Honestly, I’m still learning the ropes with Identity, myself. Admittedly, the Microsoft provided documentation could be better, but I’ve never found any of their documentation all that helpful. The best stuff always comes from the community, and unfortunately, Identity is still so new that the community has had time to really flesh it out yet. … Read more
I had the same error in the past but only when I created user with Entity Framework Migration Tool. When creating a user and signing withing the website, I had not error. My error was that I was not providing a SecurityStamp with migration. SecurityStamp = Guid.NewGuid().ToString() This property set, everything worked.
A claims identity can have multiple claims with the same ClaimType. That will make it possible to use the HasClaim method for checking if a specific user role is present. var identity = new ClaimsIdentity(new[] { new Claim(ClaimTypes.Name, name), new Claim(ClaimTypes.Email, email), new Claim(ClaimTypes.Role, “User”), new Claim(ClaimTypes.Role, “Admin”), new Claim(ClaimTypes.Role,”SuperAdmin”) }, “ApplicationCookie”);
The thing is, ClaimsPrincipal contains just a collection of identities and points to the currently used one but as far as I know, the principal usually never contains more than 1 identity and even if it would – the user is never logged in with 2 or more identities. This is a wrong assumption. In … Read more
You have a statement (if or while, for example), right before the code you posted, without curly braces. For example: if (somethingIsTrue) { var user= new ApplicationUser { UserName = model.myUser.Email, Email = model.myUser.Email , }; } is correct, but the code below: if (somethingIsTrue) var user = new ApplicationUser { UserName = model.myUser.Email, Email … Read more
The problem is because of a breaking change in .Net 4.5. As explained by this article, simply constructing a claims identity no longer makes it IsAuthenticated return true. Instead, you need to pass some string (doesn’t matter what) into the constructor. So this line in the above code: var claimsIdentity = new ClaimsIdentity( claims ); … Read more
Name, is just that a name. If we’re talking person, think “Eric”; a server “file01”. A NameIdentifier is the ID for an object. Turning back to our person object, Eric’s UserID might be 435 in your database. For the server the Identifier could be something like a FQDN or a SID. According to this post, … Read more
A role is a symbolic category that collects together users who share the same levels of security privileges. Role-based authorization requires first identifying the user, then ascertaining the roles to which the user is assigned, and finally comparing those roles to the roles that are authorized to access a resource. In contrast, a claim is … Read more
Try this: [Authorize] public ActionResult SomeAction() { var identity = (ClaimsIdentity)User.Identity; IEnumerable<Claim> claims = identity.Claims; … }