Friday, November 23, 2012

.NET 4.5 Authentication and Authorization Trick question

I love the new ClaimsIdentity and ClaimsPrincipal classes added into .NET 4.5 :

Using federated security used to require somewhat configuration in WCF with its SecurityContext handling : and it was not integrated into the IIdentity and IPrincipal classes that come as a part of the .net core framework. Its nice to see these merge up.

That said. Here is a gotcha. Guess the output of this :

If you use GenericIdentity it is Authenticated by default. Whereas with Claims you can have users that are not authenticated! Here is the output:
This is actually more intuitive since we should be able to claim things about anonymous users. The moment you specify an authentication type for Claims Identity the user becomes authenticated.

Enjoy the new features.