IClaimsIdentity Interface

Windows Identity Foundation
[Starting with the .NET Framework 4.5, Windows Identity Foundation (WIF) has been fully integrated into the .NET Framework. The version of WIF addressed by this topic, WIF 3.5, is deprecated and should only be used when developing against the .NET Framework 3.5 SP1 or the .NET Framework 4. For more information about WIF in the .NET Framework 4.5, also known as WIF 4.5, see the Windows Identity Foundation documentation in the .NET Framework 4.5 Development Guide.]

Defines the data and behavior of a claims-based representation of a single user.

Namespace: Microsoft.IdentityModel.Claims
Assembly: Microsoft.IdentityModel (in Microsoft.IdentityModel.dll)

Dim instance As IClaimsIdentity

public interface IClaimsIdentity : IIdentity
public interface IClaimsIdentity extends IIdentity
public interface IClaimsIdentity extends IIdentity

This interface extends the IIdentity interface to incorporate functionality needed to implement claims-based identity. It defines the basic functionality required for an object model representation of a user, service, or other identity that participates in a Windows® Identity Foundation (WIF) application. All classes that represent an identity in WIF must implement the IClaimsIdentity interface. Some examples are ClaimsIdentity, WindowsClaimsIdentity, and RsaClaimsIdentity. It is recommended that the IClaimsIdentity interface be used to access the methods and properties of claims-based identity objects rather than using the properties and methods of those objects directly.

In addition to the information about an identity exposed by the IIdentity interface, objects that implement IClaimsIdentity can expose much richer information about an identity through the claims contained in the Claims property. For example, the email address of a user could be one such claim. In fact, an identity in a claims-based system is largely defined by the collection of assertions (claims) that one or more issuers has made about it. In WIF, the claims contained in IClaimsIdentity objects (typically accessed through IClaimsPrincipal objects) are used to make decisions about authorization and authentication; as well as to provide information about an entity that vastly exceeds the capability of role-based access models. For an example of how to access claims through an IClaimsIdentity object in an RP application, see IClaimsPrincipal.

The IClaimsIdentity interface extends both the IClaimsIdentity.Name property and the IClaimsPrincipal.IsInRole method to the claims-based model by providing the NameClaimType and RoleClaimType properties. These properties enable you to specify a claim type that should be used to evaluate the claims contained by the identity when performing these operations.

Delegation scenarios are supported through the Actor and BootstrapToken properties. For more information, see Identity Delegation Scenario.


Target Platforms

Windows 7, Windows Server 2008 R2, Windows Vista SP2, Windows Server 2008 SP2, Windows Server 2003 SP2 (32-bit or 64-bit)

Copyright © 2008 by Microsoft Corporation. All rights reserved.

Community Additions