I am making a developer tool for impersonating Roles
for an intranet site to allow developers to quickly act as any Role
as needed. Roles defined are Developer, Team Lead, Team Member, Engineering, Marketing, Guest
and a tool on the web page makes a call to a Web Api to add or remove the Claim
... well I can add but can't seem to find out where the .RemoveClaim(claim)
or .TryRemoveClaim(claim)
can be accessed to get this working. Do I have to create a custom claims manager to get this functionality or am I missing something?
I have been looking at System.Security.Claims and almost everything else seems to work very straightforward and there is no reference as to needing extensive work to do what I need.
I am using VS 2013/Web Api2 with .NET 4.5.1.
The website side just uses a simple ajax call to PUT
and DELETE
functionality till I get this to work the way I want. From the Controller, my cs code is as:
public void Put(int id, [FromBody]string role)
{
if (FindClaim(role) != null) return;
var user = HttpContext.Current.User as ClaimsPrincipal;
if (user == null) return;
var claimId = new ClaimsIdentity();
claimId.AddClaim(new Claim(ClaimTypes.Role, role));
user.AddIdentity(claimId);
}
// DELETE api/devroleadjuster/5
public void Delete(int id, [FromBody]string role)
{
var claim = FindClaim(role);
if (claim == null) return;
var user = HttpContext.Current.User as ClaimsPrincipal;
if (user == null) return;
// Why can't I do this????
user.RemoveClaim(claim);
}
private Claim FindClaim(string role)
{
try
{
var user = HttpContext.Current.User as ClaimsPrincipal;
var claim = (from c in user.Claims
where c.Value == role
select c).Single();
return claim;
}
catch (InvalidOperationException)
{
return null;
}
}
The Put
works just fine, the problem is with the Delete
portion of my code... I want to use the user.RemoveClaim(claim);
code or something like it... I can't see why I can't according to MSDN, and I can't find any example code for removing a claim.
You should use identity to add or remove a claim. Try this to add a claim.
var user = User as ClaimsPrincipal;
var identity = user.Identity as ClaimsIdentity;
identity.AddClaim(new Claim(ClaimTypes.Role, "somenewrole"));
To remove a claim,
var user = User as ClaimsPrincipal;
var identity = user.Identity as ClaimsIdentity;
var claim = (from c in user.Claims
where c.Value == "somenewrole"
select c).Single();
identity.RemoveClaim(claim);
BTW, it is better to use User
from your controller instead of HttpContext.Current.User
.