CODEWITHSUNDEEP
asp.netazure
Aayush Gulati
Aayush Gulati

Reputation: 11

How do I add custom claims to an ACS Service Identity

I'm using Window Azure platform for my application where i'm trying to fetch user's information from their accounts in google/yahoo..

But the info m getting is only their name, email address and identity provider through Azure's input/output claims...Can someone help me fetching their country or their mobilenumber when they have registered in google/yahoo

Here is my sample code for fetching the claims:

protected void Page_Load(object sender, EventArgs e)
    {
        {
            ClaimsPrincipal icp = Thread.CurrentPrincipal as ClaimsPrincipal;
            ClaimsIdentity claimsidentity = icp.Identity as ClaimsIdentity;
            string  email = "", name = "", idprovider = "" ;
            foreach (Claim c in claimsidentity.Claims)
            {

                if (c.ClaimType == "http://schemas.xmlsoap.org/ws/2005/05/identity/claims/emailaddress")
                {
                    email = c.Value;
                }
                if (c.ClaimType == "http://schemas.xmlsoap.org/ws/2005/05/identity/claims/name")
                {
                    name = c.Value;
                }
                if (c.ClaimType == "http://schemas.microsoft.com/accesscontrolservice/2010/07/claims/identityprovider")
                {
                    idprovider = c.Value;
                }

            }

            Label1.Text = (name + email + idprovider);

When m editing my rules, the ClaimsPrincipal is not counting country/mobilenumber values into its account....PLZ HELP !!!!!

Upvotes: 1

Views: 331

Answers (1)

Yossi Dahan
Yossi Dahan

Reputation: 5357

As far as I know - not directly, and that's how it should be!

When a user agrees to provide his or hers identity with your application they do not necessarily, and certainly do not explicitly agree to share profile information with you and so identity providers should really not do that.

In my humble opinion some providers already provide too much - I would haven't expected them to share anything but a GUID, much like Microsoft does. Google for example shares the name as well as the email address and I did not necessarily want to allow that. many a-time I would have preferred to keep my gmail email address private and provide a different one, or none at all, to the application I'm signing in to.

In short - the view is that if you want any information about your users - you should ask them for it and not get it from elsewhere.

More on this view, if interested, here - http://yossidahan.wordpress.com/2012/02/19/end-to-end-authentication-and-authorisation-scenario-for-mvcacs/

Upvotes: 2

Related Questions