ClaimsAuthenticationManager Class
Definition
Important
Some information relates to prerelease product that may be substantially modified before it’s released. Microsoft makes no warranties, express or implied, with respect to the information provided here.
Defines the base implementation for a claims authentication manager. The claims authentication manager provides a place in the claims processing pipeline for applying processing logic (filtering, validation, extension) to the claims collection in the incoming principal before execution reaches your application code.
public ref class ClaimsAuthenticationManager : System::IdentityModel::Configuration::ICustomIdentityConfiguration
public class ClaimsAuthenticationManager : System.IdentityModel.Configuration.ICustomIdentityConfiguration
type ClaimsAuthenticationManager = class
interface ICustomIdentityConfiguration
Public Class ClaimsAuthenticationManager
Implements ICustomIdentityConfiguration
- Inheritance
-
ClaimsAuthenticationManager
- Implements
Examples
The following code shows a simple claims authentication manager that adds a role claim to the incoming principal without performing any check on the incoming claims.
using System;
using System.Collections.Generic;
using System.Linq;
using System.Text;
using System.Threading.Tasks;
using System.Security.Claims;
namespace MyClaimsAuthenticationManager
{
class SimpleClaimsAuthenticatonManager : ClaimsAuthenticationManager
{
public override ClaimsPrincipal Authenticate(string resourceName, ClaimsPrincipal incomingPrincipal)
{
if (incomingPrincipal != null && incomingPrincipal.Identity.IsAuthenticated)
{
((ClaimsIdentity)incomingPrincipal.Identity).AddClaim(new Claim(ClaimTypes.Role, "User"));
}
return incomingPrincipal;
}
}
}
The following XML shows the <claimsAuthenticationManager>
element.
<system.identityModel>
<identityConfiguration>
<claimsAuthenticationManager type="MyClaimsAuthenticationManager.SimpleClaimsAuthenticatonManager, MyClaimsAuthenticationManager" />
...
</identityConfiguration>
</system.identityModel>
Remarks
The claims authentication manager provides an extensibility point in the application's claims processing pipeline that you can use to validate, filter, modify, incoming claims or inject new claims into the set of claims presented by a ClaimsPrincipal before the RP application code is executed. You can even return a custom implementation of ClaimsPrincipal if your RP application requires it. The default implementation provided by the ClaimsAuthenticationManager class returns the claims in the ClaimsPrincipal unmodified; however, you can derive from this class and override the Authenticate method to modify the claims in the ClaimsPrincipal (or to return a custom ClaimsPrincipal).
A typical reason for creating a custom claims authentication manager is to add, remove, or transform claims based on information that is only known by or is, perhaps, better maintained by the RP application. For example, a history of customer purchases in a shopping cart application might be kept in a data base maintained by the RP application and then added to the claims principal returned by the claims authentication manager based on the value of a name claim found in the incoming principal.
You can configure your application to use a ClaimsAuthenticationManager
either programmatically by using the IdentityConfiguration class or in configuration through the <claimsAuthenticationManager> element (which is a child element of the <identityConfiguration> element). You can override the LoadCustomConfiguration method to provide processing for custom child elements of the <claimsAuthenticationManager>
element through which your custom manager can be configured. The base implementation of ClaimsAuthenticationManager does not handle any child elements.
Configuring your application to use a claims authentication manager ensures that it will be invoked by Windows Identity Foundation (WIF) from the request pipeline.
Constructors
ClaimsAuthenticationManager() |
Initializes a new instance of the ClaimsAuthenticationManager class. |
Methods
Authenticate(String, ClaimsPrincipal) |
When overridden in a derived class, returns a ClaimsPrincipal object consistent with the requirements of the RP application. The default implementation does not modify the incoming ClaimsPrincipal. |
Equals(Object) |
Determines whether the specified object is equal to the current object. (Inherited from Object) |
GetHashCode() |
Serves as the default hash function. (Inherited from Object) |
GetType() |
Gets the Type of the current instance. (Inherited from Object) |
LoadCustomConfiguration(XmlNodeList) |
When overridden in a derived class, loads custom configuration from XML. |
MemberwiseClone() |
Creates a shallow copy of the current Object. (Inherited from Object) |
ToString() |
Returns a string that represents the current object. (Inherited from Object) |