Wednesday, March 13, 2013

First Claims Aware Application - Windows Identify Foundation

This is the second post of our discussion about Windows Identity Foundation (WIF). You can find the first post here. If you don't have time to go through the first post, then at least go through the section about installing Identity and Access Visual Studio extension in Visual Studio 2012.

Windows Identity Foundation has totally changed the way we think about security in our enterprise software design now. Prior to this, the approaches to security implementation were application specific. Each new application would implement security differently. In an enterprise with greater focus on enterprise harmony, it would be application types specific. So there would be different security implementation for asp.net based web applications (asp.net roles), different for WCF services (ServiceSecurityContext based). This has changed with WIF in the ways discussed in the previous post.

In the previous post, we have seen that security has been implemented from the ground up in .net framework. WindowsIdentity and WindowsPrincipal have also been updated. They now inherit from ClaimsIdentiy and ClaimsPrincipal respectively. Before .net framework 4.5, they are directly inherited from System.Object. In this post we are going to see how the claims are incorporated in the identity of a logged in account. We will be creating a very simple WPF application and would look at how claims are associated with the identity of a logged in user. In no way, this is an example of federated security. We just want to see how claims and identity gel together.





Let's create a WPF application project FirstClaimsApp. We are targeting it to .net framework 4.5.



Now let's add a reference of System.IdentityModel assembly as follows:



Let's update MainWindow.xaml so that it has a title and a data grid. In the title, we can display a banner text. In the grid, we can show the list of claims for the current logged in user's identity. Let's update the code as follows:


The view is directly creating a new instance of MainViewModel from the same namespace and adding it to the DataContext property. The view model is expected to have an AppTitle property to be assigned to the application title. It should also have a collection UserClaims with properties including ClaimType, Resource and Rights.

As used in the view model above, MainModel should just have one method, GetCurrentUserSecurityClaims. This method should return the collection of user claims of the current logged-in user. It should return the collection of Tuple<string, string, string>.


Here WindowsClaimSet is used to get the list of claims from WindowsIdentity object.



UserClaim can be simply defined as follows:


The list of claims in WindowsIdentity for current logged-in user are as follows:



These are mostly SIDs for the windows groups for the user which can be translated into their respective NT Account name.

Download Code

No comments: