ClaimsAuthenticationManager Class

.NET Framework 4.5

Defines the base implementation for a claims authentication manager. The claims authentication manager provides a place in the claims processing pipeline for applying processing logic (filtering, validation, extension) to the claims collection in the incoming principal before execution reaches your application code.

System.Object
  System.Security.Claims.ClaimsAuthenticationManager

Namespace:  System.Security.Claims
Assembly:  System.IdentityModel (in System.IdentityModel.dll)

public class ClaimsAuthenticationManager : ICustomIdentityConfiguration

The ClaimsAuthenticationManager type exposes the following members.

  NameDescription
Public methodClaimsAuthenticationManagerInitializes a new instance of the ClaimsAuthenticationManager class.
Top

  NameDescription
Public methodAuthenticateWhen overridden in a derived class, returns a ClaimsPrincipal object consistent with the requirements of the RP application. The default implementation does not modify the incoming ClaimsPrincipal.
Public methodEquals(Object)Determines whether the specified object is equal to the current object. (Inherited from Object.)
Protected methodFinalizeAllows an object to try to free resources and perform other cleanup operations before it is reclaimed by garbage collection. (Inherited from Object.)
Public methodGetHashCodeServes as the default hash function. (Inherited from Object.)
Public methodGetTypeGets the Type of the current instance. (Inherited from Object.)
Public methodLoadCustomConfigurationWhen overridden in a derived class, loads custom configuration from XML.
Protected methodMemberwiseCloneCreates a shallow copy of the current Object. (Inherited from Object.)
Public methodToStringReturns a string that represents the current object. (Inherited from Object.)
Top

The claims authentication manager provides an extensibility point in the application’s claims processing pipeline that you can use to validate, filter, modify, incoming claims or inject new claims into the set of claims presented by a ClaimsPrincipal before the RP application code is executed. You can even return a custom implementation of ClaimsPrincipal if your RP application requires it. The default implementation provided by the ClaimsAuthenticationManager class returns the claims in the ClaimsPrincipal unmodified; however, you can derive from this class and override the Authenticate method to modify the claims in the ClaimsPrincipal (or to return a custom ClaimsPrincipal).

A typical reason for creating a custom claims authentication manager is to add, remove, or transform claims based on information that is only known by or is, perhaps, better maintained by the RP application. For example, a history of customer purchases in a shopping cart application might be kept in a data base maintained by the RP application and then added to the claims principal returned by the claims authentication manager based on the value of a name claim found in the incoming principal.

You can configure your application to use a ClaimsAuthenticationManager either programmatically by using the IdentityConfiguration class or in configuration through the <claimsAuthenticationManager> element (which is a child element of the <identityConfiguration> element). You can override the LoadCustomConfiguration method to provide processing for custom child elements of the <claimsAuthenticationManager> element through which your custom manager can be configured. The base implementation of ClaimsAuthenticationManager does not handle any child elements.

Configuring your application to use a claims authentication manager ensures that it will be invoked by Windows Identity Foundation (WIF) from the request pipeline.

The following code shows a simple claims authentication manager that adds a role claim to the incoming principal without performing any check on the incoming claims..

using System;
using System.Collections.Generic;
using System.Linq;
using System.Text;
using System.Threading.Tasks;

using System.Security.Claims;

namespace MyClaimsAuthenticationManager
{
    class SimpleClaimsAuthenticatonManager : ClaimsAuthenticationManager
    {
        public override ClaimsPrincipal Authenticate(string resourceName, ClaimsPrincipal incomingPrincipal)
        {
            if (incomingPrincipal != null && incomingPrincipal.Identity.IsAuthenticated == true)
            {
                ((ClaimsIdentity)incomingPrincipal.Identity).AddClaim(new Claim(ClaimTypes.Role, "User"));
            }
            return incomingPrincipal; 
        }
    }
}

The following XML shows the <claimsAuthenticationManager> element.

  <system.identityModel>
    <identityConfiguration>
      <claimsAuthenticationManager type="MyClaimsAuthenticationManager.SimpleClaimsAuthenticatonManager, MyClaimsAuthenticationManager" />
      
      ...
      
    </identityConfiguration>
  </system.identityModel>

.NET Framework

Supported in: 4.5

Windows 8.1, Windows Server 2012 R2, Windows 8, Windows Server 2012, Windows 7, Windows Vista SP2, Windows Server 2008 (Server Core Role not supported), Windows Server 2008 R2 (Server Core Role supported with SP1 or later; Itanium not supported)

The .NET Framework does not support all versions of every platform. For a list of the supported versions, see .NET Framework System Requirements.

Any public static (Shared in Visual Basic) members of this type are thread safe. Any instance members are not guaranteed to be thread safe.
Was this page helpful?
(1500 characters remaining)
Thank you for your feedback
Show:
© 2014 Microsoft