How do I create a ClaimsIdentity object for Asp.NET MVC 5?

authentication ravendb asp.net-mvc-5 claims-based-identity katana

50,209

Solution 1

Perhaps the following link can help:

var claims = new List<Claim>();
claims.Add(new Claim(ClaimTypes.Name, "Brock"));
claims.Add(new Claim(ClaimTypes.Email, "[email protected]"));
var id = new ClaimsIdentity(claims,DefaultAuthenticationTypes.ApplicationCookie);

var ctx = Request.GetOwinContext();
var authenticationManager = ctx.Authentication;
authenticationManager.SignIn(id);

Solution 2

I think you are "going about this all wrong". The ASP.NET Identity Framework is designed with pluggable persistence in mind. The correct way to substitute RavenDB for EF is NOT to replace the UserManager. Rather, it is to implement a replacement UserStore. So the line in the AccountController that creates the UserManager would change from:

public AccountController()
    : this(new UserManager<ApplicationUser>(new UserStore<ApplicationUser>(new ApplicationDbContext())))

To:

public AccountController()
    : this(new UserManager<ApplicationUser>(new RavenDBUserStore<ApplicationUser>/* connection info here*/)))

Where the RavenDBUserStore would be a class you wrote that implemented IUserStore, IUserPasswordStore and whatever other *Store interfaces you needed for your particular application.

This approach avoids you needing to understand and re-implement everything in UserManager and ensures that you will be able to take advantage of future improvements to the UserManager from MS.

For more information on how to do this, see the Overview of Custom Storage Providers for ASP.NET Identity and the example of Implementing a Custom MySQL ASP.NET Identity Storage Provider. You should also check out the code of the RavenDB.AspNet.Identity Nuget Package created by David Boike mentioned in his answer. The source is on github at https://github.com/ILMServices/RavenDB.AspNet.Identity/tree/master/RavenDB.AspNet.Identity

Solution 3

Here is what I came up with. I would love to know if this is the correct way to accomplish this task.

Working in a default MVC5 website, I went to the Account Controller, and found the SignInAsync() function. I adjusted it as follows:

    private async Task SignInAsync(ApplicationUser user, bool isPersistent)
    {
        AuthenticationManager.SignOut(DefaultAuthenticationTypes.ExternalCookie);
        //var identity = await UserManager.CreateIdentityAsync(user, DefaultAuthenticationTypes.ApplicationCookie); --> this is where I want to get rid of UserManager
        List<Claim> claims = new List<Claim>{
            new Claim("http://schemas.xmlsoap.org/ws/2005/05/identity/claims/name", user.Name), //user.Name from my database
            new Claim("http://schemas.xmlsoap.org/ws/2005/05/identity/claims/nameidentifier", user.Id), //user.Id from my database
            new Claim("http://schemas.microsoft.com/accesscontrolservice/2010/07/claims/identityprovider", "MyApplication"),
            new Claim("FirstName", user.FirstName) //user.FirstName from my database
        };
        ClaimsIdentity identity = new System.Security.Claims.ClaimsIdentity(claims, DefaultAuthenticationTypes.ApplicationCookie, ClaimTypes.Name, ClaimTypes.Role);

        AuthenticationManager.SignIn(new AuthenticationProperties() { IsPersistent = isPersistent }, identity);
    }

Keep in mind that this also requires changing the [HttpPost] Login function to get the user from my database instead of using the UserManager.FindAsync() function.

The LogIn/LogOff parts of the default site seem to work fine after these adjustments. I'll leave this answer here for a while before I accept it in case someone can tell me why I shouldn't do it this way.

Solution 4

I created a RavenDB implementation for the new ASP.NET MVC 5 Identity and released it as a NuGet package. This might work for you.

http://www.nuget.org/packages/RavenDB.AspNet.Identity/

It's somewhat prerelease but I am using it in a real project.

Here's the GitHub project and a short thread on the RavenDB discussion group about it.

View more solutions

50,209

Author by

user1304444

Updated on November 17, 2020

Comments

user1304444 over 3 years
I am working in a .NET MVC 5 application. I do not want to use Entity Framework. I want to authenticate to a RavenDB database. It looks to me that I want to replace the UserManager that comes with the Account Controller. I think I can rewrite all the UserManager functions to work with my database, except I don't understand the ClaimsIdentity object.

In the SignInAsync method, there is a call to UserManager.CreateIdentityAsync(...). I know it returns a ClaimsIdentity object. What I don't know is how to create a ClaimsIdentity object on my own.

I see that it has 4 properties Actor, BootstrapContext, Claims and Label. I don't know what these properties are used for, and I don't know how to properly generate them. I assume generating them correctly is important since it is how the authentication cookie is made.

I looked at the explanation of the ClaimsIdentity object here, but that didn't really help me understand.

If I could see the code for CreateIdentityAsync(), that would probably help.

If I'm going about this all wrong, please let me know. Otherwise, if someone could point me toward how to generate the ClaimsIdentity object, that would be helpful.
```
ClaimsIdentity identity = new ClaimsIdentity
{
    Actor = ????,
    BootstrapContext = ?????,
    Claims = ?????,
    Label = ?????
}
```