Intercepting additional Claims from Authentication Token

Karon Cano asked on February 5, 2019 13:23

Is it possible to interact with an authentication token to extract other claims sent, for example, the incoming claim will contain Name, E-mail, Role (role is the AD- Department) the idea is then to map this role to the users role within the kentico user profile to be able to use it for authorization. I understand that the role must pre-exist within the roles

Correct Answer

Eric Dugre answered on February 5, 2019 13:50

Doing so requires creating custom claims-based authentication via the SecurityEvents.Authenticate handler: https://docs.kentico.com/k12/custom-development/handling-global-events/reference-global-system-events#Reference-Globalsystemevents-SecurityEvents. In the handler, you can get the claims token from the request (I believe it's available at HttpContext.Current.Request.Form["wresult"]) and parse the token for any information needed.

You will need to decode the token, then create a new XmlDocument to easily read from it. With this information, you can set values on the e.User object, add the user to roles, etc.

2 votesVote for this answer Unmark Correct answer

Recent Answers

Karon Cano answered on February 14, 2019 11:41

Eric, this worked perfectly, thank you very much for your quick reply

0 votesVote for this answer Mark as a Correct answer

   Please, sign in to be able to submit a new answer.