expressappframework-devexpress-dot-expressapp-dot-security-dot-authentication-dot-windowsactivedirectoryauthenticationproviderevents.md
Specifies a delegate method that allows you to customize the set of claims added to the authentication cookie.
Namespace : DevExpress.ExpressApp.Security.Authentication
Assembly : DevExpress.ExpressApp.Security.v25.2.dll
NuGet Package : DevExpress.ExpressApp.Security
public Action<WindowsPrincipalCustomizeClaimContext> OnCustomizeClaims { get; set; }
Public Property OnCustomizeClaims As Action(Of WindowsPrincipalCustomizeClaimContext)
| Type | Description |
|---|---|
| Action<DevExpress.ExpressApp.Security.WindowsPrincipalCustomizeClaimContext> |
A delegate method that takes a context object as an argument.
|
Use this property in an ASP.NET Core Blazor application to customize claims added to the authentication cookie when Active Directory authentication is used as an optional authentication method.
Note
When Active Directory authentication is used as the default authentication method, the client passes user identity information to the server with each request. In this instance, an authentication cookie is not used, so the OnCustomizeClaims delegate method is never called.
The specified delegate method is called after the user authentication succeeds and before the authentication cookie is issued. In the delegate method, you can customize the list of claims added to the cookie. You can also access the principal object and copy the required claims from it.
To keep the cookie small, only the claims of the following types are copied from the principal object (the default setting):
ClaimTypes.NameClaimTypes.NameIdentifierThe code sample below demonstrates how to add a claim of the ClaimTypes.PrimaryGroupSid type to the authentication cookie.
File: MySolution.WebApi\startup.cs (MySolution.Blazor.Server\startup.cs)
using System.Security.Claims;
// ...
services.AddXaf(Configuration, builder => {
// ...
builder.Security
.AddWindowsAuthentication(options => {
options.CreateUserAutomatically();
options.Events.OnCustomizeClaims = context => {
Claim primaryGroupSid = context.Principal.Claims.First(claim => claim.Type == ClaimTypes.PrimaryGroupSid);
context.Claims.Add(primaryGroupSid);
};
});
// ...
});
You can use one of the following techniques to access claims from an ASP.NET Core Blazor application’s code at runtime:
DevExpress.ExpressApp.Security.IPrincipalProvider service’s User.Claims property.User.Claims property. In middleware, use the HttpContext’s context.User.Claims property.The code sample below demonstrates how to implement a custom Controller that injects the IPrincipalProvider service and uses it to access claims:
File: MySolution.Blazor.Server\Controllers\MyController.cs
using System.Security.Claims;
using DevExpress.ExpressApp;
using DevExpress.ExpressApp.Security;
namespace MainDemo.Blazor.Server.Controllers {
public class MyController : ViewController {
readonly IPrincipalProvider principalProvider;
public MyController() { }
[ActivatorUtilitiesConstructor]
public MyController(IServiceProvider serviceProvider) : this() {
principalProvider = serviceProvider.GetRequiredService<IPrincipalProvider>();
var _claimsPrincipal = (ClaimsPrincipal)principalProvider.User;
var customClaim = _claimsPrincipal.FindFirst(c => c.Type == "CustomClaim");
if(customClaim != null && customClaim.Value == "ClaimValue") {
Active.SetItemValue("CustomClaim", false);
}
}
}
}
See Also
Authentication System Architecture (Blazor)
WindowsActiveDirectoryAuthenticationProviderEvents Class