.NET 4.5 How to create this Custom Claim Type?

StackOverflow https://stackoverflow.com/questions/21755816

Pergunta

Background

Currently, a project I'm on is doing security in a not-so-great way. I'm trying to upgrade it to Claims-based security because I think it matches up better with the type of information we store. However, I'm new to it so trying to soak up a lot ASAP.

We need to store:

  • Standard info (name, e-mail, etc.)
    • There are good claimtypes for this already.
  • A list of client sites the user has access to
    • presumably a claim type called "ClientSite" with an ID) -- should be simple-ish
  • A list of roles that users have, per given client site.
    • Hmm....

That last one is tripping me up a bit. I think I need to create a custom Claim Type that has a client site ID and a role value.

Question

  • How do I create a custom claim type that would store an ID (representing a section of the site) and the role itself?
  • Once I've done that, how would I appropriately create that claim? Do I need a custom way to deal with Rights.PossessProperty, or am I overthinking it?

Thanks in advance for pointing me in the right direction. As I said, I'm soaking up Pluralsight courses, etc. but I'd also like to ship something. :)

Foi útil?

Solução

You are looking at the wrong Claim classes - the one in System.IdentityModel.Claim is deprecated.

The new one is System.Security.Claims.

This book gives you the introduction to the philosophy: http://msdn.microsoft.com/en-us/library/ff423674.aspx

Outras dicas

Let's assume that you will have your "users to sections" coming from a database. Identity.HasClaim will let you validate the user to section. As far as the custom claim, it's just a string that needs to look similar to the one in the example below.

 public class UsersSections
 {
    public int SectionId { get; set; }
    public int UserId { get; set; }
 }

 var userSectionsList = new List<UsersSections>
        {
            new UsersSections
            {
                SectionId = 1000,
                UserId = 200
            },
            new UsersSections
            {
                SectionId = 2000,
                UserId = 200
            }
        };

        var identity = new ClaimsIdentity();
        identity.AddClaim(new Claim(ClaimTypes.NameIdentifier,"I am a user with a userid of 200"));
        foreach (var usersSections in userSectionsList)
        {
            identity.AddClaim(new Claim("http://schemas.xmlsoap.org/ws/2005/05/identity/claims/section","1000"));
        }

        if (identity.HasClaim("http://schemas.xmlsoap.org/ws/2005/05/identity/claims/section", "1000"))
        {

        }
Licenciado em: CC-BY-SA com atribuição
Não afiliado a StackOverflow
scroll top