7

I'm using MVC5 with the latest version of Identity (2.1) I'm trying to create a user claim for the facebook access_token. I've never created a claim before, but my other Identity functionality works fine as far as I can tell.

I have this line of code in my Startup.Auth.cs:

    context.Identity.AddClaim(new Claim("urn:facebook:access_token",
 context.AccessToken, xmlSchemaString, "Facebook"));

The full piece of code is here if you need more reference: Integrate facebooksdk with Identity 2.0

If I put a break in the code on the line immediately after that line, I can see that everything is being retrieved properly, most importantly the content.AccessToken (which is a huge string). However, it never makes it to the database after completing a successful login.

As a test, I tried simplifying it, by changing the line to this:

context.Identity.AddClaim(new System.Security.Claims.Claim(ClaimTypes.Email, "test@example.com"));

Same outcome, no errors, but nothing is added to the database. I then tried adding this line of code in my IdentityModels.cs right where it tells you to put custom claims:

// Add custom user claims here
        userIdentity.AddClaim(new Claim(ClaimTypes.DateOfBirth, "01/01/1972"));

Same outcome...no errors and never makes it to the database. Can anyone think of any reason what my issue might be?

The only thing custom in my Identity setup is that I followed an article on how to use username instead of email (as the username). Also, I changed the Identity table names (e.g. UserClaims) in the OnModelCreating block which seems to be a fairly standard procedure.

I have a feeling it's going to be some rookie move, but at the moment, I'm stumped. Any help is much appreciated.

Community
  • 1
  • 1
Sum None
  • 2,164
  • 3
  • 27
  • 32

2 Answers2

16

Database persists your custom claims for the users. If user has any claims in the DB, they will be applied to the auth cookie with they login.

To add claims into the database you need to use UserManager:

await userManager.AddClaimAsync(userId, new Claim("MyClaimType", "MyClaimValue"));

If you are adding claims to ClaimsIdentity, then claims are not persisted in the database, but added to a cookie directly and will not be automatically re-added next time the user is logged-in.

trailmax
  • 34,305
  • 22
  • 140
  • 234
  • This definitely works despite me being completely perplexed by Identity and OWIN. Thanks! – Sum None Jul 12 '15 at 19:52
  • 6
    So just to clarify, it looks like userIdentity.AddClaim() adds a claim to the user _in context_, but does not persist this to the database. userManager.AddClaim() adds a claim to the database, but not to the current user context. The former would be good for testing, the latter for claim creation & persistence. – shloosh Jan 09 '17 at 18:42
  • 1
    Just to add, claims stored in database can be retrieved using: ClaimsIdentity userIdentity = await user.GenerateUserIdentityAsync(userManager, CookieAuthenticationDefaults.AuthenticationType); where user can be found as: user = await userManager.FindByIdAsync(userId); – Himalaya Garg Jun 18 '17 at 02:51
  • @HimalayaGarg The only trouble that `user` is a client defined class. There is no guarantee for this method to be there. In all my projects this method is moved away from user class. – trailmax Jun 18 '17 at 22:12
0

So your problem is that the DB is not hit to save the claims ? Claims are stored in a secured cookie with ASP.NET Identity ; ) The ASP.NET Identity Framework will read the cookie at the beginning of every request and populate the claims collection for you in my understanding. Just check that you can see the facebook claim from your MVC controller after login. I think there's actually no issue.

tobiak777
  • 3,175
  • 1
  • 32
  • 44
  • 1
    Ugh, seriously? To answer your question, Yes. I been hitting execute on my sql query window like 1000 times after trying all kinds of stuff. So, the next logical question would be, what is the UserClaims sql table used for? Is there a flag or similar you can set to store those claims in the DB? In the meantime, I'll try what you suggested... – Sum None Jul 09 '15 at 18:25