14

I'm using ASP.NET MVC 5 project with identity 2.1.0 and VS2013 U4. I want to add claims to user during registration in order to be stored in db. These claims represent user custom properties.
As I created a web page for administrator to create/edit/delete users, I'm still using create method from AccountController to create a user, but I don't want to login that user. How can I add those claims to the user ?

Christoph Fink
  • 22,727
  • 9
  • 68
  • 113
Milan M.
  • 959
  • 3
  • 12
  • 27

3 Answers3

18

You probably already have a UserManager class. You can use that one to create users and to add claims.

As an example in a controller:

// gather some context stuff
var context = this.Request.GetContext();

// gather the user manager
var usermanager = context.Get<ApplicationUserManager>();

// add a country claim (given you have the userId)
usermanager.AddClaim("userid", new Claim(ClaimTypes.Country, "Germany"));

In order for this to work you need to implement your own UserManager and link it with the OWIN context (in the example it's ApplicationUserManager which basically is class ApplicationUserManager : UserManager<ApplicationUser> { } with only a small amount of configuration added). A bit of reading is available here: https://msdn.microsoft.com/en-us/library/dn613290%28v=vs.108%29.aspx

pysco68
  • 1,136
  • 9
  • 15
  • I succeded with this. One more question, can I change claim later in db, when user attribute changes ? And how can I access those claims in app ? – Milan M. Jan 27 '15 at 09:35
  • You should be able to get to those details by using navigation properties on the ApplicationUser entity (user.Claims). There's some interesting reading about that here: http://stackoverflow.com/questions/22105583/why-is-asp-net-identity-identitydbcontext-a-black-box – pysco68 Jan 27 '15 at 09:56
  • O.K. I succeded to get claim, but how can I change it ? – Milan M. Jan 27 '15 at 10:00
  • There's no method to "modify" existing claims in `UserManager`. That route you would have to RemoveClaim() and then AddClaim(). Otherwise you could go there by the DBContext... either way you'll have to sign-out and sign-in the user again in order to get the cookie refreshed (claims are serialized in there to not hit the DB on each call for such "basic" information) – pysco68 Jan 27 '15 at 10:07
  • So, when some attribute is changed, I need to remove all claims and then again to add claims and to logout user ? – Milan M. Jan 27 '15 at 10:21
  • Not all the claims. Just that one that changed. Subsequently you'll need to log the user out and in (in that order) to have ASP.NET Identity re-serialize the (updated) claims to the session cookie – pysco68 Jan 27 '15 at 11:29
  • If the claims change occurs within the user's context, you can use `owinContext.Authentication.SignOut(this.User)`, otherwise you must rely on the session being re-generated: http://stackoverflow.com/questions/26573367/asp-identity-2-0-regenerate-identity – pysco68 Jan 27 '15 at 11:49
  • No, claims is not changes in user context. It is changed by another user (administrator), so I need to logout that user to apply those claims. – Milan M. Jan 27 '15 at 12:14
  • http://stackoverflow.com/questions/25878218/asp-net-identity-2-0-sign-out-another-user – pysco68 Jan 27 '15 at 12:50
8

you can use Like

private void SignInAsync(User User)
{
    var claims = new List<Claim>();

    claims.Add(new Claim(ClaimTypes.Name, User.Employee.Name));
    claims.Add(new Claim(ClaimTypes.Email, User.Employee.EmailId));
    claims.Add(new Claim(ClaimTypes.Role, User.RoleId.ToString()));
    var id = new ClaimsIdentity(claims,
                                DefaultAuthenticationTypes.ApplicationCookie);
    var claimsPrincipal = new ClaimsPrincipal(id);
    // Set current principal
    Thread.CurrentPrincipal = claimsPrincipal;
    var ctx = Request.GetOwinContext();
    var authenticationManager = ctx.Authentication;

    authenticationManager.SignIn(id);
}

after login pass the User table value in this function 

 SignInAsync(result);

you can get clam value like

var identity = (ClaimsPrincipal)Thread.CurrentPrincipal;
 // Get the claims values
        string UserRoleValue = identity.Claims.Where(c => c.Type == ClaimTypes.Role)
                           .Select(c => c.Value).SingleOrDefault();
Rey
  • 3,663
  • 3
  • 32
  • 55
  • This adds the claims to the users authentication cookie and does **not** store them in the DB to be loaded on the next log-in. Also working with threads like `Thread.CurrentPrincipal` is not a good idea as threads can switch, especially in an async scenario. – Christoph Fink Jan 27 '15 at 09:25
  • @MANISH O.K. Thanks. But how can I get that user in my /Account/Login method ? – Milan M. Jan 27 '15 at 09:26
  • @ChrFin how can I add those to db ? – Milan M. Jan 27 '15 at 09:27
  • Your example won't persist the claims to DB. So the claims will only last until the session is closed, so not really what the question was about – pysco68 Jan 27 '15 at 09:27
  • hey you can get it by using User.Identity.GetUserName(); –  Jan 27 '15 at 09:35
2

You can, in fact, create claims at the same time you create the user account.

Just add the claims to the user object before you call CreateAsync on the user manager.

var identityUser = new IdentityUser
{
  UserName = username,
  Email = email,
  // etc...
  Claims = { new IdentityUserClaim { ClaimType = "SomeClaimType", ClaimValue = "SomeClaimValue"} }
};
var identityResult = await _userManager.CreateAsync(identityUser, password);

This will create the user and associate the claims with the user as one logical operation with persistence.

Cliff
  • 241
  • 2
  • 7