Claims need to be added before doing the SignIn of the user, and should be added to the ClaimsIdentity
object that is created to effect that SignIn .
>
You must have a class that inherits from IdentityUser
and is used with identity classes, probably something like ApplicationUser
, containing the following method:
public async Task<ClaimsIdentity> GenerateUserIdentityAsync(UserManager<ApplicationUser> manager)
{
var userIdentity = await manager.CreateIdentityAsync(this, DefaultAuthenticationTypes.ApplicationCookie);
// aqui você adiciona tuas claims
userIdentity.AddClaim(new Claim(ClaimTypes.Role, "Adm"));
userIdentity.AddClaim(new Claim(ClaimTypes.GivenName, "Teste"));
userIdentity.AddClaim(new Claim(ClaimTypes.Sid, this.userID));
return userIdentity;
}
This is the ideal place for you to add your claims.
Explanation
I honestly find these tutorials out there complicated and incomplete, I will try to detail without complicating so much (I hope so). Identity works with a number of classes, such as:
SignInManager
UserManager
UserStore
IdentityUser
IdentityRole
etc ...
If you have not changed much of the default template, there in the App_Start folder you should have a IdentityConfig.cs
file where you will find a ApplicationSignInManager
class (inheriting from SignInManager<ApplicationUser, string>
). This is the class that is used to perform the SignIn of users, and has different forms of login: PasswordSignInAsync()
(which is the one you use in your example), SignInAsync()
, ExternalSignInAsync()
,% with%.
Anyway, all of them will at some point need to create the user's identity, which is an object of type TwoFactorSignInAsync()
. For this, during the SignIn process (regardless of which method has been used), the ClaimsIdentity
method of this class will be called. You should note that this CreateUserIdentityAsync
class overrides this method with the following implementation:
public override Task<ClaimsIdentity> CreateUserIdentityAsync(ApplicationUser user)
{
return user.GenerateUserIdentityAsync((UserManager)UserManager);
}
That is, it calls this method ApplicationSignInManager
of your user, which is some class that inherits from GenerateUserIdentityAsync
. This method must create and return an object of type IdentityUser
that will be used in the process of SignIn .
So this method is the ideal place for creating your customized claims, as I see it. In addition, you should note that in the ClaimsIdentity
file in that same folder, it has the following code:
app.UseCookieAuthentication(new CookieAuthenticationOptions
{
AuthenticationType = DefaultAuthenticationTypes.ApplicationCookie,
LoginPath = new PathString("/Account/Login"),
Provider = new CookieAuthenticationProvider
{
// Enables the application to validate the security stamp when the user logs in.
// This is a security feature which is used when you change a password or add an external login to your account.
OnValidateIdentity = SecurityStampValidator.OnValidateIdentity<UserManager, ApplicationUser>(
validateInterval: TimeSpan.FromMinutes(30),
regenerateIdentity: (manager, user) => user.GenerateUserIdentityAsync(manager))
}
});
Basically, this setting causes identity to every "x" minute (in this case 30) to revalidate its user identity by executing the method contained in the lambda expression, in which case the same Startup.Auth.cs
of your user. By creating your claims within this method, you guarantee that they will remain even after that period in which the identity revalidates the user.