Reputation: 391
.Net 4.5 custom claims not recreated
I have searched on this subject and am just getting more confused.
We have a Forms Authentication web application. I have changed the old FormsAuthentication.SetCookie statement to instead create a GenericPrincipal containing a FormsIdentity, then I have added a couple of custom claims, then I write a sessionsecuritytokentocookie using SessionAuthenticationModule. I am getting slightly confused with FederatedAuthentication - I am using FederatedAuthentication.SessionAuthenticationModule to write the token but I think this is the same as just using Modules("SessionAuthenticationModule") in my case?
Anyway, the authentication works fine but my custom claims are not being recreated. I am not using membership providers or role providers - does that matter?
I have read about SessionAuthenticationModules, ClaimsAuthenticationManagers, ClaimsTransformationModules but I am no longer certain which of these I should be using or how? Currently I just add my claims where the old login code was (I haven't got time to rewrite the whole login process) and I was expecting these claims to be recreated automatically on each request.
What do I need to do - obviously I do not want to have to go to the database every time to rebuild them - I thought they were being stored in the cookie and recreated automatically.
Upvotes: 0
Views: 693
Answers (2)
Reputation: 18482
Your approach is fine - you create a ClaimsPrincipal with all the claims you need and write out the session cookie. No need for a claims authentication manager.
possible gotchas:
- make sure you set the authentication type when creating the ClaimsIdentity - otherwise the client will not be authenticated
- by default session cookies require SSL (the browser won't resend the cookie over plain text). This can be changed but is not recommended.
Upvotes: 1
Reputation: 2278
You need custom ClaimsAuthenticationManager, it will be called once and add claims. Don't forget to register this custom class in your application:
public override ClaimsPrincipal Authenticate(string resourceName, ClaimsPrincipal incomingPrincipal)
{
//works only with one default identity
//In contra to a a default implementation modify incomingPrincipal by adding claims)
if (incomingPrincipal != null && incomingPrincipal.Identity.IsAuthenticated == true)
{
ClaimsIdentity claimsIdentity = incomingPrincipal.Identity as ClaimsIdentity;
if (claimsIdentity != null)
{
IEnumerable<Claim> claims = new Claim[] { };
claims = claims.Concat(CreateIdsClaims(incomingPrincipal.Identity.Name));
claims = claims.Concat<Claim>(CreateRoleClaims(GetRolesByName(incomingPrincipal.Identity.Name)));
claimsIdentity.AddClaims(claims);
}
return incomingPrincipal;
}
return null;
}
Upvotes: 0
Related Questions
- Custom Claims are not being accessed in client with identityserver 4 .Net core 2.0
- ASP.NET Core custom claims are lost
- Custom Claims lost on Identity re validation
- Unable to add and fetch custom claims values
- Adding custom claim not working in asp.net core identity
- ASP.Net and WIF only one claim available but other claims are showing in the trace
- Custom Claim in MVC5 returns nothing
- ClaimsAuthenticationManager is not invoked
- ASP.NET Added Claims are Missing
- WIF 4.5 Claim Value - Object reference not set to an instance of an object