claims-based-identity

I am trying to create an MVC5 Web Application configured to use the On-Premises Organizational Authenticated Option (ADFS) as described Here by Vittorio Bertocci First, I create new MVC project. Then I change the Authentication to On-Premises. Set the On-Premises Authority to my ADFS federation metadata Endpoint. I checked to make sure the federation metadata xml could be reached and it was. I leave the App ID URI field blank accepting the default value. I ve done both, provided a value and left blank. I then configured my relying party app manually. Setting the relying party WS-Federation

I created STS that does the authentication part. It uses Custom Membership provider. After successful login I get redirected to my RP website. All works fine in terms of authentication. I have defined a CustomRolesProvider defined in web.config of my RP website. It uses the username returned by STS to fetch the roles for that user from RP's database. When I use Roles.GetRolesForUser I do get the right roles. I have the following in the web.config of my RP to allow only admin to give access to admin folder. And the sitemap provider has securityTrimmingEnabled="true" <location path="admin">

I am faced with a project that uses custom authentication via a WCF service that returns a set of claims based on some data identifying a user, close to user name and password. Then on top of this, I have a custom STS, derived from Microsoft.IdentityModel.SecurityTokenService , that resides in an ASP.NET web site project. This project looks like it was created with the VS2010 template, and not carefully had-crafted. My gut feeling, and lots of on-line advice tell me that this web site STS project is very far from production ready. I am now looking for an MVC based STS that I can use in

I'm trying to decide if the custom Authorization attribute I wrote is really a good idea. Scenario Say we have a collection of stores, each Store has an owner. Only the owner of the store can do CRUD operations on the store. EXCEPT for users with a Claim that basically overrides the ownership requirement and says they can do CRUD operations on ANY store. Sidenote: I'm using Thinktecture and ADFS So I made a StoreOwnerAuthorize attribute who's parameters ("Manage", "Stores") are used to check if the user has the appropriate claim to "override" not being an owner but still able to pass the

Is there a way to get Asp.Net Identity to be case insensitive with email addresses and usernames? At the moment if I call "FindByEmailAsync(email)" it will only work if the email address is being stored exactly as it's is typed (case sensitive) You can change how the user is registered so that the username is set to lowercase and when logging in as well. For registering the user, in the AccountController [HttpPost] [AllowAnonymous] [ValidateAntiForgeryToken] public async Task<ActionResult> Register(RegisterViewModel model) { if (ModelState.IsValid) { var user = new ApplicationUser() { UserName

In System.IdentityModel.Claims there are three entries: UPN, Name and NameIdentifier " http://schemas.xmlsoap.org/ws/2005/05/identity/claims/name " " http://schemas.xmlsoap.org/ws/2005/05/identity/claims/upn " " http://schemas.xmlsoap.org/ws/2005/05/identity/claims/nameidentifier " While debugging after authentication with AzureAD, OpenIdConnect and Office365. I see that name and upn are always the same, something that looks like the 'email' of a given user: e.g. johndoe@contoso.com or johdoe@contoso.onmicrosoft.com while the nameidentifier is a non human readable identifier. Then, I do have a