All geek questions in one place

ClaimsPrincipal is null when it reaches the WCF service

I am currently implementing the Federated Authentication solution using: Passive STS for issuing tokens, a website hosting the Silverlight application and WCF services for the Silverlight application.

So far I can:

  • Get redirected to STS
  • Log in and redirect to the site
  • Display claims on the website by contacting HttpContext.Current.User.Identity as IClaimsIdentity;

on the web.config website, I added two required WIF modules (under IIS 7)

<modules runAllManagedModulesForAllRequests="true">

        <add name="WSFederationAuthenticationModule" type="Microsoft.IdentityModel.Web.WSFederationAuthenticationModule, Microsoft.IdentityModel, Version=3.5.0.0, Culture=neutral, PublicKeyToken=31bf3856ad364e35" preCondition="managedHandler"/>
        <add name="SessionAuthenticationModule" type="Microsoft.IdentityModel.Web.SessionAuthenticationModule, Microsoft.IdentityModel, Version=3.5.0.0, Culture=neutral, PublicKeyToken=31bf3856ad364e35" preCondition="managedHandler"/>

    </modules>

I also configured the Microsoft.IdentityModel section in the web.config file to use my own implementation of the ClaimsAuthenticationManager and ClaimsAthorizationManager.

<service name="Rem.Ria.PatientModule.Web.WebService.PatientService">
        <claimsAuthenticationManager type ="Rem.Infrastructure.WIF.RemClaimsAuthenticationManager"/>
        <claimsAuthorizationManager type ="Rem.Infrastructure.WIF.RemClaimsAuthorizationManager"/>
      </service>

My ClaimsAuthenticationMAnager simply sets Thread.CurrentPrincipal is a valid Principal.

class RemClaimsAuthenticationManager : ClaimsAuthenticationManager
    {
        public override IClaimsPrincipal Authenticate ( string resourceName, IClaimsPrincipal incomingPrincipal )
        {

            if ( incomingPrincipal.Identity.IsAuthenticated )
            {
                Thread.CurrentPrincipal = incomingPrincipal;
            }
            return incomingPrincipal;
        }
    }
}

, ClaimsAuthorizationManager .Principal.Identity , Thread.CurrentPrincipal.

?

+3
2

Thread.CurrentPrincipal, . HttpContext.Current.User, Thread.Principal , , , IIS. , Codeplex.

+5

, ClaimsAuthenticationManager. IClaimsPrincipal , Name, . CurrentPrincipal , .

:

public class CustomClaimsAuthenticationManager : ClaimsAuthenticationManager
{
public CustomClaimsAuthenticationManager()
{

}

public override IClaimsPrincipal Authenticate(string resourceName, 
IClaimsPrincipal   incomingPrincipal)
{
    var outgoingIdentity = GetClaimsAsPassthrough(incomingPrincipal);
    return outgoingIdentity; 
}

private IClaimsPrincipal GetClaimsAsPassthrough(IClaimsPrincipal incomingPrincipal)
{
    if (!incomingPrincipal.Identity.IsAuthenticated)
    {
        return incomingPrincipal; 
    }

    var ingoingClaims = incomingPrincipal.Identity as IClaimsIdentity; 

    ClaimsIdentity outgoingIdentity = new ClaimsIdentity(new List<Claim>
    {
        new Claim(ClaimTypes.Name, (incomingPrincipal.Identity.Name + " 
        a very cool guy"))
    }, incomingPrincipal.Identity.AuthenticationType);

    foreach (var claim in ingoingClaims.Claims.Where(
    c => c.ClaimType != ClaimTypes.Name))
    {
        outgoingIdentity.Claims.Add(claim.Copy()); 
    }

    return new ClaimsPrincipal(new List<ClaimsIdentity> { outgoingIdentity }); 
 }

}
+1

Source: https://habr.com/ru/post/1758941/

More articles:


All Articles