Using ASP.NET Profile as a Source for Claims in Thinktecture IdentityServer

If you are using the ASP.NET membership/roles/profile infrastructure in IdentityServer, we made it very easy in v2 to use the profile API to add per-user claims to outgoing tokens. Here’s how:

1 Enable Profile
Make sure the profile section is enabled in web.config:

<profile configSource=configuration\profile.config />

2 Set Profile Properties
In profile.config you specify the profile properties, e.g.:

  <add name="City" />
  <add name="HomePage" />
  <add name="TwitterName" />


The default provider repository will prefix the property names you specify with a namespace. This value is not configurable right now, but you can modify the ProviderClaimsRepository.cs file if you want to change that.

3 Set Profile Values for the User
You can then set the values for the properties from the admin UI. First go to the users section and select Profile for the user in question:


Then set the profile values:


4 Request a Token
The outgoing token for that user will now contain the profile values as claims. This is regardless which protocol you use to request a token:




This entry was posted in IdentityServer. Bookmark the permalink.

4 Responses to Using ASP.NET Profile as a Source for Claims in Thinktecture IdentityServer

  1. Cale Rath says:

    There is other data in membership that I would like to be provided as claims. For instance, application name. Is it possible, via configuration, to add additional claims from other tables in the membership DB schema?

  2. I have defined custom fields for profile. I have followed the same steps outlined above but the profile is not loading as claims. Any idea what could be the cause of this

Leave a Reply

Fill in your details below or click an icon to log in: Logo

You are commenting using your account. Log Out /  Change )

Facebook photo

You are commenting using your Facebook account. Log Out /  Change )

Connecting to %s