Owin Authentication and claims in asp.net how to access user data

Question

I am developing an intranet application where the user authentication is based on Active directory and am having issue with the proper way of handling user claims.

---

I have implemented something similar to this

Using OWIN and Active Directory to authenticate users in ASP.Net MVC 5 application

and its working perfectly to authenticate the user through active directory. I have added claims to store the user data in the cookie

private ClaimsIdentity CreateIdentity(UserPrincipal userPrincipal)
{
   var identity = new ClaimsIdentity(MyAuthentication.ApplicationCookie, ClaimsIdentity.DefaultNameClaimType, ClaimsIdentity.DefaultRoleClaimType);
   identity.AddClaim(new Claim("http://schemas.microsoft.com/accesscontrolservice/2010/07/claims/identityprovider", "Active Directory"));
   identity.AddClaim(new Claim(ClaimTypes.Name, userPrincipal.SamAccountName));
   identity.AddClaim(new Claim(ClaimTypes.NameIdentifier, userPrincipal.SamAccountName));
   identity.AddClaim(new Claim(ClaimTypes.GivenName, userPrincipal.GivenName));

   return identity;
}

Is there a more efficient way of getting the user information rather than the below code?

var claimsIdentity = User.Identity as System.Security.Claims.ClaimsIdentity;
var name = claimsIdentity.FindFirst(System.Security.Claims.ClaimTypes.GivenName);

However, the username of the user is available through the identity it self User.Name...which seems ineloquent.

Answer 1

You could use Extension Methods to provide the methods you need.

using System.Security.Claims;
using System.Security.Principal.IPrincipal;

public static class UserClaimExtentions {

  public static string GivenName(this IPrincipal user) {
    return user.GetClaimValue(ClaimTypes.GivenName);
  }

  public static string NameIdentifier(this IPrincipal user) {
    return user.GetClaimValue(ClaimTypes.NameIdentifier);
  }

  public static string GetClaimValue(this IPrincipal user, string name) {
     var claimsIdentity = user.Identity as ClaimsIdentity;
     return claimsIdentity?.FindFirst(name)?.Value;
  }

  //If you aren't using the new operators from Roslyn for null checks then
  //use this method instead
  public static string GetClaimValue(this IPrincipal user, string name) {
     var claimsIdentity = user.Identity as ClaimsIdentity;
     var claim = claimsIdentity == null ? null : claimsIdentity?.FindFirst(name);
     return claim == null ? null : claim.Value;
  }

}

Now in your code you can just need to make sure you are using the namespace that the extension class is defined in and you can then do

var givenName = User.GivenName();
var identifier = User.NameIdentifier();

or

var givenName = User.GetClaimValue(ClaimTypes.GivenName);
var identifier = User.GetClaimValue(ClaimTypes.NameIdentifier);