Implementing Claims

Jan 26, 2009 at 9:18 PM
Hello to all,
I am trying out the STS with another sample site from Microsoft. Now, this sample requires that the card I send has, except the e-mail, the givenname and surname claims. I already implemented the support for these claims in the STSConfiguration (in App.config) under <supportedClaims>. I have, however, two problems:
  1. How to implement these properties in the Membership database? Do I use the Profile table and enter pairs PropertyName & PropertyValue for each user?
  2. Where do I need to insert the code in the STS so it attaches these claims to the RSTR? As much as I can see, in this moment it only returns the e-mail of a user (also, is there any special code for this, or it attaches the e-mail by default?)
Thanks in forward,
Jan 27, 2009 at 6:58 AM
Yes you can use the profile functionality of the Membership database, there's no other way to do it if you want to stay within built-in ASP.NET functionality as the membership database itself will only support an email claim (plus a PPID, but that's generated)

So configure your profile database up under ASP.NET and add your profile information.

Then to serve the claims you need to implement your own AuthorisationPolicyProvider. There's a sample claims provider in the SampleProviders project. At a minimum you will need to change GetClaims - the sample provider is a good starting point as it will issue a card reference using the membership ID from the membership database and take care of authentication as well; you will just need to add the functionality to pull profile information into GetClaims, you can see the code already resolves a card identifier into a MembershipUser

Ideally you'd also implement AuthorisedToUseCardId() and have a profile entry which is true/false if you want to limit only certain entries to having cards.