claims-based-identity

问题 A WIF-based WCF service needs to call method FederatedServiceCredentials.ConfigureServiceHost(), or put the equivalent element <federatedServiceHostConfiguration> in the web.config file, to work. This is a setting on the service level, in other words it applies for all endpoints. According to the method documentation, the ServiceHostBase instance is modified in several WIF-specific ways. For example, the authorization is replaced by a WIF-based authorization class. Now I'd like to have a

问题 I have a Web Application in MVC 6 (Asp.Net One Core), and I'm using Claims based authentication. In the Login method I set the Claims: var claims = new Claim[] { new Claim("Name", content.Name), new Claim("Email", content.Email), new Claim("RoleId", content.RoleId.ToString()), }; var ci = new ClaimsIdentity(claims, "password"); await HttpContext.Authentication.SignInAsync("Cookies", new ClaimsPrincipal(ci)); Now, if the user for example changes the email in the user profile, how can I change

问题 I have implemented SSO to my api ( web-api 2 ) and it's validating correctly the token. But now I have to add a claim based authorization attribute. In the access token I have: "MyClaim.Read.All": "true" And I would like to achieve something like: [ClaimAuthorizationAttribute("MyClaim.Read.All")] public sealed class MerchantProfileController : ApiController So that if the token doesn't contain this claim, I would give a 401 error. How to achieve this, so I can use this attribute to any

问题 I am using ASP NET Identity 2.0. I need to extend the identity model with an ApplicationOrganization class (many-to-many with ApplicationUser). So I created new class, ApplicationOrganization with; public virtual ICollection<ApplicationUser> Users { get; set; } public virtual ICollection<ApplicationOrganization> Organizations { get; set;} to ApplicationUser class to create a many-to-many relationship. I would like to add some combo (html select tag) with available organizations into _Layout

问题 Completely new to ADFS, WIF, claims.. I followed the code in the question: ASP.NET web forms - how to combine WIF authentification with membership provider and role provider and was able to use it to passively authenticate user logged in against AD FS. However, I'm at a lost as to how tp query AD FS for this user to retrieve some of its LDAP attributes as I've configured them through the Relying Party Trust's Claims Rules as I configured within the ADFS Server. Any ideas? Was hoping to use

问题 I'm trying to extend the claims I get back from AzureAd. I know there's more available, but I have no idea where to start. The documentation is all over the place. I basically have an ASP .Net Core 2.2 web application configured as follows: services.Configure<CookiePolicyOptions>(options => { // This lambda determines whether user consent for non-essential cookies is needed for a given request. options.CheckConsentNeeded = context => true; options.MinimumSameSitePolicy = SameSiteMode.None; })

问题 I have a Visual Studio solution with 3 websites. Each website is a sub-domain on the live server. The login website is using the new claim based Identity authentication with OAuth. So: Website A = Admin (admin.domain.com) Website B = Identity Portal for logins (login.domain.com) Website C = Normal visitor website (www.domain.com) This work very well on the live server by specifying the authentication cookie on website B to be for sub-domains, ".domain.com". My question is, if i run the

问题 I have a long-running application that uses FederatedAuthentication with Azure AD to manage claims-based identities. My application manifest is set to list all SecurityGroups for a user (so I can walk the list of groups they are members of). Within that application I have a user that is a member of a single top-level group. That group is not a member of any other. Previously, when the user logged in, there would be only a single http://schemas.microsoft.com/ws/2008/06/identity/claims/groups

问题 Using an OWIN AuthenticationHandler within an MVC site, I sign in a user as follows: var claims = new List<Claim> { new Claim(ClaimTypes.Role, UIRoles.PowerUser) }; var identity = session.ToClaimsIdentity(DefaultAuthenticationTypes.ApplicationCookie, claims); Context.Authentication.SignIn(identity); At some point at a later time, I check that the user is a PowerUser : User.Identity.HasRole(UIRoles.PowerUser) This works on my local IIS, but once I publish it on a remote IIS machine, it always

问题 I'm playing with Identity Server v4 (but I thinks is the same with v3) and .NET Core. Right now I've strange issue that I don't understand. From my MVC application I use the [Authorize(Roles="Geek")] to protect my controllers/actions. Looking the current User from the HttpContext all the Roles are available as Claims and not as Roles (in fact User.IsInRole("Geek") return false). Moreover I can't use the Claims with the authorize attribute because all role are stored into the claims collection