Friday, November 23, 2012

.NET 4.5 Authentication and Authorization Trick question

I love the new ClaimsIdentity and ClaimsPrincipal classes added into .NET 4.5 : http://msdn.microsoft.com/en-us/library/hh873305.aspx

Using federated security used to require somewhat configuration in WCF with its SecurityContext handling : http://msdn.microsoft.com/en-us/library/ms731814.aspx and it was not integrated into the IIdentity and IPrincipal classes that come as a part of the .net core framework. Its nice to see these merge up.

That said. Here is a gotcha. Guess the output of this :


If you use GenericIdentity it is Authenticated by default. Whereas with Claims you can have users that are not authenticated! Here is the output:
This is actually more intuitive since we should be able to claim things about anonymous users. The moment you specify an authentication type for Claims Identity the user becomes authenticated.

Enjoy the new features.