Reuse Claim in regenerateIdentityCallback in Owin Identity in MVC5

Question

I am using MVC5 with Owin identity.

I am struggling to reuse any custom Claims in regenerateIdentityCallback.

I have in Startup this configuration (as provided in the standard Template for new MVC project)

        app.UseCookieAuthentication(new CookieAuthenticationOptions
        {
            AuthenticationType = DefaultAuthenticationTypes.ApplicationCookie,
            LoginPath = new PathString("/Account/Login"),
            Provider = new CookieAuthenticationProvider
            {
                OnValidateIdentity = SecurityStampValidator.OnValidateIdentity<ApplicationUserManager, ApplicationUser, Guid>(
                    validateInterval: TimeSpan.FromSeconds(10),
                    regenerateIdentityCallback: (manager, user) => user.GenerateUserIdentityAsync(manager),
                    getUserIdCallback: (user) => Guid.Parse(user.GetUserId()))
            }
        });

the GenerateUserIdentityAsync looks like this: (as well pretty much standard from the Template)

    public async Task<ClaimsIdentity> GenerateUserIdentityAsync(UserManager<ApplicationUser, Guid> manager)
    {
        var userIdentity = await manager.CreateIdentityAsync(this, DefaultAuthenticationTypes.ApplicationCookie);

        // I want here instead of generating new one, just reuse the previous one
        userIdentity.AddClaim(new Claim(ClaimTypes.Sid, Guid.NewGuid().ToString()));

        return userIdentity;
    }

The problem is, that I am not able to reuse the Claim and I allways have to get new value for it. After investigation of the Identity dll I see, that this instance of the user has no Claims as it is fresh user from Database and userIdentity has only the standard Claims as Id and UserName, which are created by CreateIdentityAsync method. Getting the user from HttpContext.Current is not possible, it is null on this place.

What is the best way to reuse a Claim to keep some values from the Cookie? I probably misunderstood the purpose of Claims. Thx in advance for your help

Answer 1

You can obtain the same result by doing this (context.Identity is the previous identity):

OnValidateIdentity = context => SecurityStampValidator.OnValidateIdentity<ApplicationUserManager, DtbsUser, Guid>(
                            validateInterval: TimeSpan.FromSeconds(30),
                            regenerateIdentityCallback:
                                (manager, user) =>
                                    user.GenerateUserIdentityAsync(manager, context.Identity),
                            getUserIdCallback: (ci) => Guid.Parse(ci.GetUserId())).Invoke(context)

Answer 2

I gave up and created own SecurityStampValidator which does exactly the same as original, but passes the current claimsIdentity to regenerateIdentityCallback as param. Not at all happy about this solution, but it works.

       OnValidateIdentity = MySecurityStampValidator.OnValidateIdentity<ApplicationUserManager, DtbsUser, Guid>(
                    validateInterval: TimeSpan.FromSeconds(10),
                    regenerateIdentityCallback: (manager, user, previousIdentity) => user.GenerateUserIdentityAsync(manager, previousIdentity),  
                    getUserIdCallback: user => Guid.Parse(user.GetUserId()))