protected void Page_Load(object sender, EventArgs e) { Response.Cache.SetNoStore(); if (Page.User == null || Page.User.Identity.IsAuthenticated == false) { throw new ConfigurationErrorsException("WSFederationAuthenticationModule must be configured."); } if (ClaimsUtil.GetAuthStrengthClaim(Thread.CurrentPrincipal.Identity as IClaimsIdentity) != AuthenticationMethods.X509) { // The user is not authenticated with high assurance. throw new UnauthorizedAccessException("CustomClaimsAuthorizationManager must be configured."); } // For illustrative purposes this sample application simply shows all the parameters of // claims (i.e. claim types and claim values), which are issued by a security token // service (STS), to its clients. In production code, security implications of echoing // the properties of claims to the clients should be carefully considered. For example, // some of the security considerations are: (i) accepting the only claim types that are // expected by relying party applications; (ii) sanitizing the claim parameters before // using them; and (iii) filtering out claims that contain sensitive personal information). // DO NOT use this sample code 'as is' in production code. //Show the claims in a table ShowClaims populateTable = new ShowClaims(ClaimSetTable); }
protected void Page_Load(object sender, EventArgs e) { // // If the user is authenticated with a high assurance log in, // allow him to access the high value resource page. // // If the user is not authenticated, ask the user to log in through // the high assurance sign-in page. // if (Page.User != null && Page.User.Identity.IsAuthenticated == true) { if (ClaimsUtil.GetAuthStrengthClaim(Thread.CurrentPrincipal.Identity as IClaimsIdentity) == AuthenticationMethods.X509) { // The user is authenticated with high assurance; allow access to // high value resource page. Response.Redirect("HighValueResourcePage.aspx"); } else { // The user is authenticated with low assurance. Ask the user to do a high assurance sign-in. // Enable the account summary page link so that the user opt to // go back to that page. HyperLink1.Visible = true; } } else { // The user is not authenticated. He needs to sign in with the high assurance authentication method. // Hide the link back to account summary page because the user is not yet authenticated. HyperLink1.Visible = false; } }
protected void Page_Load(object sender, EventArgs e) { Response.Cache.SetNoStore(); if (Page.User != null && Page.User.Identity.IsAuthenticated == true) { if (ClaimsUtil.GetAuthStrengthClaim(Thread.CurrentPrincipal.Identity as IClaimsIdentity) == AuthenticationMethods.X509) { // The user is authenticated with high assurance; allow access to // high value resource page. Response.Redirect("HighValueResourcePage.aspx"); } else { // The user is authenticated with low assurance; allow access to // low value resource page. Response.Redirect("LowValueResourcePage.aspx"); } } this.Label1.Text = "Test"; this.Label1.Visible = false; }
public override bool CheckAccess(AuthorizationContext context) { string resource = context.Resource[0].Value; // // To access high value resources, the caller must have an AuthenticationMethod claim of X509. // if (resource.Equals(HighValueResourceUrl)) { IClaimsPrincipal principal = context.Principal; foreach (IClaimsIdentity identity in principal.Identities) { string authStrengthClaim = ClaimsUtil.GetAuthStrengthClaim(identity); if (String.Equals(authStrengthClaim, AuthenticationMethods.X509, StringComparison.Ordinal)) { // // Found X509 authentication claim. Return true. // return(true); } } // // No X509 authentication claim. Return false. // return(false); } else { // // This is not an access to high value resources. Any set of claims is fine. // return(true); } }