What is the best way to retrieve a WindowsIdentity from a ClaimsIdentity

Question

So far I found out two solutions to get a WindowsIdentity object from a ClaimsIdentity. First I extract the user principal name (upn).

ClaimsIdentity ci = (ClaimsIdentity) Thread.CurrentPrincipal.Identity;    
string upn = null;
foreach (Claim c in ci.Claims)
{
    if (c.ClaimType == ClaimTypes.Upn)
    {
        upn = c.Value;
        break;
    }
}

Just call the constructor of WindowsIdentity with the upn:

WindowsIdentity winId = new WindowsIdentity(upn);
Use Claims to Windows Token Service (c2WTS):

WindowsIdentity winId = S4UClient.UpnLogon(upn);

Solution 1 seems for me the simpler and easier solution, but then i don't understand the purpose of the c2WTS?

Any suggestions?

tnx!

score 2 · Accepted Answer · edited May 23 '11 at 06:40

2

WindowsIdentity winId = S4UClient.UpnLogon(upn);

Used by Excel Services and PerformancePoint services.

Its cached once used. Has some other checks against it as well.

edited May 23 '11 at 06:40

biju

17,554
10
59
95

answered May 22 '11 at 22:24

Adrian

36
2

What is the best way to retrieve a WindowsIdentity from a ClaimsIdentity

1 Answers1

Linked