I am using JWT Bearer auth in my new asp.net core 2.0 api app and want to add some extra claims to the current identity. This extra info is located in another api which need to be queried. My understanding is that claims transformation would be the proper place to do this. In .net core 1.1 you have the IClaimsTransformer interface in Microsoft.AspNetCore.Authentication nuget package, but I cannot install this one in my .net core 2.0 app. Is there a alternative way to transform claims in asp.net core 2.0 and is this the correct approach for my use case?
Asked
Active
Viewed 9,704 times
2 Answers
25
IClaimsTransformer has been renamed to IClaimsTransformation in ASP.NET Core 2.0.
Claims Transformation Simpler, new IClaimsTransformation service with a single method: Task TransformAsync(ClaimsPrincipal principal) We call this on any successful AuthenticateAsync call.
services.AddSingleton<IClaimsTransformation, ClaimsTransformer>(); private class ClaimsTransformer : IClaimsTransformation { // Can consume services from DI as needed, including scoped DbContexts public ClaimsTransformer(IHttpContextAccessor httpAccessor) { } public Task<ClaimsPrincipal> TransformAsync(ClaimsPrincipal p) { p.AddIdentity(new ClaimsIdentity()); return Task.FromResult(p); } }
saluce
- 13,035
- 3
- 50
- 67
Canada Wan
- 404
- 6
- 7
7
There is another method for transforming claims in ASP.NET Core 2.0 which also gives you access to the UserStore so you can retrieve data on the user and add that information as claims. Basically you write an implementation of the interface IUserClaimsPrincipalFactory and configure using it adding your custom implementation as a service in the ConfigureServices method in Startup.cs. The main changes in Core 2.0 from Core 1.x is that Identity relies on dependency injection of services instead of using middleware in the identity pipeline. There is a complete example on creating a custom IUserClaimsPrincipalFactory and how to use it for authorization in this blog post.
Here is an example of creating a custom claims factory that sets a claim for whether the user is an administrator or not.
public class MyClaimsPrincipalFactory<TUser>: UserClaimsPrincipalFactory<TUser> where TUser : ApplicationUser
{
public MyClaimsPrincipalFactory(
UserManager<TUser> userManager,
IOptions<IdentityOptions> optionsAccessor) : base(userManager,
optionsAccessor)
{
}
protected override async Task<ClaimsIdentity> GenerateClaimsAsync(TUser user)
{
var id = await base.GenerateClaimsAsync(user);
id.AddClaim(new Claim(MyClaimTypes.IsAdmin, user.IsAdministrator.ToString().ToLower()));
return id;
}
}
And here is how you inject the custom factory.
services.AddTransient<IUserClaimsPrincipalFactory<ApplicationUser>, MyClaimsPrincipalFactory<ApplicationUser>>();
Kevin Junghans
- 17,475
- 4
- 45
- 62
-
Can you elaborate how to use `IUserClaimsPrincipalFactory` in SSO scenario? – Liero Dec 06 '17 at 11:02
-
link seems to be broken – Jota.Toledo May 29 '18 at 16:37
-
@Jota.Toledo - The link works for me. What happens when you click on it? – Kevin Junghans May 30 '18 at 18:15
-
@Liero - Would you elaborate more on what SSO has to do with claims transformation. What is your use case? – Kevin Junghans May 30 '18 at 18:19
-
1@KevinJunghans I see no content in chrome, edge works fine. Sorry, should had checked first with multiple browsers. – Jota.Toledo May 31 '18 at 09:19
-
@KevinJunghans your site still doesn't load in chrome :) – Topher Feb 12 '19 at 11:51
-
@Topher - What version of Chrome on what device? It loads fine for me on the latest version of Chrome on a Windows device. – Kevin Junghans Mar 04 '19 at 15:24
-
@KevinJunghans Your site is not AdBlock friendly XD. I have to disable my AdBlock extension on Chrome to have it loaded. – Twisted Whisper Jul 25 '20 at 23:05