Azure移动服务-自定义身份验证声明问题

Question

I've implemented custom authentication in my mobile services, but the claims that I add to my ClaimsIdentity object don't appear to be saved.

I create my ClaimsIdentity object, and then pass it to the CreateLoginResult method, as follows:

public IServiceTokenHandler Handler { get; set; }

...

ClaimsIdentity claimsIdentity = new ClaimsIdentity();
claimsIdentity.AddClaim(new Claim(ClaimTypes.NameIdentifier, "username"));
claimsIdentity.AddClaim(new Claim(ClaimTypes.GivenName, "FirstName"));
claimsIdentity.AddClaim(new Claim(ClaimTypes.Surname, "LastName"));

LoginResult login = new CustomLoginProvider(Handler).CreateLoginResult(claimsIdentity, "masterkey");

If I call another method with the returned authorization token and try to retrieve the GivenName or Surname claims, they aren't available.

var identity = (ClaimsIdentity)User.Identity;
// 'claim' will be null
Claim claim = identity.FindFirst(ClaimTypes.GivenName);

Is this expected behaviour or am I doing something wrong? I'm making an assumption that the Claims in the ClaimsIdentity object being sent to CreateLoginResult are being saved against that authenticated user.

Answer 1

The ClaimsIdentity passed into this method does not get used fully unless you act on it in an overload of CreateCredentials() . First you should create a child class of ProviderCredentials with the fields you want. CreateCredentials() will be called by CreateLoginResult() , and it will get the same ClaimsIdentity as a parameter.

The returned ProviderCredentials gets stored, and you can always retrieve it again in your server code with a call to ServiceUser.GetIdentitiesAsync() .