Well beside the answers, I just found the answer which is totally predefined in asp .net core. When you are adding claims just : var claims = new List<Claim> { new Claim(ClaimTypes.Name, UserName), new Claim(ClaimTypes.Role, “User”), new Claim(ClaimTypes.Role, “Admin”), new Claim(ClaimTypes.Role, Watever) }; after that you can just use it as said: [Authorize(Roles = “Watever”)] … Read more
UserManager.GetUserAsync internally uses UserManager.GetUserId to retrieve the user id of the user which is then used to query the object from the user store (i.e. your database). GetUserId basically looks like this: public string GetUserId(ClaimsPrincipal principal) { return principal.FindFirstValue(Options.ClaimsIdentity.UserIdClaimType); } So this returns the claim value of Options.ClaimsIdentity.UserIdClaimType. Options is the IdentityOptions object that you … Read more
OWIN cookie authentication middleware doesn’t support session caching like feature yet. #2 is not an options. #3 is the right way to go. As Prabu suggested, you should do following in your code: OnResponseSignIn: Save context.Identity in cache with a unique key(GUID) Create a new ClaimsIdentity embedded with the unique key Replace context.Identity with the … Read more
+——————+——————+ | Table | Description | +——————+——————+ | AspNetUsers | The users. | | AspNetRoles | The roles. | | AspNetUserRoles | Roles of users. | | AspNetUserClaims | Claims by users. | | AspNetRoleClaims | Claims by roles. | +——————+——————+ A role is something assigned to a user. Eg. Jane is an admin. A … Read more
Speaking from personal experience, it is easier to inter-op with claim stores when the ValueType is always type “String”. Although it may seem counter intuitive when you know you are dealing with a complex type, it is at least simple to understand. The way I have approached this need for an array is to have … Read more
Just hit AD with the username and password instead of authenticating against your DB // POST: /Account/Login [HttpPost] [AllowAnonymous] [ValidateAntiForgeryToken] public async Task<ActionResult> Login(LoginViewModel model, string returnUrl) { if (ModelState.IsValid) { var user = await UserManager.FindByNameAsync(model.UserName); if (user != null && AuthenticateAD(model.UserName, model.Password)) { await SignInAsync(user, model.RememberMe); return RedirectToLocal(returnUrl); } else { ModelState.AddModelError(“”, “Invalid username … Read more
Perhaps the following link can help: var claims = new List<Claim>(); claims.Add(new Claim(ClaimTypes.Name, “Brock”)); claims.Add(new Claim(ClaimTypes.Email, “[email protected]”)); var id = new ClaimsIdentity(claims,DefaultAuthenticationTypes.ApplicationCookie); var ctx = Request.GetOwinContext(); var authenticationManager = ctx.Authentication; authenticationManager.SignIn(id);
I spent several months working on trying to solve this problem and after spending a long time working with Microsoft SharePoint and WIF engineers came to the conclusion that this is not possible. It appears that the issue is basically what Kirk alludes to. When creating an impersonated session using Claims (e.g. creating an SPClaim … Read more
You should use identity to add or remove a claim. Try this to add a claim. var user = User as ClaimsPrincipal; var identity = user.Identity as ClaimsIdentity; identity.AddClaim(new Claim(ClaimTypes.Role, “somenewrole”)); To remove a claim, var user = User as ClaimsPrincipal; var identity = user.Identity as ClaimsIdentity; var claim = (from c in user.Claims where … Read more
The simplest approach is to have 2 different presentation Projects only for Authentication/Authorization. This has the advantage of leaning on existing framework and standard configuration. From there, you decide to either create an AD user for every internet user, or create a DB/Internet user for every AD user. Creating an Identity user for each AD … Read more