0

In the MSDN documentation for the ClaimsAuthorizationManager class, it says "You can configure your application to use a claims authorization manager ... programmatically by using the IdentityConfiguration class...". Unfortunately, neither that page nor the page for the IdentityConfiguration class have any examples of doing so. All of their examples make use of the app.config file to specify a custom ClaimsAuthorizationManager class.

I'm trying to push all of my security code into a separate library. I don't want to have to remember to copy sections of the app.config file from that library into each project that uses it.

I found a similar question regarding a custom ClaimsAuthorizationManager and DI. Sadly, that user is using something called Thinktecture.IdentityModel and their answer lies in that component and so is not available to me. However, a note on the ClaimsPrincipalPermissionAttribute class page mentions hooking into the FederationConfigurationCreated event and that appears to be how the Thinktecture.IdentityModel does it. So I tried...

class Program {
    static void Main (string[] args) {
        SecurityHelper s = new SecurityHelper ();
        FederatedAuthentication.FederationConfigurationCreated += s.FederatedAuthentication_FederationConfigurationCreated;
        SetCurrentPrincipal ();
        ShowMeTheCode ();
        Console.ReadLine ();
    }

    private static void SetCurrentPrincipal () {
        WindowsPrincipal incomingPrincipal = new WindowsPrincipal (WindowsIdentity.GetCurrent ());
        Thread.CurrentPrincipal = FederatedAuthentication.FederationConfiguration.IdentityConfiguration.ClaimsAuthenticationManager.Authenticate ("none", incomingPrincipal);
    }

    [ClaimsPrincipalPermission (SecurityAction.Demand, Operation = "List networks", Resource = "Network")]
    private static void ShowMeTheCode () {
        Console.WriteLine ("Console.WriteLine");
    }
}

public class SecurityHelper {
    public void FederatedAuthentication_FederationConfigurationCreated (object sender, System.IdentityModel.Services.Configuration.FederationConfigurationCreatedEventArgs e) {
        e.FederationConfiguration.IdentityConfiguration.ClaimsAuthenticationManager = new CustomClaimsTransformer ();
        e.FederationConfiguration.IdentityConfiguration.ClaimsAuthorizationManager = new CustomAuthorizationManager ();
    }
}

This just throws an "InvalidOperationException" with a message of "Could not load the identity configuration because no configuration section was found." I'm guessing it's because the event occurs when the FederationConfiguration property is accessed for the first time by one of the HTTP modules in the web application and I'm testing in a console application.

Community
  • 1
  • 1
Jason
  • 349
  • 3
  • 9
  • You should check out the IdentityServer implementation to figure out how to implement it programatically: https://github.com/IdentityServer/IdentityServer4 – Fals Nov 23 '16 at 21:04
  • Checked out their code. They hook into an event that I found out about on a different page. I can't get it to work, though. I've updated the question to include the details of that attempt. – Jason Nov 23 '16 at 21:26
  • Because you will need the configuration section. You can build the entire configuration section in the app.config where your ClaimsPrincipal lives and just import the section where needed https://msdn.microsoft.com/en-us/library/2tw134k3.aspx. There's no way to avoid this, unfortanally – Fals Nov 23 '16 at 21:31

0 Answers0