ClaimsPrincipal, ClaimsIdentity, Claims explained in dotnet authentication

claimsprincipal_dotnet
  • Authentication means identifying a subject (user, external application etc)
  • ASP.Net Core Identity is a framework that uses claims based authentication to authenticate users

Key concepts in Claims-based authentication

Claim

  • Claim is a statement about the subject (user) being authenticated
  • It is a key value pair (like username=John is a claim, email=john1543@gmail.com is a claim, userId=236 is a claim)
  • A claim can have an issuer (for example: userId=236 as per system, date of birth=1st-Jan-2006 as per Gmail; here system and Gmail are the issuers)

ClaimsIdentity

  • ClaimsIdentity is a collection of claims of the subject (user)
  • For example, driving license of a subject (user) can be a ClaimsIdentity that has claims like name, photo, date of birth, address etc. Passport can be a ClaimsIdentity that has claims like name, place of birth, photo, nationality, permanent address etc
  • ClaimsIdentity also has a string property called AuthenticationType which specifies how the ClaimsIdentity was authenticated for user.
    • For example, a Passport (ClaimsIdentity) can be authenticated by matching the user’s face. Here matching the user’s face is the AuthenticationType
    • In ASP.Net Core Identity, the AuthenticationType for a ClaimsIdentity can be Password, Windows authentication, Two Factor authentication, federated authentication etc.

ClaimsPrincipal

  • It represents the subject (like a user) which is being authenticated
  • It can have one or more ClaimsIdentities
  • For example, a person (ClaimsPrincipal) can have driving license (ClaimsIdentity), passport (ClaimsIdentity), Voter ID card (ClaimsIdentity)

Relation between ClaimsPrincipal, ClaimsIdentity, Claims

  • A person (ClaimsPrincipal) can have multiple ClaimsIdentities (like passport, driving license, Voter ID etc). Each ClaimsIdentity contains one or more claims about the user (like name, phone number, date of birth, nationality etc.)

image.png

image.png

  • User will login providing his subject id like username/email and completing the required login challenge like password, 2 factor etc.
  • User details will be retrieved from the users database and a ClaimsPrincipal will be created for the user
  • The ClaimsPrincipal will be encoded (in base64) and then encrypted and this content would be kept in a cookie
  • Every time the application is accessed, the ClaimsPrincipal will be retrieved from the cookie and user is authenticated (identified)

image.png

image.png

References

Location: Mumbai, Maharashtra, India

Comments

Post a Comment

Popular posts from this blog

Implicit usings, top level statements, file scoped namespaces in dotnet

implicit usings Implicit usings = no repeated using statement in all files With implicit usings feature in a C# project, common using statements are automatically added by the compiler in all the C# files. For example using System; statement is not required to run the dotnet console application as shown below Console . WriteLine ( "Hello World!" ) ; Additional implicit usings can be declared in a C# project with global usings statements in any one of the project’s C# files as shown below. global using Ardalis . GuardClauses ; global using MediatR ; global using Project2 . Utils ; Existing implicit usings can be removed or included in the .csproj file of the C# project as shown below < ItemGroup > < Using Remove = " System.Threading.Tasks " /> < Using Include = " System.Math " /> </ ItemGroup > The implicit usings added in a C# project is based on the project type as sh
Read more

Introduction to dotnet with a simple hello world example

Image
dotnet_intro Introduction to dotnet with a simple hello world example What is dotnet Dotnet is an ecosystem or a framework that consists of languages, runtime (CLR), common language infrastructure (CLI), base class libraries (BCL) CLR is like JVM for Java applications Where can dotnet run dotnet can run on multiple operating systems like windows, linux based systems, android, macOS Why use Dotnet Using Dotnet, we can create secure, cross-platform, enterprise grade, high performance, maintainable, reusable, testable, easily hostable web applications We can exploit the rich open source .NET ecosystem that has been around for decades and still actively maintained by community and Microsoft .NET uses C# language which is best for creating readable and maintainable code. C# is evolving faster to become more powerful due to open source community thereby increasing the developer friendliness and productivity Common Dotnet Frameworks Dotnet has framewo
Read more

Setup dotnet development in Visual Studio, dotnet CLI and VS code

Image
dotnet_setup Install dotnet Download and install dotnet sdk from https://dotnet.microsoft.com/en-us/download Verify dotnet version with the command dotnet --version Solution and Projects in dotnet Project is a C# application. It is defined by a .csproj file Solution is a collection of multiple projects. It is defined using a .sln file A simple C# solution folder structure can be as follows ConsoleAppSolution │ ConsoleAppSolution.sln │ ├───ConsoleApp1 │ ConsoleApp1.csproj │ Program.cs │ └───ConsoleApp2 ConsoleApp2.csproj Program.cs Development with Visual studio Download and install visual studio from https://visualstudio.microsoft.com/downloads/ Open Visual studio and select “Create New Project” Select project type as “Console Application” Enter the solution name and project name Select the dotnet version Now a solution is created in visual studio as shown below Development with dotnet CLI dotnet C
Read more