claims-based-identity

How can I create a custom authorize claim in MVC Core 2.0 (using AspNetCore.identity) to verify a custom user boolean property? I have extended the IdentityUser (ApplicationUser) to include a boolean value "IsDeveloper". I am using claims based authentication and would like to add a custom claim, but am not certain where to start. How can I create a custom claim that will: Find the current (customized) Core.Identity user. Evaluate the a custom identity user bool value? I understand the core identity claims MSDN: Claims Based Authentication , but am new to custom claims, so I am not sure where

We have successfully configured windows identity foundation (WIF) in our ASP.NET 4.5 MVC 4 project with the help of the Identity and Access... extension for Visual Studio 2012. But are unable to exclude a specific path from authorization to allow anonymous access. When we access our default route (i.e. /Home ), the passive redirection will redirect us to the configured issuer Uri. This is currect. But now assume we want to exclude Path /Guest from STS Authentication so that everybody can access http://ourhost/Guest without beeing routed to the STS issuer. Only static documents are located

Now this is odd. After completing some research on claims based solutions in .NET, found that different authors refer to different classes in .NET namespace when actually speaking on the same matter. Claim class (not to mention other Identity, Principal, Manager, Helper classes around) is defined in 3 different namespaces. It is clear that WIF is separate add-on for .NET 3.5 and 4.0 and that it is rewritten and made part of core in 4.5. However it could really help to have clear directions on what class to use for new projects (so that port to 4.5 after could be easier). Does anybody else have

I have my configuration in web.config and it works fine. <configuration> <system.identityModel.services> <federationConfiguration> .... </federationConfiguration> </system.identityModel.services> </configuration> How do I move this out of web.config to a custom config file and load it from code? I want to use the same structure of this configuration so that I do not have to change anything in code if I have to change this configuration file. You can tap into the WIF event from your global.asax void Application_Start(object sender, EventArgs e) { // Code that runs on application startup

I'm trying to create an Apache CXF (2.7.5) client for the Microsoft Dynamics CRM 2011 ("xRM") web services (which I understood to be based on WCF 4) where CRM is in claims mode, so that the WSDL for this web service points to an STS (in my case AD FS 2.0). My main question: Are there any tutorial, suggestions, blog posts to help me out (either describing how to send claims, or how to avoid them and instead use Windows authentication)? Below is a description of what I've done until now. I already had working code for the same web service, which works when CRM is in Windows authentication mode .

Would using Thread.CurrentPrincipal's claims in a referenced library that uses ConfigureAwait(false) pose any problems or will the flowing of ExecutionContext's logical call context take care of me there? (my reading and testing so far indicates that it will). Example WebAPI Controller Action: [CustomAuthorizeThatSetsCurrentUsersClaimsToThreadCurrentContextAndHttpContextCurrentUser] public async Task<Order> Get(int orderId) { return await _orderBusinessLogicLibrary.LoadAsync(orderId); // defaults to .ConfigureAwait(true) } Example load functions from external, referenced library:

It appears to me that I cannot add a custom claim (that is user-specific) to the response of my first call to Identity Server. Can someone confirm that assumption? Here is what we are doing in our app: Using ResourceOwner Flow, our web app (server side) calls Identity Server sending the user's logonID and password and scopes. We get back a JWT which contains the standard claims like sub, idp, client_id; but we would like to add one more. To simplify, let's say that one additional claim is the emailAddress of the user. It appears that we must make another call to the Identity Server and get a

This is a problem i am trying to solve for a month now. (tried any possible article/code out there). In ExternalLoginCallback action, AuthenticationManager.GetExternalLoginInfoAsync() returns a valid object (with all the provider details) but email is null for certain Facebook users . For the large majority of Facebook login email is presetnt. But for about 30% of logins I get an exception down the process because the email is null. Luckily sometime ago I've created a Facebook user which reproduce the problem . I've created a sterile test environment in localhost and indeed email comes null