Last post Nov 27, 2017 12:22 PM by mgebhard
Nov 27, 2017 09:29 AM|Boxhead|LINK
I need some advice regarding Claims. I have a series of web services in a project which are consumed by several other projects in the solution. We need to keep all business logic within the web services layer to allow the viewing layer to be adaptable
for mobile or other versions of the view.
The viewing applications run using Windows Authentication and ASP.NET Impersonation. To log on, the web services get a users windows logged on name and compares it with a database and if not available their details are extracted from AD and added to the
database. They also can have various roles assigned which are also stored in the database.
Currently the web service passes back a user model to the viewing applications and there are core services for caching user roles. What I would like to do instead is create a claim in the web services and this to then be available to any application using
the web services. Is this possible? Are the claims persistent across the web services to the application and available to the application to use?
Thanks for any advice/help :)
Nov 27, 2017 12:22 PM|mgebhard|LINK
Claims are generally created when the user authenticates. Claims are a bit of data (name/value) that the client persists and sends to the service on each request. The service reads the claim and allows/disallows
access to resources,
Are the claims persistent across the web services to the application and available to the application to use?
Application to service authentication can be done with a claim but usually the application and service know each other through an Id and secrete or certificate.
Perhaps do a little research on claims.