I am using Identityserver3 as the authorization server for an MVC application. Therefore, my Startup
class is like this:
public void Configuration(IAppBuilder app)
{
app.UseExternalSignInCookie();
JwtSecurityTokenHandler.InboundClaimTypeMap = new Dictionary<string, string>();
app.UseCookieAuthentication(new CookieAuthenticationOptions
{
AuthenticationType = "Cookies"
});
app.UseOpenIdConnectAuthentication(new OpenIdConnectAuthenticationOptions
{
Authority = "http://localhost:5000/",
ClientId = "mvc",
RedirectUri = "http://localhost:12262/",
ResponseType = "id_token",
UseTokenLifetime = false,
SignInAsAuthenticationType = "Cookies"
});
}
This is my IdentityUser
subclass:
public class ApplicationUser : IdentityUser
{
public async Task<ClaimsIdentity> GenerateUserIdentityAsync(UserManager<ApplicationUser> manager)
{
var userIdentity = await manager.CreateIdentityAsync(this, DefaultAuthenticationTypes.ApplicationCookie);
userIdentity.AddClaim(new Claim("http://schemas.xmlsoap.org/ws/2005/05/identity/claims/nameidentifier", this.Email));
userIdentity.AddClaim(
new Claim("http://schemas.microsoft.com/accesscontrolservice/2010/07/claims/identityprovider",
this.Email));
return userIdentity;
}
public UserType UserType { get; set; }
....
}
This is my Global.asax.cs
:
protected void Application_Start()
{
AreaRegistration.RegisterAllAreas();
FilterConfig.RegisterGlobalFilters(GlobalFilters.Filters);
RouteConfig.RegisterRoutes(RouteTable.Routes);
BundleConfig.RegisterBundles(BundleTable.Bundles);
AntiForgeryConfig.UniqueClaimTypeIdentifier = ClaimTypes.NameIdentifier;
}
But in my Account/Register
view at the line containing @Html.AntiForgeryToken()
I receive this error:
A claim of type
'http://schemas.xmlsoap.org/ws/2005/05/identity/claims/nameidentifier' was not present on the provided ClaimsIdentity.
I have seen some questions on SO with the similar problem (maybe not using Identityserver3 anywhere) but their solutions seems not to work, at least the way I'm using them.
IMHO I believe the problem is that the claims is not added in the right place. But to confirm this I need some feedback. Are you using Microsoft.AspNet.Identity* (NuGet packages) in connection with Identity Server? Are you creating the users by code or reading from Database?
For example I used AspNet.Identity with IdentityServer3 and to add a claims for each user you can modify the user service GetClaimsFromAccount method like the folllowing:
Notice that identityServer3.core comes with constants containing the claims type (Constants.Claimtypes.Email).
Hope this helps a little :)