To test the scenarios I described here, I use a simple service that echoes the user’s claims back to the client.
I use the new ClaimsPrincipal.Current which is the preferred way to access to the client’s identity. This gives you the (by default) the claims principal on Thread.CurrentPrincipal.
From there I access the claims from the Claims property on ClaimsPrincipal – this gives you one claims collection over all contained identities (typically only one – but an abstracted programming model).
[ServiceBehavior(Name = “ClaimsService”, Namespace = “urn:tt”)]
public class ClaimsService : IClaimsService
{
public Identity GetIdentity()
{
Console.WriteLine(
OperationContext.Current.RequestContext.RequestMessage.ToString());
var principal = ClaimsPrincipal.Current;
var id = new Identity
{
PrincipalType = principal.GetType().FullName,
IdentityType = principal.Identity.GetType().FullName,
Claims = new List<ClaimDto>(
from claim in principal.Claims
select new ClaimDto
{
Type = claim.Type,
Value = claim.Value,
Issuer = claim.Issuer,
OriginalIssuer = claim.OriginalIssuer,
})
};
return id;
}
}
leastprivilege.com 
Pingback: WCF and Identity in .NET 4.5: Windows Authentication | www.leastprivilege.com
Pingback: WCF and Identity in .NET 4.5: UserName/Password Authentication | www.leastprivilege.com
Pingback: WCF and Identity in .NET 4.5: Client Certificate Authentication | www.leastprivilege.com
A little note:
Authentication done from Azure, of the following 3 lines:
var principal = ClaimsPrincipal.Current;
var claims1 = ((ClaimsIdentity)principal.Identity).Claims.ToList();
var claims = principal.Claims.Select(c => new Claim(c.Type, c.Value)).ToList();
the last one will throw an exception: +
$exception {“Value cannot be null.\r\nParameter name: username”} System.Exception {System.ArgumentNullException}
What do you want to tell me?
Hi Dominick, I have a doubt…
In my domain, an user can belong to more than one role. When the claims transformation logic takes place, I’d like to have all those user roles in the resulting claims, but due to the fact that the Claim class constructor takes two strings as arguments, I’ve not been able to deal with a list of roles instead of just one, so something like new Claim(ClaimTypes.Role, currentUser.Role) doesn’t fit my needs, I’d need something like new Claim(ClaimTypes.Role, currentUser.Roles.ToList()), but obviously I can’t do that.
Is there any way or workaround to accomplish that??
Thanks,
Eric.
You create one claim per role.
Great!! Thanks…
One last thing. I’m developing this project using the DDD approach. How do I take advantage of the ClaimsPrincipalPermission attribute in the generic repository if the type is generic and during compilation time I don’t have access to it (the Resource)???
Sorry that’s too complicated for me ;) I don’t know. When you figure it out, tell me.
Pingback: WCF and Identity in .NET 4.5: External Authentication with WS-Trust | www.leastprivilege.com