what are the URLs for in claim-types

Question

Since I want to add custom claims into my application, I checked the sourcecode of ClaimTypes (decompiled with JetBrains decompiler). Here is a piece of it:

namespace System.Security.Claims
{
  /// <summary>Defines constants for the well-known claim types that can be assigned to a subject. This class cannot be inherited.</summary>
  [ComVisible(false)]
  public static class ClaimTypes
  {
    internal const string ClaimTypeNamespace = "http://schemas.microsoft.com/ws/2008/06/identity/claims";
    /// <summary>The URI for a claim that specifies the instant at which an entity was authenticated; http://schemas.microsoft.com/ws/2008/06/identity/claims/authenticationinstant.</summary>
    public const string AuthenticationInstant = "http://schemas.microsoft.com/ws/2008/06/identity/claims/authenticationinstant";
    /// <summary>The URI for a claim that specifies the method with which an entity was authenticated; http://schemas.microsoft.com/ws/2008/06/identity/claims/authenticationmethod.</summary>
    public const string AuthenticationMethod = "http://schemas.microsoft.com/ws/2008/06/identity/claims/authenticationmethod";
    /// <summary>The URI for a claim that specifies the cookie path; http://schemas.microsoft.com/ws/2008/06/identity/claims/cookiepath.</summary>
    public const string CookiePath = "http://schemas.microsoft.com/ws/2008/06/identity/claims/cookiepath";
    /// <summary>The URI for a claim that specifies the deny-only primary SID on an entity; http://schemas.microsoft.com/ws/2008/06/identity/claims/denyonlyprimarysid. A deny-only SID denies the specified entity to a securable object.</summary>
    public const string DenyOnlyPrimarySid = "http://schemas.microsoft.com/ws/2008/06/identity/claims/denyonlyprimarysid";
    /// <summary>The URI for a claim that specifies the deny-only primary group SID on an entity; http://schemas.microsoft.com/ws/2008/06/identity/claims/denyonlyprimarygroupsid. A deny-only SID denies the specified entity to a securable object.</summary>
    public const string DenyOnlyPrimaryGroupSid = "http://schemas.microsoft.com/ws/2008/06/identity/claims/denyonlyprimarygroupsid";

My question is (and I hope, it's not too silly), what are the URLs for? Are they used somewhere else? When I try to open an URL, my explorer says that the site wasn't found. So I think there is no xml-schema or something behind. If I add my custom claims, do I have to add something like those URLs too?

Answer 1

These are ClaimTypes, which represents the pre-defined types of claims that an entity can claim. The ones you mention are from WIF, here are the IdentityModel ClaimTypes.

Known claimtypes are automatically deserialized into the context. Like http://schemas.microsoft.com/ws/2008/06/identity/claims/role is added as role to the user.roles collection (used for IsInRole).

So the types are not random, but by specification. You can add your own types. This can be any string, but you can also use the same format.

Suppose you add a CustomerId as claim, then you'll need to query the Claims collection by claimtype="CustomerId", or the uri you defined (like http://schemas.mycompany.com/2017/06/identity/CustomerId).

You can add claims by code, or by inserting records in the Identity.Claims tables.