Adding & Managing Claims in ASP.NET Core Identity

In this tutorial, we will show you how to add Claims in ASP.NET Core Identity. The Claim is a piece of information about the user. A User can have multiple claims. A Single claim can also have multiple values. The Identity API stores the Claims in the AspNetUserClaims (Entity name is IdentityUserClaim) table. The User Manager Class of Identity API Provides the methods like AddClaimAsync, ReplaceClaimAsync & RemoveClaimAsync, which we will use to add/remove claims.

Create Project

In the last tutorial, we created AuthzExample project to show how to use Authorize Attribute in MVC Controller & Razor Pages. We continue from where we left in that project and show you how to use the AddClaimAsyncReplaceClaimAsync & RemoveClaimAsync to manage claims.

Adding Users Form

Go to Areas/Identity/Pages folder. Create a new folder Admin

Right-click on the Admin folder and click on Add new Scaffolded Item. Select Razor Pages Empty Template. Name the Template as Users

The Users page retrieves the list of users and displays them.

Areas/Identity/Pages/Admin/Users.cshtml.cs

Areas/Identity/Pages/Admin/Users.cshtml

Add the menu link to the Users Page in the Layout Page.

Views/Shared/_Layout.cshtml

Now, run the App. Register a few users. Under the user’s menu, you should be able to see all the registered users.

Claims

Before adding claims, we need to define the Claim Types. Create ApplicationClaimTypes.cs under the folder Data

Data/ApplicationClaimTypes.cs

Adding/Deleting/Updating Claims

Go to Areas/Identity/Pages folder. Create _ViewImports.cshtml file. Import the necessary imports, set the namespace & add the TagHelper

Areas/Identity/Pages/_ViewImports.cshtml

Now go to Areas/Identity/Pages/Admin folder. Create a new Empty Razor Page Claims

The Claims form contains the forms to edit & delete the Claims. At the bottom of the screen, we have Form to create the Claim.

Areas/Identity/Pages/Admin/Claims.cshtml

Creates a variable FormId, which we increment by one for each iteration. We use this to create a unique Id for each form

We loop through each claim of the user

And create a form to edit each claim. Note that we used [email protected]("editForm"+FormId) to generate a unique id to this form.

Finally, We have buttons for Edit & Delete. Both use the different page handlers editClaim & DeleteClaim.

And at the bottom, we have Add New Claim Form.

The following is the complete code of the Page Model class.

Areas/Identity/Pages/Admin/Claims.cshtml.cs

In the OnGetAsync method, we retrieve all the claims of the User to display it.

To add a new claim, first create new Claim object using the type & value. Then call the AddClaimAsync method save it to the database.

To Edit a claim, we need to construct both the existing claim & the new claim object. Use the ReplaceClaimAsync to replace the old with the new one.

To delete call the RemoveClaimAsync with claim object that you want to delete.

That’s it. Now you can run the app and test it.

Viewing the Claims of the Logged in User

The Claims from the AspNetUserClaims table are automatically included in the cookies when we login into the system using the Identity API. But If you have built the Cookie-based authentication system or Implemented JWT Bearer token authentication, then you need to include the claims in the cookies or in the JWT Token

The Authentication Middleware extracts the cookies (or tokens) and updates the User Property of the Context with the claims. You can read the claims from it as shown below

Views/Home/Index.html

Another way to view the claim is by adding a middleware just be before the app.UseEndpoints and add a breakpoint and inspect the context object.

Viewing Claims in ASP.NET Core in the Middleware Pipeline

References

Source Code

Leave a Comment

Your email address will not be published.

This site uses Akismet to reduce spam. Learn how your comment data is processed.

Scroll to Top