Enrich Your Claims When Customizing ASP.NET Identity User
ASP.NET Identity is a powerful replacement for the older (and weaker) membership system Episerver uses out-of-the-box.
One of the largest weaknesses with the old identity management framework, like Membership, was that it was too cumbersome to customize the storage. With the introduction of ASP.NET Identity a few years back, they’ve achieved a clear separation of the storage of the identity information (e.g. username, password, etc.) from the code that implements the security (e.g., password hashing, password validation, etc.).
This is achieved by placing all the account related data behind an interface, IUser, and the storage operations behind another interface, IUserStore. If we are to customize the definition of a user, like adding a new personal characteristic, we simply create a custom implementation of IUser and use it as part of your Startup (not covered with this blog-post).
Above introduces a new characteristic called AccessRight, which describes the do’s and don’ts for a given user. Relying on this information throughout our application, like in Episerver’s VirtualRoles, requires us to enrich the ClaimsIdentity with this new piece of information.
It somewhat speaks for itself! In order to register the new enrichment mechanism, you need to overwrite the ClaimsIdentityFactory property during the initialization of your UserManager.
manager.ClaimsIdentityFactory = new CustomizedClaimsIdentityFactory();
When you’re looking to leverage the new claims you’ve added, simply access the ClaimsIdentity and use the HasClaims method – here’s an example relying on Episerver’s VirtualRoles.