0

I am using Thinktecture Identity Server V3 for SSO and configured my client application with Implicit flow. Once the user is authenticated with local login I would like to add addition claims to the principle with in the client application.

What is the best place to do this with in client application and how to couple this?

user3731783
  • 718
  • 1
  • 7
  • 31

2 Answers2

2

I was researching this myself and used claims transformation within my web forms project.

I implemented Claims Transformation Using a Custom ClaimsAuthenticationManager to add an Administrator role to the incoming Principal.

Below I have provided details on how I added claims to my application.

In my Global File: Global.asax.cs

// manual way of invoking claims transformation
protected void Application_PostAuthenticateRequest(object sender, EventArgs e)
{
     var transformer = new ClaimsTransformer();
     var principal = transformer.Authenticate(string.Empty, ClaimsPrincipal.Current);

     Thread.CurrentPrincipal = principal;
     HttpContext.Current.User = principal;
}

ClaimsTransformer.cs class

public class ClaimsTransformer : ClaimsAuthenticationManager
{
    public override ClaimsPrincipal Authenticate(string resourceName, ClaimsPrincipal incomingPrincipal)
    {
        if (!incomingPrincipal.Identity.IsAuthenticated)
        {
            return base.Authenticate(resourceName, incomingPrincipal);
        }

        return CreatePrincipal(incomingPrincipal);
    }

    private ClaimsPrincipal CreatePrincipal(ClaimsPrincipal principal)
    {
        var userName = principal.Identity.Name;
        var claims = new List<Claim>();

        //Set admin role claim 
        if (userName == "Chuck Norris")
        {
            claims.Add(new Claim(ClaimTypes.Role, "Admin"));
        }

        return new ClaimsPrincipal(new ClaimsIdentity(claims, "App Claims"));
    }
}

Web Config

I then restrict access to anyone who does not have the admin claim trying to access the admin sub directory of the application using a location tag. 

 <location path="Admin">
<system.web>
  <authorization>
    <allow roles="Admin" />
    <deny users="*"/> 
  </authorization>
</system.web>

I hope this helps.

Ryan Gavin
  • 689
  • 1
  • 8
  • 22
1

What you are looking for is claims transformation. Here is the link that will get you started. Example is made for ASP.NET Web Forms but it is the same for MVC.

Zeljko Vujaklija
  • 500
  • 4
  • 12