2

I have some middleware designed to perform some logic. Part of that logic is to update the claim value after user is authenticated. I am wondering if it is possible to do so?

public class MyMiddleware
{
    public async Task Invoke(HttpContext context)
    {
        //logic omitted
        var claims = new List<Claim> { new Claim("MyValue", "test") }
        context.User.AddIdentity(new ClaimsIdentity(claims));
    }
}

The only approach I have found so far is in the example above. However, I don't fully understand this approach. Will the above override any existing claims or will it have some other behavior?

Edit: In my testing, the above code does not works. As in the claim is never actually added when I look at it on my next request.

I have also tried the below but it had the same effect, claims did not persist on next request.

public class MyMiddleware
{
    public async Task Invoke(HttpContext context)
    {
        //logic omitted
        var claimsIdentity = (ClaimsIdentity) context.User.Identity;
        var identity = new ClaimsIdentity(claimsIdentity);
        var myClaim = identity.Claims.FirstOrDefault(x => x.Type.Equals(userExpirationName));

        if(myClaim != null) identity.RemoveClaim(myClaimName);
        identity.AddClaim(new Claim(myClaimName, "test"));
        context.User.AddIdentity(identity);
    }
}
Bagzli
  • 6,254
  • 17
  • 80
  • 163
  • Possible duplicate of [How to update a claim in ASP.NET Identity?](https://stackoverflow.com/questions/24587414/how-to-update-a-claim-in-asp-net-identity) – Bitz Nov 04 '19 at 18:04
  • @Bitz That is an MVC 5 project, the thread you linked. I Don't see how they are the same. Could you elaborate? That extension method does not work in .net core, I have tried it in the past. – Bagzli Nov 04 '19 at 18:08
  • In this exact moment, the only thing I'm sure I can tell you is that this method *adds* a claim to the identity – Davide Vitali Nov 04 '19 at 18:16
  • @DavideVitali as far as I can tell, you are correct and it appears that it does not overrides an existing value and I need it to. – Bagzli Nov 04 '19 at 18:21
  • @Bojan try removing then adding back the desired claim. Might need to do a cast. – Nkosi Nov 04 '19 at 18:26
  • @Nkosi how do I remove a claim in the middleware? context has no options for it and trying to inject usermanager leads to errors. – Bagzli Nov 04 '19 at 18:27
  • @DavideVitali after more thorough testing it would appear the method doesn't actually works in this context, the claim is never added. – Bagzli Nov 04 '19 at 18:31
  • I would first suggest debugging the code and seeing what type is the User. From there you should be able to cast to the correct type and be able to remove the claim(s) – Nkosi Nov 04 '19 at 18:46
  • Have a look at https://stackoverflow.com/a/40672654/5233410 – Nkosi Nov 04 '19 at 18:54
  • @Nkosi context.Authentication doesn't seem to exist in 3.0. Am I missing a package? – Bagzli Nov 04 '19 at 19:12
  • No forget about the `context.Authentication`. I wanted you to focus on what was done to `User`. You may need to cast to get access to the desired members – Nkosi Nov 04 '19 at 19:13
  • @Nkosi see my updated question. – Bagzli Nov 04 '19 at 19:18
  • 2
    Wait. This change will only affect the current request's claims not on next request. It is not persisted. I did not realize you were trying to persist the claim. – Nkosi Nov 04 '19 at 19:24

0 Answers0