These are ClaimTypes, which represents the pre-defined types of claims that an entity can claim. The ones you mention are from WIF, here are the IdentityModel ClaimTypes. Known claimtypes are automatically deserialized into the context. Like http://schemas.microsoft.com/ws/2008/06/identity/claims/role is added as role to the user.roles collection (used for IsInRole). So the types are not random, but … Read more
Just hit AD with the username and password instead of authenticating against your DB // POST: /Account/Login [HttpPost] [AllowAnonymous] [ValidateAntiForgeryToken] public async Task<ActionResult> Login(LoginViewModel model, string returnUrl) { if (ModelState.IsValid) { var user = await UserManager.FindByNameAsync(model.UserName); if (user != null && AuthenticateAD(model.UserName, model.Password)) { await SignInAsync(user, model.RememberMe); return RedirectToLocal(returnUrl); } else { ModelState.AddModelError(“”, “Invalid username … Read more
AD FS 2.0 can only authenticate against Active Directory (AD DS). This is not explicitly documented in the official AD FS 2.0 documentation, but it follows from the following two snippets: “Appendix A: Reviewing AD FS Requirements” from the AD FS 1.x Design Guide, section “Account store requirements” says, “AD FS supports two types of … Read more
The problem is because of a breaking change in .Net 4.5. As explained by this article, simply constructing a claims identity no longer makes it IsAuthenticated return true. Instead, you need to pass some string (doesn’t matter what) into the constructor. So this line in the above code: var claimsIdentity = new ClaimsIdentity( claims ); … Read more
I will try to explain the Role/Claim/Permission-based Access Control concept in layman’s terms. The code snippet I will present here, are pseudocode, may or may not compile. What are Roles? Roles can be thought of as Job Titles. Like “Sales Manager”, “Marketing Manager”, “Admin” etc. What are the claims? Claims can be broader than a … Read more
Try this: [Authorize] public ActionResult SomeAction() { var identity = (ClaimsIdentity)User.Identity; IEnumerable<Claim> claims = identity.Claims; … }
When you are talking about roles and permissions then you are talking about authorization. Claims are typically not for authorization. (Identity)Claims are there to model the identity of the user: who is the user? The claims on itself do not tell anything about authorization. A user can have a role claim, but this doesn’t tell … Read more