Confusion over LOCAL AUTHORITY claims and External Provider claims

Asked 26/2, 2015 at 16:44 Answered 31/10, 2018 at 0:34

asp.net facebook asp.net-web-api oauth-2.0 claims-based-identity

I am creating a simple WebApi which allows users to connect with Facebook. When I get the accessToken back from facebook, I am calling RegisterExternal to create an Asp.Net Identity record and store the Claims from the token. These claims also include the access token which I require to query the facebook graph later. All seems fine up to this point.

The issue I am having is reading the claims. I can see they are in my database I just cant figure out how to query this data. I have tried

var claimsIdentity = User.Identity as ClaimsIdentity;

But this returns me 2 claims for a) "http://schemas.xmlsoap.org/ws/2005/05/identity/claims/name" b) role

Both of these are of issuer LOCAL AUTHORITY (to be honest I am not sure when they are created as I am not explicitly adding these). So I believe their is either confusion on me saving the claims to the database agains the wrong type of issuer

await userManager.AddClaimAsync(user.Id, new Claim("urn:facebook:access_token", accessTokenClaim.Value, ClaimValueTypes.String, "LOCAL AUTHORITY"));

or my code for accessing the claims is incorrect.

Can anybody shed some light on this?

Ramrod answered 26/2, 2015 at 16:44 Comment(2)

Did you find out where the "LOCAL AUTHORITY" claims are coming from? – Baines 26/5, 2016 at 16:42

Nope. Still struggled with this and ended up creating my own properties against the member to hold some of this data instead – Ramrod 28/5, 2016 at 14:35

LOCAL_AUTHORITY is the default value for Issuer if it is not specified at creation of the Claim. For example: var claim = new Claim("LastName", "Timberlake","string", "http:/contoso.com/someissuername"); The last parameter in the above example is the issuer.

Henn answered 31/10, 2018 at 0:34 Comment(0)

When it comes to adding the claims to your Identity:

// Get the claims identity
    ClaimsIdentity claimsIdentity =
        await AuthenticationManager.GetExternalIdentityAsync(DefaultAuthenticationTypes.ExternalCookie);

    if (claimsIdentity != null)
    {
        // Retrieve the existing claims
        var currentClaims = await UserManager.GetClaimsAsync(user.Id);

        // Get the list of access token related claims from the identity
        var tokenClaims = claimsIdentity.Claims
            .Where(c => c.Type.StartsWith("urn:tokens:"));

        // Save the access token related claims
        foreach (var tokenClaim in tokenClaims)
        {
            if (!currentClaims.Contains(tokenClaim))
            {
                await UserManager.AddClaimAsync(user.Id, tokenClaim);
            }
        }
    }

To persist these claims to the database, you must call SignIn for the user:

// Sign in and redirect the user
    await SignInAsync(user, isPersistent: false);

To retrieve the claims later you simply use:

var claimsIdentity = HttpContext.User.Identity as ClaimsIdentity;
if (claimsIdentity != null)
   var claims = claimsIdentity.Claims;

This code is comprised of snippets from this article: http://www.jerriepelser.com/blog/get-the-twitter-profile-image-using-the-asp-net-identity

I'd recommend reading through it if you would like to see a full example. I have used the code in this article myself and it worked great in my project for both Twitter and Facebook external claims.

Hemelytron answered 9/6, 2015 at 17:24 Comment(0)

I had the same issue when I renamed identity cookie. So I had 2 different users in 2 cookies. After I deleted the old one issue is gone.

Assail answered 17/8, 2017 at 9:59 Comment(0)

Recommended topics

Hot tags