FAQ Database Discussion Community


How to UseCookieAuthentication OR ClaimsIdentity between ASP.NET Identity Owin site and ASP.NET WebAPI

asp.net,asp.net-web-api,asp.net-identity,claims-based-identity
I have an ASP.NET web application that is using ASP.NET Identity for login with UseCookieAuthentication in the Startup. The login site is working fine. I also have an ASP.NET WebAPI site that I use to gather data. I would like to secure the WebAPI with the same cookie that was...

OAuth: ASP.NET Web API User.Identity doesn't load claims set by authentication token provider

authentication,asp.net-web-api,oauth,castle-windsor,claims-based-identity
I am using OAuth bearer authentication, configured like this in Startup.cs: OAuthBearerAuthenticationOptions oAuthBearerOptions = new OAuthBearerAuthenticationOptions { AccessTokenProvider = new AccessTokenProvider(), AuthenticationMode = AuthenticationMode.Active }; app.UseOAuthBearerAuthentication(oAuthBearerOptions); ... where AccessTokenProvider is implemented as: public class AccessTokenProvider : AuthenticationTokenProvider { public override async Task ReceiveAsync(AuthenticationTokenReceiveContext context) { // Internal logic to get...

ASP.NET Identity and Claim-based

c#,asp.net-mvc,asp.net-identity,claims-based-identity,claims
How to use claims? For example, I want to set access to each page (resource) for each user. I understand, I can do it using roles, but as I understand, claim-based is more effectively. But when I try to create a claim, I see the following method: userIdentity.AddClaim(new Claim(ClaimTypes.Role, "test...

Users in Multiple Organizations with Different Roles

asp.net-mvc,security,claims-based-identity,asp.net-authorization
I'm fairly new to setting up security for websites and am having trouble finding the correct architecture/design/pattern/best practice for the type of authentication/authorization I am needing in a .NET MVC environment. I don't even know what to call it in order to do more research. Below is an example of...

How to use Windows Active Directory Authentication and Identity Based Claims?

authentication,asp.net-identity,claims-based-identity,asp.net-5,visual-studio-2015
Problem We want to use Windows Active Directory to authenticate a user into the application. However, we do not want to use Active Directory groups to manage authorization of controllers/views. As far as I know, there is not an easy way to marry AD and identity based claims. Goals Authenticate...

using Thinktecture.IdentityServer3 as a Federation Provider with transforming of claims

claims-based-identity,federated-identity,thinktecture-ident-server
Hello I have been trying to work out how I could configure IdentityServer3 to become a multi-tenant federation provider that can transform and enrich claims coming back from say ADSF, Google+, Microsoft Account. Does anyone have any example code of somebody trying to do the following? MyWebApp(multi-tenant) <-- IdSrv3 <----...

quickest way to implement .net authentication in Web Forms with Entity Framework 6

webforms,asp.net-membership,entity-framework-6,claims-based-identity
I have been checking resources to implement authentication in my web forms application built with entity framework. All examples I found are MVC-related. I have used regular Asp.Net Membership framework a long time before I began to use EF. However, I could not find Membership implementation with Entity Framework code-first....

Add custom claims to ASP.NET MVC with organizational account (multiple tenants)

asp.net-mvc,azure,claims-based-identity,azure-active-directory
Is there a way to add custom claim to my ClaimsPrincipal once the user is authenticated? When using ASP.NET identity for individual accounts, one could add custom claims to the ClaimsPrincipal when the principal was created but I can not find the way to do this when using the Organizational...

Share Authentication between MVC applications through WIF

c#,asp.net,asp.net-mvc,wif,claims-based-identity
I have two website i.e. A and B, where A and B both have their user store separately. If user is authenticated user of A, it should be able to access all authorized pages of B and visa versa. Can someone help me how i can do this using Windows...

ASP.NET Identity “Role-based” Claims

asp.net-identity,asp.net-web-api2,claims-based-identity,asp.net-identity-2,asp.net-authentication
I understand that I can use claims to make statements about a user: var claims = new List<Claim>(); claims.Add(new Claim(ClaimTypes.Name, "Peter")); claims.Add(new Claim(ClaimTypes.Email, "[email protected]")); But how should I store "role-based" claims? For example: The user is a super administrator. claims.Add(new Claim("IsSuperAdmin, "true")); The value parameter "true" feels completely redundant. How...

Creating ready-made users with claims with ASP.NET

c#,asp.net,asp.net-mvc,claims-based-identity
The application I'm working on is an MVC 5 web application, using ASP.NET Identity. We're trying to allow certain users to create other users (i.e. pre-register them). On creation, we'd like to pass in some meta-data, that we want stored as claims against that user such as email address, age...

Is System.IdentityModel.Policy.IAuthorizationPolicy obsolete?

c#,wcf,wif,claims-based-identity,claims
According to this msdn article, the interface IAuthorizationPolicy is the way to go to inject custom authorization logic / custom claims when using wcf. https://msdn.microsoft.com/en-us/library/ms729851(v=vs.110).aspx However it seems like some of the used classes in this interface are "almost obsolete" according to http://msdn.microsoft.com/en-us/library/system.identitymodel.claims%28v=vs.110%29.aspx The System.IdentityModel.Claims namespace contains classes that implement...

Retrieve information from Bearer Token

asp.net-web-api,claims-based-identity,claims,bearer-token
I have an MVC website that is calling a WebAPI in another project. The WebAPI uses OWIN and implements OAuth security. I will be using a Bearer Token to communicate between the MVC and WebAPI applications. My website requires the user to be in AD, which I am checking in...

Authorization Model: Context of Role?

security,authorization,claims-based-identity,abac,role-based-access-control
I am currently attempting to design an Authorization Model that has the following components: Privileges - an action that can either be granted or denied to a user/group Roles - a collection of privileges; roles can be associated with a user or group Security Objects - the entity to which...

Read authentication info (Principal) by developing a .Net Web Service

c#,asp.net,.net,asmx,claims-based-identity
I am dealing with a Claim-based application, with the aim to display users info after their authentication through SSO. For a given authenticated user, I realized a .Net Web Page wherein I show all claims starting from the provided Principal (Page.User), as follows: public partial class ClaimsPage : System.Web.UI.Page {...

MVC 5 OWIN login with claims and AntiforgeryToken. Do I miss a ClaimsIdentity provider?

asp.net-mvc,asp.net-mvc-4,razor,asp.net-mvc-5,claims-based-identity
I'm trying to learn Claims for MVC 5 OWIN login. I try'ed to keep it as simple as possible. I started with the MVC template and inserted my claims code (see below). I get an error when I use the @Html.AntiForgeryToken() helper in the View. Error: A claim of type...

Is it possible to access the properties of ApplicationUser in MVC without query?

c#,asp.net,asp.net-mvc,claims-based-identity,claims
I'm creating an ASP.NET MVC 5 app, and I'm using the default individual authentication, which in turn uses ASP.NET Identity. I extended the default ApplicationUser class by adding the following properties: public class ApplicationUser : IdentityUser { public string FirstName { get; set; } public string LastName { get; set;...

Security Trimming MVC Sitemap Provider Nodes With AuthAttribute Based on Route Values

asp.net-mvc,security,claims-based-identity,mvcsitemapprovider
We have a fully working sitemap with many hundreds of nodes configured with sitemap attributes on the actions. These nodes are are security trimmed working perfectly based on claims. All working great and fast. We now have a requirement that certain pages are inaccessible based on a route value. Basically...

Skip “login.windows.net” and redirect to federated ADFS

single-page-application,claims-based-identity,azure-active-directory,adal,office365-apps
Any suggestion on how to skip the selection of login url (home realm?)

Thinktecture Identity Server v3 How to keep Claims from external providers?

c#,claims-based-identity,thinktecture-ident-server
I'm trying to follow the simple guide mvcGettingStarted. Now, I've implemented both GoogleAuthentication and FacebookAuthentication providers, and everything is working as expected, I actually can log-in, and if I sign in with my identity server I also got the Role claims per user. I was wondering, what if I want...

Why isn't my Azure Website accepting OAuth tokens?

azure,oauth,claims-based-identity,azure-active-directory
I want my application to accept OAuth tokens when hosted using Azure Websites. I have the following: web.config of web app <appSettings> <add key="ida:Realm" value="https://example.com/development" /> <add key="ida:AudienceUri" value="https://example.com/development" /> <add key="ida:Tenant" value="example.com" /> </appSettings> Startup.cs of web app using System; using System.Collections.Generic; using System.Linq; using System.Web; using Microsoft.AspNet.SignalR; using...

WIF config: issuerNameRegistry vs. certificateValidation

.net,single-sign-on,wif,saml-2.0,claims-based-identity
In the Windows Identity Foundation (WIF) 4.5 config, what is the relationship between issuerNameRegistry and certificateValidation? What portion of a SAML 2.0 assertion is validated by each? For example: the code & config below will verify that the issuer cert has the given thumbprint. But I assume a certificateValidationMode other...

Temporarily Changing Identity with WebApi 2

c#,asp.net-identity,owin,claims-based-identity
I have a WebApi controller that initially authenticates as a specific WebApi user. Subsequent accesses to the web api will pass a user that operations should be performed as, without having to actually authenticate as that user. I have some services/managers that perform functions as those proper users as part...

Why isn't a claim updated immediately in ASP.NET MVC?

asp.net-mvc,claims-based-identity,asp.net-identity-2
I'm using ASP.NET MVC 5, and ASP.NET Identity. I have extended the default ApplicationUser class like this: public class ApplicationUser : IdentityUser { public string Fullname { get; set; } public byte[] ImageData { get; set; } public string ImageMimeType { get; set; } public async Task<ClaimsIdentity> GenerateUserIdentityAsync(UserManager<ApplicationUser> manager) {...

Thinktecture claims authorization workflow. How does it work?

c#,.net,asp.net-mvc,claims-based-identity,thinktecture-ident-model
I have installed the Thinktecture.IdentityModel.Core package. Suppose I've registered my custom implementation of AuthorizationManager in web.config file. public class AuthorizationManager : ClaimsAuthorizationManager { public override Boolean CheckAccess(AuthorizationContext context) { // authorization implementation } } There are a permissions defined in the application db for user roles. So that User might...

How to create a custom asp.net identity provider with SQL Server? [closed]

c#,asp.net,azure,asp.net-identity,claims-based-identity
The scenario I have is the following, I am going to create a software as a service application hosted in azure, where all users will be able to login with a username and password, the SQL identity provider seems a good option but I need something custom. The software would...

Can WIF Saml2SecurityTokenHandler validate top-level signature?

.net,single-sign-on,wif,saml-2.0,claims-based-identity
See this (stripped-down) SAML 2.0 response: <samlp:Response> <saml:Issuer xmlns:saml="urn:oasis:names:tc:SAML:2.0:assertion">lkasjdflkasj</saml:Issuer> <Signature xmlns="http://www.w3.org/2000/09/xmldsig#"> <!--<snip>--> </Signature> <samlp:Status xmlns:samlp="urn:oasis:names:tc:SAML:2.0:protocol"> <samlp:StatusCode Value="urn:oasis:names:tc:SAML:2.0:status:Success"/> </samlp:Status> <saml:Assertion> <saml:Issuer...

Is there a fundamental difference between claims authorization and roles authorization?

asp.net-mvc,vb.net,asp.net-identity,claims-based-identity
VS2013, MVC5 I may get some terminology wrong because I'm new to this topic. What I've read has led me to conclude that claims can be used for authentication and authorization which are 2 very different concepts. Assuming this thinking is correct, my question relates to claims as they might...

MVC5 Claims Based Authentication - Suitable claim items

asp.net-mvc,security,authentication,claims-based-identity
I am just getting started with claims based security on an existing web application. I have a number of items that fit well into claims on the identity such as email and first and last names but there are other security related items that im not sure should go there....

How to use Kentor AuthService to get additional assertion attributes

c#,saml-2.0,claims-based-identity,kentor-authservices
I'm using Kentor HttpModule in WebForms based application. I need to get additional information asserted with loggin. I'm not sure, but I think that Kentor parse only attributeID="userId", and I need to get few more attributes. Do I need to fork and modify Kentor in order to have these values...