How to install NameClaimType on ASP.Net MVC 5?

Question

How to install NameClaimType on ASP.Net MVC 5?

I created an ASP.Net MVC 5 site using the Microsoft On-Premises organizational account authentication mechanism. Ultimately, this is set up to point to my company's ADFS infrastructure. I return all customized statements. However, at run time, the name ClaimsIdentity.Name is empty. This is because the default ClaimsIdentity.NameClaimType property is as follows:

http://schemas.xmlsoap.org/ws/2005/05/identity/claims/name

However, I need the ClaimsIdentity.Name name to map to:

 http://schemas.xmlsoap.org/ws/2005/05/identity/claims/nameidentifier

According to Microsoft Docs , the place to set this in web.config is in the add element of the securityTokenHandlers element:

 <system.identityModel> <identityConfiguration> <securityTokenHandlers> <add> <samlSecurityTokenRequirement> <nameClaimType value=xs:string> </nameClaimType> </samlSecurityTokenRequirement> </add> </securityTokenHandlers> </identityConfiguration> </system.identityModel>

In my ASP.Net MVC 5 web.config, the only thing that looks applicable and passes the intellisense check looks like this:

 <system.identityModel> <identityConfiguration> <securityTokenHandlers> <add type="System.IdentityModel.Services.Tokens.MachineKeySessionSecurityTokenHandler, System.IdentityModel.Services, Version=4.0.0.0, Culture=neutral, PublicKeyToken=b77a5c561934e089" > <samlSecurityTokenRequirement> <nameClaimType value="http://schemas.xmlsoap.org/ws/2005/05/identity/claims/nameidentifier"/> </samlSecurityTokenRequirement> </add> <remove type="System.IdentityModel.Tokens.SessionSecurityTokenHandler, System.IdentityModel, Version=4.0.0.0, Culture=neutral, PublicKeyToken=b77a5c561934e089" /> </securityTokenHandlers> </identityConfiguration> </system.identityModel>

However, this does not seem to have any effect. My MVC application still reports an empty ClaimsIdentity.Name field and a ClaimsIdentity.NameClaimType property:

 http://schemas.xmlsoap.org/ws/2005/05/identity/claims/name

How should my Web.Config display my existing application in the ClaimsIdentity.Name field?

+3

authentication asp.net asp.net-mvc-5

Nate jackson Nov 20 '13 at 20:43

source share

1 answer

Nate jackson · Answer 1 · 2013-11-20T21:27:22+0000

I found that using the following securityTokenHandlers section led me to where I needed to base the SAML 2.0 payload from my ADFS system:

 <securityTokenHandlers> <add type="System.IdentityModel.Services.Tokens.MachineKeySessionSecurityTokenHandler, System.IdentityModel.Services, Version=4.0.0.0, Culture=neutral, PublicKeyToken=b77a5c561934e089" /> <remove type="System.IdentityModel.Tokens.SessionSecurityTokenHandler, System.IdentityModel, Version=4.0.0.0, Culture=neutral, PublicKeyToken=b77a5c561934e089" /> <remove type="System.IdentityModel.Tokens.Saml2SecurityTokenHandler, System.IdentityModel, Version=4.0.0.0, Culture=neutral, PublicKeyToken=b77a5c561934e089" /> <add type="System.IdentityModel.Tokens.Saml2SecurityTokenHandler, System.IdentityModel, Version=4.0.0.0, Culture=neutral, PublicKeyToken=b77a5c561934e089" > <samlSecurityTokenRequirement> <nameClaimType value="http://schemas.xmlsoap.org/ws/2005/05/identity/claims/givenname"/> </samlSecurityTokenRequirement> </add> </securityTokenHandlers>

I'm not at all sure how the requirements were expended using web.config by default, since no Saml token handler was configured. Maybe something in the source code performs some default behavior ...

How to install NameClaimType on ASP.Net MVC 5?

More articles: