claims-based-identity

问题 I have the following challenge: My company needs to enable SSO for a customer that has its own ADFS instance & IP in place. (in the future I'm sure we will need to federate with other companies too) We also need to continue to support customers authenticating against our SQL database. Basically I think what I need to do is set this up as described here http://msdn.microsoft.com/en-us/library/hh446524.aspx, but I would like to do this all using thinktecture identity server and not use ADFS. To

问题 Scenario - .Net Core Intranet Application within Active Directory using SQL Server to manage application specific permissions and extended user identity. Success to date - User is authenticated and windows claims are available (Name and Groups). Identity.Name can be used to return a domain user model from the database with the extended properties. Issue and Question - I am trying to then populate one custom claim property "Id" and have that globally available via the ClaimsPrincipal. I have

问题 I was curious if it was possible to read query parameters when requesting an OAuth2 token through Azure? Essentially, when making a test call with a policy that I created, I would like to have an additional query parameters read from the call and the orchestration (user journey) steps should read these values and inject that value into a custom claim (for the JWT or ID token). I know from the follow links that it may* be possible with Azure B2C service? But I can't find any good concrete

问题 I have two applications "http:/localhost/applicationA" and "http:/localhost/applicationB" . I have configured applicationA for claim based authentication settings. applicationA is working perfectly. But I am refering some javascrips of applicationB from applicationA. But applicationB has no the authentication cookies( FedAuth ). Is it possible for me to add claim authentication in both applicationA, applicationB using the below code? <system.identityModel> <identityConfiguration>

问题 See this (stripped-down) SAML 2.0 response: <samlp:Response> <saml:Issuer xmlns:saml="urn:oasis:names:tc:SAML:2.0:assertion">lkasjdflkasj</saml:Issuer> <Signature xmlns="http://www.w3.org/2000/09/xmldsig#"> <!--<snip>--> </Signature> <samlp:Status xmlns:samlp="urn:oasis:names:tc:SAML:2.0:protocol"> <samlp:StatusCode Value="urn:oasis:names:tc:SAML:2.0:status:Success"/> </samlp:Status> <saml:Assertion> <saml:Issuer xmlns:saml="urn:oasis:names:tc:SAML:2.0:assertion">lkasjdflkasj</saml:Issuer>

问题 I have a method which is decorated with ClaimsPrincipalPermissionAttribute like this: [ClaimsPrincipalPermission(SecurityAction.Demand, Resource = "User", Operation = "accountId")] IList<Transaction> ViewTransaction(int accountId) { // some code } Is there anyway to pass the accoutId parameter of ViewTransaction to ClaimsPrincipalPermission Operation ? What I want is to use the accountId and then implement custom logic inside ClaimsAuthorizationManager. 回答1: Attributes expect constant values

问题 I'm using the Session Authentication Module to store the user claims in the authentication cookie. What is the recommended approach to update the user's claims whilst they are logged in? An example would be if they update their profile (First Name/Last Name) and we want to update the associated claims. I don't want to log the user out when this happens so DeleteSessionTokenCookie is not an option. 回答1: Set a new session cookie with SAM.WriteSessionTokenToCookie. 回答2: Leastprivilege's answer

问题 I'm usigin Asp.net Identity to authenticate user and I'm trying to lockout any user from admin side. But when I lockout any user who is online, It didn't logout. I have read many comments about my problem but all of them didn't work. I tried UserManager.UpdateSecurityStamp to logout user but it didn't work as well. How can I logout the user instantly when I lockout it ? public ActionResult LockUser(string userId) { _userManager.SetLockoutEnabled(userId, true); _userManager.SetLockoutEndDate

问题 I'm recieving the following error: {"A claim of type 'http://schemas.xmlsoap.org/ws/2005/05/identity/claims/nameidentifier' or 'http://schemas.microsoft.com/accesscontrolservice/2010/07/claims/identityprovider' was not present on the provided ClaimsIdentity. To enable anti-forgery token support with claims-based authentication, please verify that the configured claims provider is providing both of these claims on the ClaimsIdentity instances it generates. If the configured claims provider

问题 I have an HR web application built in ASP.Net MVC split into areas, for example Manager, Employee. These areas represent different types of users in the system who are able to to different tasks. There is a legacy database involved and information for each user type is stored in a different table. Also, The the type of information stored for each user type is different so it makes sense that the tables are separate. I am looking to implement claims based authentication for a couple reasons: