1. In this video, it shows the new change in .net framework security. The most important change is now the GenericIdentity, WindowsIdentity has inherited from the base class as ClaimsIdentity. All the claims can be accessed from the Claims property. The same is happened in Principle as well, which is ClaimsPrincipal.
2. How do you extend the claims authentication and authorization in .Net 4.5?ClaimsAuthenticationManager is a base class to extend to transform the incoming ClaimsPrincipal.
It has a override method,
ClaimsPrincipal Authenticate(string resourceName, ClaimsPrincipal incomingPrincipal)
By updating this method, the incomingPrincipal can be transformed to add/update/remove some extra claims. This is especially useful in federated security scenario. When the identity party authenticated the responsiblie party and send the incoming principal. The server can transform it to provide some extra or their own meaning for the claims.
ClaimsAuthorizationManager is a base class to extend claims based authorization.
It provides the method
bool CheckAccess(AuthorizationContext context)
The claims authorization is different from the previou role-based authorization. The role based authorization is a roles string array, to ask if the user is in a role. Claims based authorization has the concept as Action and Resource to ask if the action for the rsource is permitted or not.
So in the AuthorizationContext, it has theree properties. Action, Resource and Principal.
ClaimsPrincipalPermission is an attribute to decorate on the method for authorization.
To use the custom authentication and authorization classes, the classes need to be include in the config file such as,
For the authentication transfor, using the code,
Thread.CurrentPrincipal = FederatedAuthentication.FederationConfiguration.IdentityConfiguration.ClaimsAuthenticationManager.Authenticate("none", incomingPrincipal);
to transform the incoming principal to custom format.
Also for the project, System.IdentityModel, System.IdentityModel.Services are the necessary project references.
No comments:
Post a Comment