Logo Questions Linux Laravel Mysql Ubuntu Git Menu
HTML CSS JAVASCRIPT SQL PYTHON PHP BOOTSTRAP JAVA JQUERY R React Kotlin
 

How to add claims to windows user

Tags:

.net-core

windows-authentication

I have a dotnet core api app with windows app enabled. We have bunch of users which have special permission 'admin' and are stored in database, rest all have default permission 'user'. I want users to have extra claims who all are in database. Also I want to store more information like emailid, employee number(which I have to query from LDAP manually)

What I thought is I will have one api, say api/auth which will capture the current user and add claims based on database and ldap query and other api end points can use it.

But I am not able to get how to add and persist claims between different api end points.

Is it possible, and or is it a good way? I have second option to hit the database on each api call.

Edit 1: I have written a middleware which intercepts all api request and searches LDAP/database, creates an ClaimsIndentity and add it to Users.Identity. Then it is available through rest of the call.

Edit 2: When I am @Ondra Starenko's answer, I am not able to reference IClaimsTransformer or app.UseClaimsTransformation. Is there something else I need to include.

Platform: .NET core 2.1.3

like image 277
Priyesh Kumar Avatar asked Jun 12 '18 18:06

Priyesh Kumar

People also ask

What are claims in user?

Claims are pieces of information about a user that have been packaged, signed into security tokens and sent by an issuer or identity provider to relying party applications through a security token service (STS).

Where are user claims stored?

By default, a user's claims are stored in the authentication cookie. If the authentication cookie is too large, it can cause the app to fail because: The browser detects that the cookie header is too long.

1 Answers

You can add Claims to windows user in the ClaimsTransformer class.

public class ClaimsTransformer : IClaimsTransformer
{
   public Task<ClaimsPrincipal> TransformAsync(ClaimsTransformationContext context)
   {
      //add new claim
      var ci = (ClaimsIdentity) context.Principal.Identity;
      var c = new Claim(ClaimTypes.Role, "admin");
      ci.AddClaim(c);

      return Task.FromResult(context.Principal);
   }
}

And add this line to Startup:

app.UseClaimsTransformation(o => new ClaimsTransformer().TransformAsync(o)); 

public void Configure(IApplicationBuilder app, IHostingEnvironment env, ILoggerFactory loggerFactory)
{
   loggerFactory.AddConsole(LogLevel.Debug);
   loggerFactory.AddDebug();

   app.UseClaimsTransformation(o => new ClaimsTransformer().TransformAsync(o));

   app.UseStaticFiles();

   app.UseMvc();
}

For more information see this: add claims to windows identity.

like image 200
Ondra Starenko Avatar answered Oct 07 '22 17:10

Ondra Starenko
Sign in to Comment

Related questions

System.Environment in .NET Core 1.0
referencing .NET framework 4 dll in .NET core 2.0
.Net standard version for .Net core 2.2
Choose the SDK version (e.g. preview3 vs preview2) that the dotnet CLI uses
Entity Framework Core: private or protected navigation properties
How do I reduce memory usage for .NET Core docker containers?
ASP.NET Core/.NET Core Console app logging in Docker container
How to pass a POCO class to .NET Core configuration
Asp.Net Core 2.x middleware syntax
Outlook Interop in .NET Core 3.0?
Keep ASP.NET core app running all the time in IIS
.NET Core 3.0 migration error IAsyncEnumerable<T> exists in both System.Interactive.Async and System.Runtime
NETSDK1135 SupportedOSPlatformVersion 10.0.19041.0 cannot be higher than TargetPlatformVersion 7.0
EF 7 .NET Core tools error
How to redirect www to non www rule in AspNetCore 1.1 preview 1 with RewriteMiddleware?
.NET Core WebAPI dependency injection resolve null
Could not load file or assembly When Net Framework reference a Net Standard Library
Store computed property with Entity Framework Core
Detecting .net core 2.0
Removing sensitive information from logs in ASP.NET Core logging

Donate For Us

If you love us? You can donate to us via Paypal or buy me a coffee so we can maintain and grow! Thank you!