Migrating to CslaClaimsPrincipal/ClaimsIdentity

[ajohnstone-ks]

We're trying to move to a ClaimsIdentity/CslaClaimsPrincipal since that seems to be the future. Currently our custom Principal has nothing in it (it defers to the Identity) and the Identity only keeps a couple of number values. Everything else is referred to a Session which we return on login which actually has all the permissions stuff and other information, and then we look up a copy on the server using the two values from the identity.

So I just changed our principal to subclass CslaClaimsPrincpal, and our identity to subclass ClaimsIdentity. I stuff the two numbers needed into the Claims collection as separate claims.

It seems to work, except that the ClaimsIdentity doesn't seem to repopulate on the server, and so we can't find the session. We're using a WCF data portal (for this app, we use HttpProxy for our mobile app).

First off, am I heading in the right direction? Secondly, should this work over WCF?

[rockfordlhotka]

I am pretty sure that ClaimsIdentity is not serializable with BinaryFormatter or NDCS - which are the two serializers used by WCF.

In CSLA 5.2 (maybe 5.1?) the MobileFormatter was enhanced so it does know how to serialize a ClaimsIdentity.

In summary, if you are using WCF, you will need to configure WCF itself to do the impersonation, so WCF takes the user identity from the client and sets it on the server. And you will need to set the AuthenticationMode configuration of CSLA to "Windows" so CSLA doesn't try to do any impersonation.

(I am not 100% sure you can have WCF impersonate with ClaimsPrincipal, but if it is possible, this is what you need to do)

Or switch to using MobileFormatter and probably HttpProxy instead of WCF (or GrpcProxy), and then CSLA will do the impersonation for you.

[ajohnstone-ks]

Thanks Rocky. Unfortunately we can't switch to HttpProxy just yet, as our Csla version doesn't have the sync version of it (and our main app is sync everywhere). But it sounds like once we get to a version of Csla where we can use sync httpproxy, we can ditch wcf and then tackle this.