Claim Class

Claim Class

.NET Framework (current version)
 

Represents a claim.

Namespace:   System.Security.Claims
Assembly:  mscorlib (in mscorlib.dll)

System.Object
  System.Security.Claims.Claim

[SerializableAttribute]
public class Claim

NameDescription
System_CAPS_pubmethodClaim(BinaryReader)

System_CAPS_pubmethodClaim(BinaryReader, ClaimsIdentity)

Initializes a new instance of the Claim class with the specified reader, and subject.

System_CAPS_protmethodClaim(Claim)

Initializes a new instance of the Claim class.

System_CAPS_protmethodClaim(Claim, ClaimsIdentity)

Initializes a new instance of the Claim class with the specified security claim, and subject.

System_CAPS_pubmethodClaim(String, String)

Initializes a new instance of the Claim class with the specified claim type, and value.

System_CAPS_pubmethodClaim(String, String, String)

Initializes a new instance of the Claim class with the specified claim type, value, and value type.

System_CAPS_pubmethodClaim(String, String, String, String)

Initializes a new instance of the Claim class with the specified claim type, value, value type, and issuer.

System_CAPS_pubmethodClaim(String, String, String, String, String)

Initializes a new instance of the Claim class with the specified claim type, value, value type, issuer, and original issuer.

System_CAPS_pubmethodClaim(String, String, String, String, String, ClaimsIdentity)

Initializes a new instance of the Claim class with the specified claim type, value, value type, issuer, original issuer and subject.

NameDescription
System_CAPS_protpropertyCustomSerializationData

System_CAPS_pubpropertyIssuer

Gets the issuer of the claim.

System_CAPS_pubpropertyOriginalIssuer

Gets the original issuer of the claim.

System_CAPS_pubpropertyProperties

Gets a dictionary that contains additional properties associated with this claim.

System_CAPS_pubpropertySubject

Gets the subject of the claim.

System_CAPS_pubpropertyType

Gets the claim type of the claim.

System_CAPS_pubpropertyValue

Gets the value of the claim.

System_CAPS_pubpropertyValueType

Gets the value type of the claim.

NameDescription
System_CAPS_pubmethodClone()

Returns a new Claim object copied from this object. The new claim does not have a subject.

System_CAPS_pubmethodClone(ClaimsIdentity)

Returns a new Claim object copied from this object. The subject of the new claim is set to the specified ClaimsIdentity.

System_CAPS_pubmethodEquals(Object)

Determines whether the specified object is equal to the current object.(Inherited from Object.)

System_CAPS_protmethodFinalize()

Allows an object to try to free resources and perform other cleanup operations before it is reclaimed by garbage collection.(Inherited from Object.)

System_CAPS_pubmethodGetHashCode()

Serves as the default hash function. (Inherited from Object.)

System_CAPS_pubmethodGetType()

Gets the Type of the current instance.(Inherited from Object.)

System_CAPS_protmethodMemberwiseClone()

Creates a shallow copy of the current Object.(Inherited from Object.)

System_CAPS_pubmethodToString()

Returns a string representation of this Claim object.(Overrides Object.ToString().)

System_CAPS_pubmethodWriteTo(BinaryWriter)

System_CAPS_protmethodWriteTo(BinaryWriter, Byte[])

Writes this Claim to the writer.

A claim is a statement about a subject by an issuer. Claims represent attributes of the subject that are useful in the context of authentication and authorization operations. Subjects and issuers are both entities that are part of an identity scenario. Some typical examples of a subject are: a user, an application or service, a device, or a computer. Some typical examples of an issuer are: the operating system, an application. a service, a role provider, an identity provider, or a federation provider. An issuer delivers claims by issuing security tokens, typically through a Security Token Service (STS). (In WIF, you can build an STS by deriving from the SecurityTokenService class.) On occasion, the collection of claims received from an issuer can be extended by subject attributes stored directly at the resource. A claim can be evaluated to determine access rights to data and other secured resources during the process of authorization and can also be used to make or express authentication decisions about a subject.

Beginning with .NET 4.5, the Windows Identity Foundation (WIF) classes, which implement claims-based identity, have been fully integrated into the .NET Framework. The claims concept is implemented by the Claim class.

The following describes important properties of the Claim class:

  • The Type property is a string (typically a URI) that contains the semantic information about the claim; it tells you what the value of the claim means. For example, a claim with a claim type of GivenName (“http://schemas.xmlsoap.org/ws/2005/05/identity/claims/givenname”) represents a user’s first name. The value of the Type property can be one of the well-known claim types defined in the ClaimTypes class, or it can be an arbitrary URI as defined by the issuer. For example, a claim type of “urn:spendinglimit” might represent a user attribute which makes sense within the business context of the issuer.

  • The Value property contains the value of the claim. In order to reduce dependencies and simplify administration, in WIF the value of a claim is represented only as a string. For more complex value types, it is recommended that you use standard XML schema types to indicate how the value is meant to be serialized into and deserialized from a string.

  • The ValueType property contains a string that identifies the type information for the value. This property should be used to understand the format of the value and to provide information about how to deserialize it. If your solution requires complex value types, it is recommended that you use standard XML schema types in the ValueType property to indicate how the Value property is meant to be serialized into and deserialized from a string.

  • The Subject property is a ClaimsIdentity object that represents the subject of the claim. The subject of the claim is the entity (typically the user who is requesting access to a resource) about which the claim is asserted. The ClaimsIdentity contains, among its properties, a collection of claims that describe the properties and attributes of the subject as attested to by one or more issuers.

  • The Issuer property contains the name of the entity that issued the claim. The issuer of a claim is represented in WIF by a string that contains a name taken from a list of well-known issuers that is maintained by the issuer name registry. The issuer name registry is an instance of a class that derives from the IssuerNameRegistry class. The issuer name registry associates a mnemonic name to the cryptographic material needed to verify the signatures of tokens produced by the corresponding issuer. For example, the ConfigurationBasedIssuerNameRegistry class, available out of the box with .NET 4.5, associates the mnemonic name for each issuer with its corresponding X.509 certificate. The list of well-known issuers is typically built at startup time by the issuer name registry. The list used by the ConfigurationBasedIssuerNameRegistry is specified in the application configuration file.

  • The OriginalIssuer property contains the name of the entity that originally issued the claim. This property is designed to facilitate scenarios where a claim may pass through multiple issuers before it is presented by the client to the RP application; such as federation scenarios. You can examine the OriginalIssuer property to determine the entity that originally issued the claim. The name is taken from the list of well-known issuers maintained by the issuer name registry, as in the case of the Issuer property.

The following example extracts the claims associated to the authenticated user performing an HTTP request and writes them in the HTTP response. The current user is read from the HttpContext as a ClaimsPrincipal and the claims are read from it. The claims are then written to HTTP the response.

ClaimsPrincipal principal = HttpContext.Current.User as ClaimsPrincipal;
if (null != principal)
{
   foreach (Claim claim in principal.Claims)
   {
      Response.Write("CLAIM TYPE: " + claim.Type + "; CLAIM VALUE: " + claim.Value + "</br>");
   }

}

Universal Windows Platform
Available since 10
.NET Framework
Available since 4.5

Any public static (Shared in Visual Basic) members of this type are thread safe. Any instance members are not guaranteed to be thread safe.

Return to top
Show:
© 2016 Microsoft