Token through to Page.User
I am building my own demo site based on the JulyCTP samples of "intro to CardSpace with IE7" and "decrypting a security token". Things are going well.
I was wondering about the best way to get the Token attached to the Page.User so I can utilize the authentication and authorization tools of the rest of the framework.
I see there is a call to EndpointIdentity.CreateIdentity in the TokenHelper class. Is there someway to get that into an IPrincipal? How would that be done so it automatically assigned the IPrincipal for all Page.User's of all the web pages?
Thanks!
Noremac
[627 byte] By [
Noremac] at [2008-2-14]
This is what I have so far...
I am trying to create a realistic demo app. Using ASP.NET 2.0, I have setup a MasterPage. I setup Default, Login and View as ContentPages.
I turned on Forms Authentication in web.config.
Based on the sample2.htm, form Login.aspx gets the SAML token from the client's InfoCard. On the 'CardSpace Login' button postback, I use the TokenHelper to parse the token. I then make various calls to Forms Authentication apis (I've been trying to figure out the right combination).
I can get a generic principal created from the calls to RedirectFromLoginPage and using the tokenHelper.GetClaim(ClaimTypes.GivenName) as the user name. Then the various ASP.NET web controls like LoginView, LoginStatus and LoginName can see it.
What I am missing is that I would like that principal to be a custom principal object that carries the other claims of the user as well. I would like to see CustomPrincipal.Email, .PPID, etc.
Now my understanding in creating a custom principal object and assigning it to HttpContext and Thread is to do that on the Global.Application_PostAuthenticateRequest. The problem I am having is getting that token string from login.aspx over to that event. The Request object passed to PostAuthenticateRequest is not of the Login page so I cannot get to the page's token variable. I assigned the token to a session variable in Login but the HttpContext.Current.Session is always null.
I tried creating my own auth ticket in the login page. My thought was to assign the token to the userData property. But the token must be too big or encoded differently because the ticket comes back null from the call to "new FormsAuthenticationTicket(...)". If I pass in "hello" instead the ticket is created correctly.
So I went back to the session variable. I now have my custom principal hold a property of Token and make a call to the session["userToken"] the first time it's accessed.
So it now works when I click on the View page after logging in. The view page grabs Page.User, casts it as CustomPrincipal and grabs the Token property (which inturn calls the Session["userToken"] property).
The View page instantiates the tokenHelper object and extracts the claims with calls to GetClaim. The next step here being to move the TokenHelper calls to be wrapped by properties of the CustomPrincipal class.
Seems a bit clunky but it was the only solution my brain could fashion. I wonder how this will look on Monday?
Noremac.
You can get to the token in the pipeline. Try to use Context.Handler (which is of type Page when you post back) - from there you can get to the form fields.
You can then use the claim information to create a custom Principal and set Context.User and Thread.CurrentPrincipal.
If you also want to change Context.User.Identity - you should rather handle AuthenticateRequest.
http://www.leastprivilege.com/AuthenticateRequestVsPostAuthenticateRequest.aspx
Dominick Baier (DevelopMentor)
www.leastprivilege.com
