We have a web app in MVC 5. It uses OWIN for authentication. Now we have the case that requests may come from a specific server which sends in the http-header the username (and also some cryptographic information to prove that it is the right server).
In the above case, the app should authenticate to the user (identity) with the given name in the header field, without writing any cookie or doing other authentication actions. I have searched the web and it seems to me, that I have to add a custom AuthenticationFilter in the FilterConfig and then being able to authenticate the user with the specific name found in the header-field.
Test wise I tried code like the below to force authentication, however always get the following exception:
A claim of type 'http://schemas.xmlsoap.org/ws/2005/05/identity/claims/nameidentifier' or 'http://schemas.microsoft.com/accesscontrolservice/2010/07/claims/identityprovider' was not present on the provided ClaimsIdentity. To enable anti-forgery token support with claims-based authentication, please verify that the configured claims provider is providing both of these claims on the ClaimsIdentity instances it generates. ...
The test code in the IAuthenticationFilter-implementation looks as follows:
public void OnAuthentication(AuthenticationContext filterContext) {
var claims = new List<Claim>();
claims.Add(new Claim(ClaimTypes.Name, "test"));
claims.Add(new Claim(ClaimTypes.Email, "test@test.local"));
var identity = new ClaimsIdentity(claims,DefaultAuthenticationTypes.ExternalBearer);
var principal = new ClaimsPrincipal(identity);
filterContext.Principal = principal;
}
Am I completely on the wrong track or is it only a little mistake?
