What is the claims in ASP .NET Identity

by

what does claim mechanism means in new ASP.NET Identity Core?

There are two common authorization approaches that are based on Role and Claim.

Role-Based Security

A user gets assigned to one or more roles through which the user gets access rights.
Also, by assigning a user to a role, the user immediately gets all the access rights defined for that role.

Claims-Based Security

A claims-based identity is the set of claims. A claim is a statement that an entity (a user or another application) makes about
itself, it’s just a claim. For example a claim list can have the user’s name, user’s e-mail, user’s age, user’s authorization for an action.
In role-based Security, a user presents the credentials directly to the application. In a claims-based
model, the user presents the claims and not the credentials to the application. For a claim to have practical
value, it must come from an entity the application trusts.

Below steps illustrate the sequence of that happens in a claims-based security model:

  1. The user requests an action. The relying party (RP) application asks
    for a token.
  2. The user presents the credentials to the issuing authority that the RP application trusts.
  3. The issuing authority issues a signed token with claims, after authenticating the user’s
    credentials.
  4. The user presents the token to the RP application. The application validates the token
    signature, extracts the claims, and based on the claims, either accepts or denies the
    request.

But, i still can’t understand and find any information, when data
addes to AspNetUserClaims and what situations this table using for?

When you are in a situation where a Role-Based Security is not used, and you chose to use Claim-Based
Security, you would need to utilize AspNetUserClaims table.
For how to use Claims in ASP.NET Identity, see below link for more information.

http://kevin-junghans.blogspot.com/2013/12/using-claims-in-aspnet-identity.html

Update

What time i have to use role-based security and when claim-based?
Could you please write a few examples?

There isn’t a very clear situation where you would or would not use Role-Based or Claim-Based Security, Not like a case where you would use A rather than B.

But, claim-Based access control allows better separation of authorization rules from the core business logic. When authorization rules change, the core business logic remain unaffected. There will be situations where you might prefer using Claim-Based approach.

Sometimes claims aren’t needed. This is an important disclaimer.
Companies with a host of internal applications can use Integrated
Windows Authentication to achieve many of the benefits provided by
claims. Active Directory does a great job of storing user identities,
and because Kerberos is a part of Windows, your applications don’t
have to include much authentication logic. As long as every
application you build can use Integrated Windows Authentication, you
may have already reached your identity utopia. However, there are many
reasons why you might need something other than Windows
authentication. You might have web-facing applications that are used
by people who don’t have accounts in your Windows domain. Another
reason might be that your company has merged with another company and
you’re having trouble authenticating across two Windows forests that
don’t (and may never) have a trust relationship. Perhaps you want to
share identities with another company that has non-.NET Framework
applications or you need to share identities between applications
running on different platforms (for example, the Macintosh). These are
just a few situations in which claims-based identity can be the right
choice for you.

For more information, please visit http://msdn.microsoft.com/en-us/library/ff359101.aspx

More Related Contents:

  1. What is ASP.NET Identity’s IUserSecurityStampStore interface?
  2. ASP.NET Identity with EF Database First MVC5
  3. ASP.NET Identity DbContext confusion
  4. Adding ASP.NET MVC5 Identity Authentication to an existing project
  5. ASP.NET Core change EF connection string when user logs in
  6. Change User Id type to int in ASP.NET Identity in VS2015
  7. Can I set an unlimited length for maxJsonLength in web.config?
  8. include antiforgerytoken in ajax post ASP.NET MVC
  9. ASP.Net MVC How to pass data from view to controller [closed]
  10. Is trying to develop for Medium Trust a lost cause?
  11. Advantage of creating a generic repository vs. specific repository for each object?
  12. jqGrid: using multiple methods to filter data
  13. Asp.Net Forms Authentication when using iPhone UIWebView
  14. How to get current user, and how to use User class in MVC5?
  15. Why does the CheckBoxFor render an additional input tag, and how can I get the value using the FormCollection?
  16. How to add validation to my POCO(template) classes
  17. How do I render a partial form element using AJAX
  18. How to include a partial view inside a webform
  19. Visual Studio 2012 Web Publish doesn’t copy files
  20. Is it a good practice to avoid using Session State in ASP.NET MVC? If yes, why and how?
  21. SSL pages under ASP.NET MVC
  22. How ViewBag in ASP.NET MVC works
  23. What are the Web.Debug.config and Web.Release.Config files for?
  24. ASP.Net UserName to Email
  25. asp mvc routing with two optional parameters
  26. Creating a URL in the controller .NET MVC
  27. Paging & Sorting grids with ASP.Net MVC
  28. Web Config Transform not working
  29. how to know if the request is ajax in asp.net mvc?
  30. How to decide which is right, WebForms or MVC when doing ASP.NET

Leave a Comment