claims-based-identity

问题 I have a question regarding the SCP claim after using Azure to register an API that I've developed. I've followed various tutorials and sample applications. Everything validates correctly and I'm able to call a API Method from a trusted subsystem using primarily this tutorial: https://github.com/AzureADSamples/WebApp-WebAPI-OAuth2-AppIdentity-DotNet The problem that I'm having is when I try to validate the SCP claim: Claim scopeClaim = ClaimsPrincipal.Current.FindFirst("http://schemas

问题 Now this is odd. After completing some research on claims based solutions in .NET, found that different authors refer to different classes in .NET namespace when actually speaking on the same matter. Claim class (not to mention other Identity, Principal, Manager, Helper classes around) is defined in 3 different namespaces. It is clear that WIF is separate add-on for .NET 3.5 and 4.0 and that it is rewritten and made part of core in 4.5. However it could really help to have clear directions on

问题 Now this is odd. After completing some research on claims based solutions in .NET, found that different authors refer to different classes in .NET namespace when actually speaking on the same matter. Claim class (not to mention other Identity, Principal, Manager, Helper classes around) is defined in 3 different namespaces. It is clear that WIF is separate add-on for .NET 3.5 and 4.0 and that it is rewritten and made part of core in 4.5. However it could really help to have clear directions on

问题 I have been trying to get the following scenario to work for around a week now with no luck. I have 2 applications, a .NET 4.5 application that is claims enabled, which is working perfectly well (works with other .NET 4 and up applications); and a legacy Intranet system built using WebForms .NET 3.5. The legacy application CANNOT be upgraded to a later version of .NET (would be so much easier). What I want to happen is that when I login on the .NET 4.5 application, I need to be authenticated

问题 I am using the IdentityServer4 sample that uses Asp.Net Identity and EntityFramework. I am trying to create group controls using custom policies based on claims/roles. My problem is that when I try and get the users claims in the authorization handler the claims I am looking for are not returned. Looking at the database in SSMS I find the claims/roles I created are in tables called "AspNetRoles", "AspNetRoleClaims", "AspNetUserClaims" along with the user I created being in "AspNetUsers" and

问题 Using Windows Identity Foundation (WIF) in tandem with a Security Token Service (STS), is it possible to create complex claims that could satisfy a question such as: For a user with a claim to a role "Support", that user: Can only view and use resource1 CAN NOT update, create, or delete resource2 CAN NOT create, or delete resource3 Can only use and update resources with a "resource" tag. It's a necessarily contrived example but is this possible? I'm thinking I want to authorize the

问题 I have a ASP MVC 5 site using the new identity framework with 3rd party authentication using entity framework as it comes out of the box. I have a logged in user and they have 3 claims (the standard name nameidentifier and authentication provider that seem to be provided by the default ClaimsIdentityFactory). When a user performs some operation I then add a claim for them using this: userManager.AddClaim(userId, new Claim(claimType,claimValue)); If I look in the db in the AspNetUserClaims

问题 I have an Azure Function 2.x (Asp.net Core) and am authenticating with Azure AD. I'm trying to access the logged-in user's Claims after authentication. Previously using Azure Functions 1.x we would get the Claims using ClaimsPrincipal.Current , as seen in the code below: using System.Net; using System.Collections.Generic; using System.Security.Claims; using Microsoft.IdentityModel.Clients.ActiveDirectory; public static HttpResponseMessage Run(HttpRequestMessage req, out object document,

问题 I'm working with Azure ACS and incorporating it into an SSO strategy for my .NET 4.0 website. I see on the Rule Groups page that a bunch of different claims can be stored and passed back to the RP (e.g. country, streetaddress, phone, etc.). It looks like you can also return back any claim type you want to create. This got me thinking about many questions relating to storing information for users: Does it make sense to store user information (other than the nameidentifier) in ACS vs local

问题 I have a default ASP.NET Core website created within Visual Studio 2017. I have chosen to authenticate using an Azure Active Directory. I run the site and can successfully login using an account in the Active Directory. I can retrieve Claim information provided by Active Directory, e.g. by calling the following line I get the 'name'. User.Claims.FirstOrDefault(c => c.Type == "name")?.Value; I want to add a custom claim - CompanyId = 123456 for the logged in user. I'm able to add a custom