Using IdentityModel: Adding ASP.NET Support Part 2 (Claims Manager)

The last step for integrating claims into ASP.NET is to write a module that loads authorization policies, creates an AuthorizationContext and persists that on Context.User/Thread.CurrentPrincipal.

My module has this simple configuration section:

If addAuthenticationClaims is set to true, the policy that transforms authentication details to claims (see my last post) will be loaded before all the external policies. The roleClaimType attribute specifies the claim type that should be used for the IsInRole implementation of IdentityPrincipal. The authorizationPolicies collection specifies the claims transformation policies that should run.

The module itself subscribes to PostAuthenticateRequest, loads the policies and populates Context.User/Thread.CurrentPrincipal with the IdentityPrincipal (which in turn wraps the AuthorizationContext).

public class ClaimsManagerModule : IHttpModule
{
public void Dispose()
{ }

    public void Init(HttpApplication context)
    {
        context.PostAuthenticateRequest += OnPostAuthenticateRequest;
    }

    private void OnPostAuthenticateRequest(object sender, EventArgs e)
    {
        // this code makes only sense when the user is authenticated
        if (!(HttpContext.Current.Request.IsAuthenticated))
        {
            return;
        }

        // make sure the module is enabled
        if (!Configuration.Enabled)
        {
            return;
&
nbsp;      }

HttpApplication app = sender as HttpApplication;
HttpContext context = app.Context;

IList<IAuthorizationPolicy> policies = ClaimsManagerModule.Policies;

        if (policies.Count != 0)
        {
            AuthorizationContext authContext =
              CreateAuthorizationContext(policies);

IdentityPrincipal ip = new IdentityPrincipal(
context.User.Identity, authContext);

            context.User = Thread.CurrentPrincipal = ip;
        }
    }

    private static AuthorizationContext CreateAuthorizationContext(
      IList<IAuthorizationPolicy> policies)
    {
        AuthorizationContext authContext =
            AuthorizationContext.CreateDefaultAuthorizationContext(policies);

return authContext;
}

    public static IList<IAuthorizationPolicy> Policies
    {
        get
        {
            List<IAuthorizationPolicy> policies = new
              List<IAuthorizationPolicy>();

            if (Configuration.AddAuthenticationClaims)
            {
                policies.Add(new AspNetAuthenticationPolicy());
            }

            foreach (PolicyType policy in
              Configuration.AuthorizationPolicies)
            {
                policies.Add(CreatePolicy(policy.Type));
            }

            return policies;
        }
    }

    private static IAuthorizationPolicy CreatePolicy(string typename)
    {
        Type type = Type.GetType(typename, true);

        if (!typeof(IAuthoriz
ationPolicy).IsAssignableFrom(type))
        {
            throw new ConfigurationErrorsException(
              “Policy does not implement IAuthorizationPolicy”);
        }

return (IAuthorizationPolicy)Activator.CreateInstance(type);

}

    public static ClaimsManagerSection Configuration
    {
        get
        {
            return (ClaimsManagerSection)
              WebConfigurationManager.GetSection(“claimsManager”);
        }
    }
}

Don’t consider this as production ready code. There are things missing like error handling and caching. But this should get you started. With the next post I will show some usage scenarios and will also update the source download.

HTH

Using IdentityModel: Adding ASP.NET Support Part 2 (Claims Manager)

Leave a Reply Cancel reply

Recent Posts

Categories

Tweets

Feed

Archives

Using IdentityModel: Adding ASP.NET Support Part 2 (Claims Manager)

Share this:

Like this:

Related

Leave a Reply Cancel reply

Recent Posts

Categories

Tweets

Feed

Archives