Menu
Using .Net 4.5 RC and Azure Access Control Service, the primary claims I am interested in are the IdentityProvider and the NameIdentifier.
System.Security.Claims.ClaimTypes contains constants for well-known claims, and it has ClaimTypes.NameIdentifier, but it appears to be missing ClaimTypes.IdentityProvider.
I was really surprised not to find it there. Of course, I can just use the string representation "http://schemas.microsoft.com/accesscontrolservice/2010/07/claims/identityprovider" in one of my own constants, but given Microsoft's push towards the cloud, I would expect to find it in with the standard ClaimTypes.
Is this is just oversight? Is there a good reason for it's absence? Is it in some other namespace?
765
ClaimType is a string that tells you what the claim means. E.g. (typically a URI): http://schemas.xmlsoap.org/ws/2005/05/identity/claims/dateofbirth.
ClaimTypes.Name is for username and ClaimTypes. NameIdentifier specifies identity of the user as object perspective.
I would venture that the IdentityProvider claim is not part of the standard set of WIF claim types because the IdentityProvider is already a required field present in the issued security token, separate from the set of claims.
ACS on the other hand sits as a federation provider between the relying party application and the 3rd party identity provider. Note that ACS does not use the ActAs or OnBehalfOf mechanisms, but the RP might like to know what IP the user is coming from so ACS issues the IdentityProvider claim for this purpose.
99
If you love us? You can donate to us via Paypal or buy me a coffee so we can maintain and grow! Thank you!
Donate Us With
