BootstrapContext is null for ClaimsIdentity

Question

BootstrapContext is null for ClaimsIdentity

I created a new ASP.NET MVC application with .NET 4.5. I have successfully installed authentication using STS. The authentication flow is working fine, and I can get the ClaimsIdentity containing the required statements in Thread.CurrentPrincipal.

Now I need a bootstrap token to protect calls at my service level. I set saveBootstrapContext to true in the identityConfiguration element.

<system.identityModel> <identityConfiguration saveBootstrapContext="true">

However, the BootstrapContext property on ClaimsIdentity is always null.

 var identity = Thread.CurrentPrincipal.Identity as ClaimsIdentity; var context = identity.BootstrapContext; // context is always null

Am I missing something? It should have been simple :(

----------- Allowed ------------

This problem is resolved after rebooting my system. Please note that after iisreset it was not allowed. Later I changed the configuration to use Microsoft.IdentityModel instead of System.IdentityModel. I was able to reproduce this behavior. After the next reboot, I was able to get the bootstrap token again. Does anyone else experience the same behavior?

+4

asp.net-mvc .net-4.5 wif claims-based-identity ws-federation

Unmesh kondolikar Dec 29 '12 at 16:57

source share

3 answers

Jaanus · Answer 1 · 2015-11-20T12:44:52+0000

Solved this:

 <system.identityModel> <identityConfiguration saveBootstrapContext="true" /> </system.identityModel>

You must also set TokenValidationParameters.SaveSigninToken , which is different from JwtBearerOptions.SaveTokens :

 app.UseWindowsAzureActiveDirectoryBearerAuthentication( new WindowsAzureActiveDirectoryBearerAuthenticationOptions { Tenant = ConfigurationManager.AppSettings["ida:Tenant"], TokenValidationParameters = new TokenValidationParameters { SaveSigninToken = true, ValidAudience = ConfigurationManager.AppSettings["ida:Audience"] } } );

Mark larson · Answer 2 · 2013-01-22T18:43:32+0000

I ran into this problem when posting to IIS Express. It turns out the problem was in my browser: I did not close all my browser windows or cleared cookies, so the SessionSecurityToken did not recreate with the new parameter, even though the server was restarted (the existing FedAuth cookie was still sent from the browser).

As soon as I forcibly re-authenticated, closing all browser windows, restarting the browser and completing my request again, BootstrapContext appeared.

Mohammad Sepahvand · Answer 3 · 2014-08-12T04:39:47+0000

If you use the message handler to manually verify the token using the JwtSecurityTokenHandler to retrieve the principal of claims and bind to the current thread, as described here in Using the JWT handler to implement “Ten / ActAs” “Poor person” when you check the token using JwtSecurityTokenHandler.ValidateToken() , one of the parameters on TokenValidationParameters SaveBootstrapContext , setting that true does the trick.

BootstrapContext is null for ClaimsIdentity

More articles: