Thursday, August 6, 2015

Using Claims-based Forms Authentication with ASP.NET MVC

If you are attempting to use Claims within your ASP.NET MVC Web Application, you may encounter problems if you are not using a Claims Provider such as ADFS as your Claims Issuer.

Since I was using Forms Authentication and the FormsIdentity object, I was encountering a problem whereby only a single Claim was always being returned with my FormsIdentity object.  Based on older code, I was also using a GenericPrincipal object. 

I discovered that I needed to use ClaimsIdentity and ClaimsPrincipal instead in order to add more claims to be passed around with my User Identity as described in this article:

Once I solved that problem, since I was sending my own set of Claims from my ASP.NET Web API Service Layer, I suddenly encountered the error message as described in this article:

Since I was using AntiForgeryTokens in my ASP.NET MVC Web Application, I was encountering this exception at runtime.

Fortunately, the solution provided in the article for setting the AntiForgeryConfig.UniqueClaimTypeIdentifier in my Global.asax.cs file was just what I needed!!

No comments:

Post a Comment