Best IT Recipes

How to delete an existing application from ClaimsPrinciple?

I am creating a Roles impersonation developer tool for an intranet site to allow developers to act quickly like any Role as needed. Specific Roles Developer, Team Lead, Team Member, Engineering, Marketing, Guest , and the tool on the web page makes a web api call to add or remove Claim ... well, I can add, but I can not find where .RemoveClaim(claim) or .TryRemoveClaim(claim) to get this working. Do I have to create my own application manager to get this functionality, or am I missing something?

I watched System.Security.Claims , and almost everything else works very simply and there is no link that I need to work hard to do what I need.

I am using VS 2013 / Web Api2 with .NET 4.5.1.

The website side just uses a simple ajax call for the PUT and DELETE functions until I get it to work the way I want. From Controller, my cs code looks like this:

  public void Put(int id, [FromBody]string role) { if (FindClaim(role) != null) return; var user = HttpContext.Current.User as ClaimsPrincipal; if (user == null) return; var claimId = new ClaimsIdentity(); claimId.AddClaim(new Claim(ClaimTypes.Role, role)); user.AddIdentity(claimId); } // DELETE api/devroleadjuster/5 public void Delete(int id, [FromBody]string role) { var claim = FindClaim(role); if (claim == null) return; var user = HttpContext.Current.User as ClaimsPrincipal; if (user == null) return; // Why can't I do this???? user.RemoveClaim(claim); } private Claim FindClaim(string role) { try { var user = HttpContext.Current.User as ClaimsPrincipal; var claim = (from c in user.Claims where c.Value == role select c).Single(); return claim; } catch (InvalidOperationException) { return null; } }

PUT works fine, the problem is with the DELETE code part of my code ... I want to use the code user.RemoveClaim(claim); or something like this ... I don’t understand why I can’t comply with MSDN, and I can’t find any sample code to remove the claim.

+17
c # asp.net-web-api wif claims-based-identity
Mar 21 '14 at 22:36
source share
2 answers

You must use the identifier to add or remove claims. Try to add a request.

 var user = User as ClaimsPrincipal; var identity = user.Identity as ClaimsIdentity; identity.AddClaim(new Claim(ClaimTypes.Role, "somenewrole"));

To delete an application,

 var user = User as ClaimsPrincipal; var identity = user.Identity as ClaimsIdentity; var claim = (from c in user.Claims where c.Value == "somenewrole" select c).Single(); identity.RemoveClaim(claim);

By the way, it is better to use User on your controller instead of HttpContext.Current.User .

+25
Mar 22 '14 at 2:26
source share

Something else that is important to add is to make sure that you are not trying to iterate over the claims collection and remove items. I just stumbled upon a feather-blown code written by someone else, and at first I didn't see the problem until I stepped over it.

Buggy code:

  foreach (var claim in identity.Claims) { var name = claim.Type; if (!name.Equals("UserAccountId") && !name.Equals("Email") && !name.Equals("TenantIds")) { identity.RemoveClaim(claim); } }

The result was that the claims were inconsistently removed from the list. A simple solution to the problem is to iterate over the list of claims, not the claims themselves, and delete them as follows:

  var claimNameList = identity.Claims.Select(x => x.Type).ToList(); foreach (var name in claimNameList) { if (!name.Equals("UserAccountId") && !name.Equals("Email") && !name.Equals("TenantIds")) { var claim = identity.Claims.FirstOrDefault(x => x.Type == name); if (claim != null) identity.RemoveClaim(claim); } }

It is never recommended to iterate over a collection and add or remove items. Depending on the situation, you will see sporadic errors and various results, and in some cases, for example, iterating over elements in the HttpContext.Current.Items files, you will see sporadic errors with respect to the modified collection.

+3
Jan 26 '17 at 16:04 on
source share


More articles:


All Articles