ASP.NET Claim NameIdentifier Id gets convert error

Question

i have problem with this code:

private async Task<object> GenerateJwtToken(string email, User user)
{
    var claims = new List<Claim>
    {
        new Claim(JwtRegisteredClaimNames.Sub, email),
        new Claim(JwtRegisteredClaimNames.Jti, Guid.NewGuid().ToString()),
        new Claim(ClaimTypes.NameIdentifier, user.Id)
    };

User extend IdentityUser. The problem is that i get :

Cannot convert from 'int' to 'System.Security.Claims.ClaimsIdentity'". Even for ClaimTypes.NameIdentifier i get error: "Cannot convert from 'string' to 'System.IO.BinaryReader'

And if i change Id to something else, like email, or firstName errors disappear... Can't find any info about it.

Answer 1

Understandably I am a bit late to this question but I had a similar issue.

What I found was new Claim has multiple signatures that can be passed into it. Explicitly stating the type resolved my issue.

new Claim(ClaimTypes.Name as string, userFromRepo.Username as string)

Hopefully this gives some help to anyone else who has this issue.

Answer 2

Normally how it works (at least in ASP.NET Core 3) is that the sub JWT claim gets automatically converted (by the InboundClaimTypeMap) into NameIdentifier when the scaffolding instantiates the ClaimsPrincipal.

So it's enough to simply set a JwtRegisteredClaimNames.Sub claim with user.Id as value.

But you can customize which claim the Identity should use for identification purposes by assigning a value to IdentityOptions.ClaimsIdentity.UserIdClaimType in the AddIdentity() call, e.g.:

services.AddIdentity<ApplicationUser, IdentityRole>(options =>
{
   options.ClaimsIdentity.UserIdClaimType = JwtRegisteredClaimNames.Sub;
});

And if you want to disable the claim mapping, you can clear the map by including the following statement in the configuration:

JwtSecurityTokenHandler.DefaultInboundClaimTypeMap.Clear();

or set this flag to false:

JwtSecurityTokenHandler.DefaultMapInboundClaims = false;