Logo Questions Linux Laravel Mysql Ubuntu Git Menu
 

adding claims to forms authentication in asp.net

I have been working on a asp.net application which uses windows azure tables as data storage for users information.I have a class which does the insertion and creation of tables and handles other stuff. When I see that a user is already present I want to issue a authentication token using something like

FormsAuthentication.SetAuthCookie(user,true)  

and I also want to add the user's claims that I got from the windows azure table storage so I can read them later using something like

ClaimsPrincipal claimsPrincipal = Page.User as ClaimsPrincipal; 

Can someone please suggest me how to achieve this? I finished the other parts of this custom app but not very clear how to make this part work.

Thanks

like image 221
user505210 Avatar asked May 01 '14 20:05

user505210


People also ask

How would you implement claims based authentication in .NET core?

The claims-based authorization works by checking if the user has a claim to access an URL. In ASP.NET Core we create policies to implement the Claims-Based Authorization. The policy defines what claims that user must process to satisfy the policy. We apply the policy on the Controller, action method, razor page, etc.

What is form authentication in ASP.NET with example?

Form authentication is cookie based, as ASP.NET places a cookie in the client machine in order to track the user. If the user requests a secure page and has not logged in, then ASP.NET redirects him/her to the login page. Once the user is authenticated, he/she will be allowed to access the requested page.

How do I enable form based authentication?

You can use the Forms Authentication setting, displayed under the Security > Authenticated Access section of the Internet Information Services view for a website, to set forms authentication on web applications. Set the Forms Authentication option to Yes to enable forms authentication.


1 Answers

This is almost as simple, with the help of the SessionAuthenticationModule.

SessionAuthenticationModule sam = 
    (SessionAuthenticationModule)
    this.Context.ApplicationInstance.Modules["SessionAuthenticationModule"];

IClaimsPrincipal principal = 
   new ClaimsPrincipal( new GenericPrincipal( new GenericIdentity( txtUserName.Text ), null ) );

// create any userdata you want. by creating custom types of claims you can have
// an arbitrary number of your own types of custom data
principal.Identities[0].Claims.Add( new Claim( ClaimTypes.Email, "[email protected]" ) );
principal.Identities[0].Claims.Add( new Claim( ClaimTypes.UserData, ReallyLongUserData ) );

var token = 
  sam.CreateSessionSecurityToken( 
     principal, null, DateTime.Now, DateTime.Now.AddMinutes( 20 ), false );
sam.WriteSessionTokenToCookie( token );

Response.Redirect( this.Context.Request.QueryString["ReturnUrl"] );

Full article that also includes web.config entries:

http://www.wiktorzychla.com/2012/09/forms-authentication-revisited.html

like image 85
Wiktor Zychla Avatar answered Nov 13 '22 18:11

Wiktor Zychla