Represents a single claim for a user.
Assembly: Microsoft.IdentityModel (in Microsoft.IdentityModel.dll)
A claim describes a property of a subject as observed by or attested to by an issuer, such as a Secure Token Service (STS). Examples include group or role membership, or age and geographic references. A claim can be evaluated to determine access rights to data and other secured resources during the process of authorization. In Windows® Identity Foundation (WIF) a claim is represented by the Claim class or by objects derived from this class.
The Claim class contains several important properties:
The ClaimType property is a string (typically a URI) that contains the semantic information about the claim; it tells you what the value of the claim means. The claim type is extensible. It can be one of the well-known claim types defined in the ClaimTypes class, or it can be a URI that you define for your application and that you and the claims issuer agree upon. For example, a claim with a claim type of ClaimTypes.GivenName (“http://schemas.xmlsoap.org/ws/2005/05/identity/claims/givenname”) represents a user’s first name. This claim type was defined by Microsoft for use with CardSpace. A claim type of “urn:role” might be your own simple representation of a role.
The Value property contains the value of the claim. In order to reduce dependencies and simplify administration, in WIF the value of a claim is represented only as a string. For more complicated value types, it is recommended that you use standard XML schema types to serialize the value into a string.
The ValueType property contains a string that identifies the type information of the value. This property can be used to understand the format of the value and enables deserialization. It is recommended that if you define claims for your application that you use standard XML schema types for this property.
The Subject property is an IClaimsIdentity object that represents the subject of the claim. The subject of the claim is the identity, entity, or user (in this context the terms are interchangeable) about which the claim is asserted.
The Issuer property contains the name of the entity that issued the claim. This is typically an STS. An RP or an STS uses its configured Issuer Name service (represented by a class derived from the IssuerNameRegistry class) to map the issuer name to a certificate or other identifier for the issuing entity. This name may be mapped again by the claims authentication manager (represented by the ClaimsAuthenticationManager class or a class derived from it) if one is configured.
The OriginalIssuer property contains the name of the entity that originally issued the claim. This property is designed to facilitate scenarios where a claim may pass through multiple issuers (STSs) before it is presented by the client to the RP application; such as federation scenarios. You can examine the OriginalIssuer property to determine the entity that originally issued the claim.
The Claim class plays a central role in WIF. For more information on claims and how claims are extracted from security tokens, see What is Windows Identity Foundation?
Target PlatformsWindows 7, Windows Server 2008 R2, Windows Vista SP2, Windows Server 2008 SP2, Windows Server 2003 SP2 (32-bit or 64-bit)
Copyright © 2008 by Microsoft Corporation. All rights reserved.