claims-based-identity

问题 I have a default ASP.NET Core website created within Visual Studio 2017. I have chosen to authenticate using an Azure Active Directory. I run the site and can successfully login using an account in the Active Directory. I can retrieve Claim information provided by Active Directory, e.g. by calling the following line I get the 'name'. User.Claims.FirstOrDefault(c => c.Type == "name")?.Value; I want to add a custom claim - CompanyId = 123456 for the logged in user. I'm able to add a custom

问题 I'm developing a web app with Asp.Net 5 MVC, Owin and Oauth2 bearer token as auth type. Following this guide that adds a custom complex claim Json serialized to an instance of Microsoft.IdentityModel.Claims.ClaimsIdentity with success, I've tried to replicate the same example using the ClaimsIdentity on the System.Security.Claims namespace. Unluckily, it seems that adding a complexClaim to the ClaimsIdentity instance, the derived class type information is lost, and the claim is stored as a

问题 I have implementation of a custom STS. After being authenticated and redirected but before the page was loaded I would receive this error: [CryptographicException: Digest verification failed for Reference '#_8e0aea1a-713d-4536-8fac-a768073395e9'.] The reference number would change every time I tried. 回答1: I eventually found out that the claims, I had loaded from the database, had carriage return line feeds. Once I replaced those I had no more issues. 来源： https://stackoverflow.com/questions

问题 I have implementation of a custom STS. After being authenticated and redirected but before the page was loaded I would receive this error: [CryptographicException: Digest verification failed for Reference '#_8e0aea1a-713d-4536-8fac-a768073395e9'.] The reference number would change every time I tried. 回答1: I eventually found out that the claims, I had loaded from the database, had carriage return line feeds. Once I replaced those I had no more issues. 来源： https://stackoverflow.com/questions

问题 I understand that I can use claims to make statements about a user: var claims = new List<Claim>(); claims.Add(new Claim(ClaimTypes.Name, "Peter")); claims.Add(new Claim(ClaimTypes.Email, "peter@domain.com")); But how should I store "role-based" claims? For example: The user is a super administrator. claims.Add(new Claim("IsSuperAdmin, "true")); The value parameter "true" feels completely redundant. How else can this statement be expressed using claims? 回答1: This is already done for you by

问题 What is the difference between Claims based authentication vs What is provided by OAuth. I am looking for conceptual difference and not technical difference. When do I choose Claims over OAuth and vice versa. Claims based authentication is proposed by Microsoft and build on top of WS-Security. But OAuth is more a open source protocol that is being proposed to allow fetching resources from different portals based on a security token. Claims also has this concept of token (SAML encoded or X509

问题 I have installed WSO2 IS 5.2.0 and I have problem to retrieve custom created claims. I've added new claims to dialect http://wso2.org/claims and I also added new claims that map the same attribute to dialect http://wso2.org/oidc/claim that worked with version 5.1.0 but in version 5.2.0 not working. All fields are present in database attribute table. I am using Oauth2 OpenID connect userInfo for fetching user data. Here is claims configuration for my Service Provider: With this configuration

问题 I have installed WSO2 IS 5.2.0 and I have problem to retrieve custom created claims. I've added new claims to dialect http://wso2.org/claims and I also added new claims that map the same attribute to dialect http://wso2.org/oidc/claim that worked with version 5.1.0 but in version 5.2.0 not working. All fields are present in database attribute table. I am using Oauth2 OpenID connect userInfo for fetching user data. Here is claims configuration for my Service Provider: With this configuration

问题 For the past few days I've been reading about the windows identity foundation and how it's so good and flexible and built right into .net 4.5. Despite going over dozens of apis, blog posts, how-to's etc. I can't for the life of me get a simple implementation working. I'm using windows authentication only and I can get the principal and view the claims that come with it (which is where every example seems to end). However I want to then transform them into useful claims and cache the results

问题 I have an application that authenticates against ADFS 2 via WS-Federation. I look for a specific claim when I get the response back from ADFS and based on that claim, I am able to authorize the user into my application. I want to create an enhancement in which when a user authenticates against ADFS and comes back to my application WITHOUT the claim I require, that I redirect them back to the Identity Provider (ADFS), but this time FORCING them to provide their credentials again. I wrote my