Copied to clipboard

Flag this post as spam?

This post will be reported to the moderators as potential spam to be looked at

  • Openfield Creative 62 posts 222 karma points
    Apr 04, 2016 @ 18:48
    Openfield Creative

    Problem retrieving roles in Identity claims

    I'm trying to connect to a clients Identity Server and retrieve the roles that have been assigned to a user. When viewing the list of roles on their test application they come through as:


    And when viewing them through my umbraco application they come through as:

    I've compared startup files for both the test application and mine and there are no significant differences. My hunch is that it has something to do with my startup inheriting from UmbracoDefaultOwinStartup but i'm not sure what to add to get the desired behavior. Has anyone ran into and fixed this before?

    Here is my startup.cs

    using Microsoft.IdentityModel.Protocols;
    using Microsoft.Owin.Security;
    using Microsoft.Owin.Security.Cookies;
    using Microsoft.Owin.Security.OpenIdConnect;
    using Owin;
    using System;
    using System.Collections.Generic;
    using System.IdentityModel.Tokens;
    using System.Linq;
    using System.Security.Claims;
    using System.Text;
    using System.Threading.Tasks;
    using IdentityModel.Client;
    using Microsoft.Owin;
    using System.Security.Cryptography.X509Certificates;
    using System.Net.Security;
    using Umbraco.Web;
    [assembly: OwinStartupAttribute(typeof(Astute.Portal.UmbracoStandardOwinStartup))]
    namespace Astute.Portal
        public partial class UmbracoStandardOwinStartup : UmbracoDefaultOwinStartup
            public override void Configuration(IAppBuilder app)
                app.UseCookieAuthentication(new CookieAuthenticationOptions
                    AuthenticationType = "cookies",
                app.UseOpenIdConnectAuthentication(new OpenIdConnectAuthenticationOptions
                    AuthenticationType = "oidc",
                    SignInAsAuthenticationType = "cookies",
                    UseTokenLifetime = false,
                    Authority = Astute.Portal.Constants.ServerUri.IdentityServer,
                    ClientId = "supportCenter",
                    RedirectUri = Astute.Portal.Constants.ServerUri.ePowerCenterMVC,
                    ResponseType = "id_token token",
                    Scope = "openid profile roles epowercenterapi",
                    Notifications = new OpenIdConnectAuthenticationNotifications
                        SecurityTokenValidated = n =>
                            var user = n.AuthenticationTicket.Identity;
                            user.AddClaim(new Claim("access_token", n.ProtocolMessage.AccessToken));
                            user.AddClaim(new Claim("id_token", n.ProtocolMessage.IdToken));
                            return Task.FromResult(0);
                        RedirectToIdentityProvider = x =>
                            if (x.ProtocolMessage.RequestType == OpenIdConnectRequestType.LogoutRequest)
                                var idTokenHint = x.OwinContext.Authentication.User.FindFirst("id_token").Value;
                                x.ProtocolMessage.IdTokenHint = idTokenHint;
                            return Task.FromResult(0);



Please Sign in or register to post replies

Write your reply to: