Geek Answers Handbook

ASP.NET authentication requirements

I have a problem understanding claims, especially roles.

The following are the two roles assigned to the user.

var roles = UserManager.GetRolesAsync(user.Id).Result;

But when I receive claims and sort through them, I get only the first role. I do not have both roles. Please note that I did not set up a claim role during login.

Action code

 IEnumerable<Claim> claims = null; var identity = HttpContext.User.Identity as ClaimsIdentity; if (identity != null && identity.Claims != null && identity.Claims.Any()) { claims = identity.Claims; } return View(claims);

and corresponding submission code

 @model IEnumerable<System.Security.Claims.Claim> @{ ViewBag.Title = "Display Claims"; } <h2>Display Claims</h2> @if (Model == null) { <p class="alert-danger">No claims found</p> } else { <table class="table table-bordered"> <tr> <th>Subject</th> <th>Issuer</th> <th>Type</th> <th>Value</th> </tr> @foreach (var claim in Model.OrderBy(x => x.Type)) { <tr> <td>@claim.Subject.Name</td> <td>@claim.Issuer</td> <td>@Html.ClaimType(claim.Type)</td> <td>@claim.Value</td> </tr> } </table> }

and here is the result. What am I missing here?

enter image description here

And the table has two roles

enter image description here

Update # 1

I added the first and last name as deleted applications, logged in and both roles are now displayed. I have not changed anything. So now I'm more confused ...

enter image description here

Here is the provider to add deleted claims

 public static class ClaimsUserInfoProvider { public static IEnumerable<Claim> GetClaims(ClaimsIdentity user, ApplicationUser applicationUser) { var claims = new List<Claim>(); claims.Add(CreateClaim(ClaimTypes.GivenName, applicationUser.FirstName + " " + applicationUser.LastName)); return claims; } private static Claim CreateClaim(string type, string value) { return new Claim(type, value, ClaimValueTypes.String, "RemoteClaims"); } }

and login action for using a claims provider

 [HttpPost] [AllowAnonymous] [ValidateAntiForgeryToken] public async Task<ActionResult> Login(LoginViewModel model) { if (ModelState.IsValid) { var user = await UserManager.FindAsync(model.UserName, model.Password); if (user == null) { ModelState.AddModelError("", "Invalid user name or password."); } else { var identity = await UserManager.CreateIdentityAsync(user, DefaultAuthenticationTypes.ApplicationCookie); //add claims identity.AddClaims(ClaimsUserInfoProvider.GetClaims(identity, user)); AuthenticationManager.SignOut(); AuthenticationManager.SignIn(new AuthenticationProperties { IsPersistent = model.RememberMe }, identity); if (!String.IsNullOrEmpty(model.ReturnUrl)) { return Redirect(model.ReturnUrl); } return RedirectToAction("Index", "Home"); } } return View(model); }
+8
c # claims-based-identity asp.net-identity
source share
1 answer

It’s hard to say for sure, but I think that what happened here was that the claims were cached in a cookie that is used to authenticate the user. When the user first registers applications, they are read from the database, a cookie is created with claims and stored in the users browser. All further requests read information about user requirements from the cookie before its expiration date. I have a detailed blog post that I have been writing about ASP.NET authentication cookie for some time for more information on how to manage expiration.

Some of your wordings suggest (only guesses on my part) that the roles were added after the user has already registered, and therefore the roles were not added to the cookie and will not be printed. Claims updated when you added code to add names, as one of several reasons:

  • The cookie expired and you had to enter a new login.
  • You wrote down (which deleted the cookie) and then made a new login.

  • You are not logged in, but when you went to the login action, you have a signout call, and then a signin that updated the cookie:

    AuthenticationManager.SignOut(); AuthenticationManager.SignIn(new AuthenticationProperties

You can duplicate the behavior you experience:

  • Make sure the user is logged out.
  • Remove user roles from AspNetUserRoles table
  • User signing in
  • Add the roles back to the user in the AspNetUserRoles table (either manually or by some action through the application where you manage the roles for users)
  • Print roles
  • You will not see the role in the listing.
  • Then sign the user and sign it, and you will see the expected roles.

Each time you add a role or requirement, you will need to manually log out or you can make a call by updating the cookie, as I mentioned earlier. This answer here provides some context on how to effectively update a cookie.

+1
source share

More articles:


All Articles