FDOT.Security.STS.Client.Authentication.ClaimsTransformer
-type of System.Security.Claims.ClaimsAuthenticationManager
If you want to transform or add claims when authentication occurs, you may consider implementing a claims transformer. To do so, create a class that implements ClaimsTransformer and override ApplyClaims.
Claims Transformation Class
The following code looks for active directory group claim for “CO-FDOTENTERPRISELIB”. If it finds one, it makes an application administrator role claim.
public class MyClaimsTransformer: ClaimsTransformer
{
public override void ApplyClaims(ClaimsIdentity identity)
{
if (identity == null) return;
var checkclaims = identity.FindAll(p => p.Type == GroupClaimType.ad && p.Value == "CO-FDOTENTERPRISELIB");
if (checkclaims.Any())
identity.AddClaim(new Claim("http://example.dot.state.fl.us/claims/role", "Admin"));
}
}Attribute Test
Put an attribute on a controller method to test it
[ClaimsAuthorize("http://example.dot.state.fl.us/claims/role","Admin")]Web Config
<system.identityModel>
<identityConfiguration>
<claimsAuthenticationManager type="ExampleApplication.Authentication.MyClaimsTransformer,ExampleApplication" />See Also