ throw new System.NotImplementedException(); } /// /// Gets the applicable authentication methods from the identity provider for /// public AuthenticationMethod GetAuthenticationMethods(String userName){ throw new System.NotImplementedException(); } /// /// Indicates that the password for the should be immediately expired (user must change password at next login) /// public void ExpirePassword(String userName,IPrincipal principal){ throw new System.NotImplementedException(); } } ``` ## References * [IIdentityProviderService C# Documentation](http://santesuite.org/assets/doc/net/html/T_SanteDB_Core_Security_Services_IIdentityProviderService.htm) * [BridgedIdentityProvider C# Documentation](http://santesuite.org/assets/doc/net/html/T_SanteDB_Client_Upstream_Security_BridgedIdentityProvider.htm) * [UpstreamIdentityProvider C# Documentation](http://santesuite.org/assets/doc/net/html/T_SanteDB_Client_Upstream_Security_UpstreamIdentityProvider.htm) * [AdoIdentityProvider C# Documentation](http://santesuite.org/assets/doc/net/html/T_SanteDB_Persistence_Data_Services_AdoIdentityProvider.htm) --- # Agent Instructions: Querying This Documentation If you need additional information that is not directly available in this page, you can query the documentation dynamically by asking a question. Perform an HTTP GET request on the current page URL with the `ask` query parameter: ``` GET https://help.santesuite.org/developers/server-plugins/implementing-.net-features/service-definitions/user-identity-provider.md?ask= ``` The question should be specific, self-contained, and written in natural language. The response will contain a direct answer to the question and relevant excerpts and sources from the documentation. Use this mechanism when the answer is not explicitly present in the current page, you need clarification or additional context, or you want to retrieve related documentation sections.