Is there a way to add custom claim to my ClaimsPrincipal once the user is authenticated? When using ASP.NET identity for individual accounts, one could add custom claims to the ClaimsPrincipal when the principal was created but I can not find the way to do this when using the Organizational Accounts template.
2 Answers
2
votes
For organizational account authentication, the templates setup HTTP handlers to handle authentication of your users. If you look in your web.config you will see two modules that were added to your project, which are the WSFederationAuthenticationModule and the SessionAuthenticationModule. As such, it's an entirely different authentication and authorization dance than what you are used to with cookie based authentication for individual accounts.
The extensibility point you are looking for is the Authenticate method of the ClaimsAuthenticationManager. Simply create a class that derives from this and override the Authenticate method. This will give you access to the ClaimsPrincipal object for the authenticated user where you can extend the claims collection for the user to whatever you want before your application code is invoked.
An example of how to set this up is here.
0
votes
You do need to sign the user back in.
By default your claims are encrypted and stored as a single cookie in your browser. After you've manipulated your ClaimsPrincipal you need to persist the cookie back to the browser.
I agree the verbage is bad however you have to do the following
var authenticationManager = HttpContext.Current.GetOwinContext().Authentication;
var authenticationProperties = new AuthenticationProperties { IsPersistent = false };
authenticationManager.SignIn(authenticationProperties, myManipulatedClaimsIdentity);
