0

I have applied the authentication using the claims based indentity

  var identity = new ClaimsIdentity(new[] {
                                new Claim(ClaimTypes.Name, userContext.ReturnObject.UserName),
                                new Claim(ClaimTypes.Email, userContext.ReturnObject.EmailAddress)
                            }, "ApplicationCookie");

Now i am trying to update the username stored in claims.

I can read the values using 

var identity = (ClaimsIdentity)User.Identity;
IEnumerable<Claim> claims = identity.Claims;

but i am not able to update. please suggest.

Vinay Pratap Singh Bhadauria
  • 9,829
  • 3
  • 28
  • 49

3 Answers3

1

I don't understand why you want to update the claim, but you may try something like this as said by Andy

((ClaimsIdentity)identity).RemoveClaim(identity.FindFirst(ClaimTypes.Name)); 
((ClaimsIdentity)identity).AddClaim(new Claim(ClaimTypes.Name, "new_name"));
Mukesh Modhvadiya
  • 2,178
  • 2
  • 27
  • 32
  • 1
    I am getting an error while removing The Claim 'http://schemas.xmlsoap.org/ws/2005/05/identity/claims/name: somename' was not able to be removed. It is either not part of this Identity or it is a claim that is owned by the Principal that contains this Identity. For example, the Principal will own the claim when creating a GenericPrincipal with roles. The roles will be exposed through the Identity that is passed in the constructor, but not actually owned by the Identity. Similar logic exists for a RolePrincipal. – Vinay Pratap Singh Bhadauria Mar 19 '15 at 13:13
0

Claims weren't designed to be updated; they're intended to be atomic facts about the identity. However, the ClaimsIdentity class DOES have the ability to replace claims; you'll need to first find the claim you want to replace, then remove the claim from the ClaimsIdentity using RemoveClaim, followed by adding a replacement claim with the same claim type using AddClaim.

Andy Hopper
  • 3,618
  • 1
  • 20
  • 26
  • I am getting an error while removing The Claim 'http://schemas.xmlsoap.org/ws/2005/05/identity/claims/name: somename' was not able to be removed. It is either not part of this Identity or it is a claim that is owned by the Principal that contains this Identity. For example, the Principal will own the claim when creating a GenericPrincipal with roles. The roles will be exposed through the Identity that is passed in the constructor, but not actually owned by the Identity. Similar logic exists for a RolePrincipal. – Vinay Pratap Singh Bhadauria Mar 19 '15 at 13:14
  • Ah, yeah, ClaimsIdentity does have the concept of "external" claims, and as the error message indicates, those cannot be changed. This brings us back to the fact that claims identities aren't really meant to be updated once they are issued. In this case, you may be better served generating a new principal with the updated username, effectively mimicking a login by the user, but with the new username. – Andy Hopper Mar 19 '15 at 13:34
  • on generating new principal will the older one be removed automatically – Vinay Pratap Singh Bhadauria Mar 19 '15 at 13:40
  • Well, the act of creating a ClaimsPrincipal won't replace it, but you can set the current thread's principal. You're not trying to do this on each request, are you? – Andy Hopper Mar 20 '15 at 14:20
0

After doing what @Andy and @Mukesh said, you will also need to change the authentication cookies after updating claims in order the changes to take effect.

IOwinContext context = Request.GetOwinContext();

var authenticationContext = context.Authentication.AuthenticateAsync(DefaultAuthenticationTypes.ExternalCookie);

authenticationManager.AuthenticationResponseGrant = new AuthenticationResponseGrant(
            identity,
            authenticationContext.Properties);

Further information can be found here

Community
  • 1
  • 1
Luis Teijon
  • 4,769
  • 7
  • 36
  • 57