Reputation: 573
Custom Claim using complex type is not deserialized correctly
I'm using Claims authentication in an ASP.NET MVC 4.5 application. I'm following all the standard patterns and it's working well. However I've just noticed that custom claims that use complex types are not being deserialized correctly.
I have a Custom Claim as follows: (Role was an enum but has changed it to a long to simplify things)
[DataContract(Name = "ClientRoleClaim", Namespace = "MyCompany.MyApplication.Security.Claims")]
public sealed class ClientRoleClaim : System.IdentityModel.Claims.Claim
{
public ClientRoleClaim(Guid clientId, Role role)
: base(MyAppClaimTypes.ClientRole, String.Empty, Rights.PossessProperty)
{
ClientId = clientId;
Role = (long)role;
}
[DataMember(Name = "ClientId")]
public Guid ClientId { get; set; }
[DataMember(Name = "Role")]
public long Role { get; set; }
}
FYI: MyAppClaimTypes.ClientRole is just a static class with const string properties on it.
In my custom ClaimsAuthenticationManager I create a list of claims and add my complex ClientRoleClaim and create my principal as follows:
// Create the claims
var claims = new List<Claim>
{
new Claim(ClaimTypes.GivenName, user.FirstName),
new Claim(ClaimTypes.Surname, user.LastName),
new Claim(ClaimTypes.Email, user.EmailAddress),
new ClientIdClaim(user.ClientEntityId),
new ClientRoleClaim(user.ClientEntityId, 1)
};
claimsIdentity = new ClaimsIdentity(claims, "Custom");
return new ClaimsPrincipal(claimsIdentity);
The token is then persisted as follows:
private void EstablishSession(ClaimsPrincipal newPrincipal)
{
var hours = Configuration.Configuration.GetSetting("SignIntPeriodInHours").ParseAs<int>().GetValueOrDefault(8);
var sessionToken = new SessionSecurityToken(newPrincipal, TimeSpan.FromHours(hours));
FederatedAuthentication.SessionAuthenticationModule.WriteSessionTokenToCookie(sessionToken);
}
Everything appears to work fine but when I subsequently try to access ClamsPrincipal.Current.Claims all the claims are present, including the custom claim of type MyAppClaimTypes.ClientRole, but it is of type System.Security.Claims.Claim and I have no way of accessing the ClientId and Role properties.
Any assistance would be greatly appreciated.
Thanks
Mat
Upvotes: 0
Views: 2736
Answers (2)
Reputation: 181
Create claim with custom claim type and structured resource type http://msdn.microsoft.com/en-us/library/ms734687(v=vs.110).aspx
Upvotes: 0
Reputation: 18482
This is not designed to work like this. Claims are tuples, nothing more.
Upvotes: 1
Related Questions
- How to set ClaimsPrincipal.Identity.Name from Claim with custom type in ASP.NET Core WebApi
- Implementing custom claim with extended MVC Core Identity user
- C# Newtonsoft Deserialize Custom Object with Claims?
- Unable to add and fetch custom claims values
- Adding custom claim not working in asp.net core identity
- Incorrect claim Type
- How to deserialize JSON inside a custom claim (from Auth0)?
- Complex Claim Values in .NET Framework with System.Security.Claims
- Custom Claim in MVC5 returns nothing
- Enforcing a ClaimType on ClaimsIdentity