Modern Authentication with Azure Active Directory for Web Applications by Bertocci Vittorio

Modern Authentication with Azure Active Directory for Web Applications by Bertocci Vittorio

Author:Bertocci, Vittorio
Language: eng
Format: epub
Publisher: Pearson Education
Published: 2015-12-16T16:00:00+00:00


Figure 7-8 The AuthenticationResponseGrant content right after the OpenID Connect middleware successfully validates a sign-in response from Azure AD.

Properties refers to generic session properties, such as the validity window (derived from the validity window of the token itself, as declared by Azure AD). Identity, as you guessed, is the ClaimsIdentity representing the authenticated user. The most important thing to notice at this point is the AuthenticationType value that’s shown: that’s a hint left by the OpenID Connect middleware for the cookie middleware, indicating that the ClaimsIdentity instance should be persisted in the session. Recall that when the pipeline is initialized in Startup.Auth.cs, you started the method with the following line:

Click here to view code image

app.SetDefaultSignInAsAuthenticationType(CookieAuthenticationDefaults.AuthenticationType);

That told the protocol middlewares in the pipeline that in the absence of local overrides, the identifier to use for electing an identity to be persisted in a session is CookieAuthenticationDefaults.AuthenticationType, which happens to be the string “Cookies”. When the OpenID Connect middleware validates the incoming token and generates the corresponding ClaimsPrincipal and nested ClaimsIdentity, it uses that value for the AuthenticationType property. When the cookie middleware starts processing the response and finds that ClaimsIdentity, it verifies that the AuthenticationType it finds there corresponds to the AuthenticationType value it has in its options. Given that here we used the defaults everywhere, it’s a match; hence, the cookie middleware proceeds to save the corresponding ClaimsPrincipal in the session.

If you examine the Response.Headers collection after the cookie middleware has a chance to execute, you will see that the Set-Cookie value now includes a new entry for an .Asp.Net.Cookies, which contains the ClaimsPrincipal information. Figure 7-9 summarizes the sequence.



Download



Copyright Disclaimer:
This site does not store any files on its server. We only index and link to content provided by other sites. Please contact the content providers to delete copyright contents if any and email us, we'll remove relevant links or contents immediately.