Logo Questions Linux Laravel Mysql Ubuntu Git Menu
 

Reuse Claim in regenerateIdentityCallback in Owin Identity in MVC5

I am using MVC5 with Owin identity.

I am struggling to reuse any custom Claims in regenerateIdentityCallback.

I have in Startup this configuration (as provided in the standard Template for new MVC project)

        app.UseCookieAuthentication(new CookieAuthenticationOptions
        {
            AuthenticationType = DefaultAuthenticationTypes.ApplicationCookie,
            LoginPath = new PathString("/Account/Login"),
            Provider = new CookieAuthenticationProvider
            {
                OnValidateIdentity = SecurityStampValidator.OnValidateIdentity<ApplicationUserManager, ApplicationUser, Guid>(
                    validateInterval: TimeSpan.FromSeconds(10),
                    regenerateIdentityCallback: (manager, user) => user.GenerateUserIdentityAsync(manager),
                    getUserIdCallback: (user) => Guid.Parse(user.GetUserId()))
            }
        });

the GenerateUserIdentityAsync looks like this: (as well pretty much standard from the Template)

    public async Task<ClaimsIdentity> GenerateUserIdentityAsync(UserManager<ApplicationUser, Guid> manager)
    {
        var userIdentity = await manager.CreateIdentityAsync(this, DefaultAuthenticationTypes.ApplicationCookie);

        // I want here instead of generating new one, just reuse the previous one
        userIdentity.AddClaim(new Claim(ClaimTypes.Sid, Guid.NewGuid().ToString()));

        return userIdentity;
    }

The problem is, that I am not able to reuse the Claim and I allways have to get new value for it. After investigation of the Identity dll I see, that this instance of the user has no Claims as it is fresh user from Database and userIdentity has only the standard Claims as Id and UserName, which are created by CreateIdentityAsync method. Getting the user from HttpContext.Current is not possible, it is null on this place.

What is the best way to reuse a Claim to keep some values from the Cookie? I probably misunderstood the purpose of Claims. Thx in advance for your help

like image 774
Lukas K Avatar asked Jul 30 '14 17:07

Lukas K


2 Answers

You can obtain the same result by doing this (context.Identity is the previous identity):

OnValidateIdentity = context => SecurityStampValidator.OnValidateIdentity<ApplicationUserManager, DtbsUser, Guid>(
                            validateInterval: TimeSpan.FromSeconds(30),
                            regenerateIdentityCallback:
                                (manager, user) =>
                                    user.GenerateUserIdentityAsync(manager, context.Identity),
                            getUserIdCallback: (ci) => Guid.Parse(ci.GetUserId())).Invoke(context)
like image 133
Mihai Marin Avatar answered Oct 20 '22 04:10

Mihai Marin


I gave up and created own SecurityStampValidator which does exactly the same as original, but passes the current claimsIdentity to regenerateIdentityCallback as param. Not at all happy about this solution, but it works.

       OnValidateIdentity = MySecurityStampValidator.OnValidateIdentity<ApplicationUserManager, DtbsUser, Guid>(
                    validateInterval: TimeSpan.FromSeconds(10),
                    regenerateIdentityCallback: (manager, user, previousIdentity) => user.GenerateUserIdentityAsync(manager, previousIdentity),  
                    getUserIdCallback: user => Guid.Parse(user.GetUserId()))
like image 39
Lukas K Avatar answered Oct 20 '22 04:10

Lukas K