Complex Claim Values in .NET Framework with System.Security.Claims

Question

I\'m developing a web app with Asp.Net 5 MVC, Owin and Oauth2 bearer token as auth type.

Following this guide that adds a custom complex claim Json serialized to an inst

Answer 1

This is not supported nor recommended - claims are key / value pairs - keep them as simple as possible.

There are a number of supporting classes in .NET that can't handle what you are trying to achieve (the SAM, CookieMiddleware etc)..

see also here http://leastprivilege.com/2012/10/08/custom-claims-principals-in-net-4-5/

Answer 2

The cast in GetPassport tries to convert from base type Claim to derived type ComplexClaim<UKPassport> which will result in null. You need to write a cast operator to convert from Claim to UKPassport

public static explicit operator UKPassport(Claim c)
{
     return (c == null ? null:JsonConvert.DeserializeObject<UKPassport> (c.Value));
}       

and GetPassport will be

private static UKPassport GetPassport(this ClaimsIdentity identity, string passportType)
{
   return (UKPassport)identity.Claims.FirstOrDefault<Claim>(c => c.Type == @"http://it.test/currentpassport");
}