I'm writing an ASP.Net Core Web Application and using UseOpenIdConnectAuthentication
to connect it to IdentityServer3. Emulating their ASP.Net MVC 5 sample I'm trying to transform the claims received back from Identity Server to remove the "low level protocol claims that are certainly not needed." In MVC 5 they add a handler for the SecurityTokenValidated Notification that swaps out the AuthenticationTicket
for one with just the required claims.
In ASP.Net Core, to do the equivalent, I thought that I would need to handle the OnTokenValidated
in the OpenIdConnectEvents
. However, at that stage it doesn't appear that the additional scope information has been retrieved. If I handle the OnUserInformationReceived
, the extra information is present, but stored on the User rather than the principal.
None of the other events seem like the obvious place to permanently remove the claims I'm not interested in retaining after authentication has completed. Any suggestions gratefully received!
You can implement
OnSigningIn
event ofSignInScheme
. Here is an example:Thank you Adem for your reply... it solved the vast majority of the problem... the only issue being that identity.Claim is a read only property. I found creating a new Principal did work though:
Whether this is the correct approach I'm not sure, but it appears to work.
I personally prefer to do the claims transformation in the middleware where the actual authentication happens.
You can use the OnTicketReceived event on the OIDC middleware for that.
I like LeastPrivilege's suggestion to transform earlier in the process. The code provided doesn't quite work. This version does:
This replaces the
Principal
rather than theTicket
. You can use the code from my other answer to create the newPrincipal
. You can also replace theTicket
at the same time but I'm not sure it is necessary.So thank you to LeastPrivilege and Adem for suggesting ways that pretty much answered my question... just the code needed slight adjustments. Overall, I prefer LeastPrivilege's suggestion of transforming claims early.