claims-based-identity

I am completely new to the use of claims in ASP.NETIdentity and want to get an idea of best practices in the use of Roles and/or Claims . After all this reading, I still have questions like... Q: Do we no longer use Roles? Q: If so, why are Roles still offered? Q: Should we only use Claims? Q: Should we use Roles & Claims together? My initial thought is that we "should" use them together. I see Claims as sub-categories to the Roles they support. FOR EXAMPLE: Role: Accounting Claims : CanUpdateLedger, CanOnlyReadLedger, CanDeleteFromLedger Q: Are they intended to be mutually exclusive? Q: Or is

I have a new Claims Provider Trust successfully configured in ADFS 3.0 that allows us to use a separate SAML IdP and let ADFS 3.0 be the SP. We now see "You are signed in" when we go through our SAML IdP. So this part works fine (SSO into ADFS 3.0). However, attempting to access Office 365 apps now returns the following error by at https://login.microsoftonline.com/login.srf : AADSTS90019: No tenant-identifying information found in either the request or implied by any provided credentials. Any ideas? Do I need to add a Relying Party Trust to get Office 365 to also trust our SAML-based Claims

In Windows Identity Framework (WIF) you could implement a ClaimsAuthenticationManager in order to modify the claims on the principal or add new claims to it. The claims authentication manager provides an extensibility point in the application’s claims processing pipeline that you can use to validate, filter, modify, incoming claims or inject new claims into the set of claims presented by a ClaimsPrincipal before the RP application code is executed. Does ASP.net Identity 2 have any sort of pipeline hook like this? If I want to add some claims without having them persisted in the

I am interested to know the relation between Freshness Value,TokenLifetime and WebSSOLifetime parameters in ADFS 2.0 time out scenario. I have already did my bit of analysis on this and I am yet to get a clear picture. I have collected the below details w.r.t ADFS timeout through several sources. There are two major timeouts involved in the ADFS configuration: WebSSOLifetime – Server wide timeout parameter – Default value = 480 mins TokenLifetime – This is configured for each Relying party – Default value = 10 hours WebSSOLifetime: This is a server wide setting which applies to all the RP’s

I am trying to add profile/Membership information into my MVC5 application and adding configuration mappings. I get the following error message: my.Models.IdentityUserLogin: : EntityType 'IdentityUserLogin' has no key defined. Define the key for this EntityType. my.Models.IdentityUserRole: : EntityType 'IdentityUserRole' has no key defined. Define the key for this EntityType. IdentityUserLogins: EntityType: EntitySet 'IdentityUserLogins' is based on type 'IdentityUserLogin' that has no keys defined. IdentityUserRoles: EntityType: EntitySet 'IdentityUserRoles' is based on type 'IdentityUserRole

In MVC4 i used Roles.IsUserInRole to check if a given user is in some role. However, with MVC5 i can't do it anymore... At first, it asked me to enable RoleManager at the web.config but then i discovered that microsoft moved away from Web.Security to Microsoft.AspNet.Identity. My question now is, with Microsoft.AspNet.Identity how do i do an action similar to Roles.IsUserInRole? And/or create a relation between the Role and the User. By the way, i'm still trying to understand the new authentication methods (ClaimsIdentity?). You should read http://typecastexception.com/post/2014/04/20/ASPNET

Please I need assistance in implementing a custom way of assigning claims to authenticated users. On successful login, var result = await SignInManager.PasswordSignInAsync(model.Email, model.Password, model.RememberMe, shouldLockout: false); switch (result) { case SignInStatus.Success: //Get the user ApplicationUser user = UserManager.FindByEmail(model.Email); //Ends here ClaimsIdentity identity = await UserManager.CreateIdentityAsync(user, DefaultAuthenticationTypes.ApplicationCookie); AuthenticationManager.SignIn(new AuthenticationProperties() { IsPersistent = true }, identity); I use the