I want to remove a special Claim that has Role type by this code:
if (identity.HasClaim(ClaimsIdentity.DefaultRoleClaimType, "MyPermissionName"))
{
identity.RemoveClaim(new Claim(ClaimsIdentity.DefaultRoleClaimType,
"MyPermissionName",
ClaimValueTypes.String));
}
But the framework giving me this error:
The Claim 'http://schemas.microsoft.com/ws/2008/06/identity/claims/role: MyPermissionName' was not able to be removed. It is either not part of this Identity or it is a claim that is owned by the Principal that contains this Identity. For example, the Principal will own the claim when creating a GenericPrincipal with roles. The roles will be exposed through the Identity that is passed in the constructor, but not actually owned by the Identity. Similar logic exists for a RolePrincipal.
How can I remove this type of claims manually from claims of the identity of the user?
Why I want to do it?
My project has Roles + Permissions (each role has several permission) and I initial the Role type Claims of Identity by permission names instead of role names in the CustomClaimsIdentityFactory.
It works well until I want to remove the user from a role by calling RemoveFromRoleAsync method. It removes the the user from the role in database but dose not remove the related role type claim automatically. I think the reason is using permission names instead of role names. Anyway I decided to remove the related role type claim manually and now I see the above error!
What is your solution and suggestions?
This question is unique (is not duplicate) because: I can read/update/delete a claim normally but not about the claims that their Key is
DefaultRoleClaimType(http://schemas.microsoft.com/ws/2008/06/identity/claims/role), So this question is not about deleting a normal claim that mentioned in other questions in SO.
