9

I'm using Visual Studio 2015 to create an ASP.NET MVC 5 app. I'm using the Identity framework to add claims to a user after authentication. It's easy enough to add claims based on the built-in ClaimTypes, but I'm having challenges adding a custom claim that's a Boolean.

I've created this static class to hold my custom claim types:

public static class CustomClaimTypes
{
    public static readonly string IsEmployee = "http://example.com/claims/isemployee";
}

Then I try to add a custom claim to the ClaimsIdentity object:

userIdentity.AddClaim(new Claim(CustomClaimTypes.IsEmployee, isEmployee));

It gives this error on the line above:

cannot convert from 'bool?' to 'System.Security.Claims.ClaimsIdentity'

All the examples that I'm finding are adding strings. How do you add a bool, int, or other type? Thanks.

Improve this question

3 Answers 3

Reset to default
22

You can also pass valueType as third parameter.

userIdentity.AddClaim(
    new Claim(CustomClaimTypes.IsEmployee, 
    isEmployee.ToString(), 
    ClaimValueTypes.Boolean));

so on front end you will get bool type value instead of string.

Improve this answer
Sign up to request clarification or add additional context in comments.

Comments

10

The claims can only be represented as strings. Any numbers, booleans, guids, whatever all have to be strings when added to the claims collection. So ToString() it.

userIdentity.AddClaim(
    new Claim(CustomClaimTypes.IsEmployee, 
    isEmployee.GetValueOrDefault(false).ToString()));
Improve this answer

5 Comments

Thanks, @Amy. Is it possible to store complex objects in a custom claim? Been reading this article: learn.microsoft.com/en-us/dotnet/framework/wcf/extending/…
You must serialize them to a string.
What if i want "myType": true instead of "myType":"true" when I decode my payload? Because if i use ToString() I will receive the second option.
@BlackShawarna Any numbers, booleans, guids, whatever all have to be strings when added to the claims collection. It must be a string.
Yes, I agree wih you, There's no other option. To have "myToken": false use the ClaimValueTypes.Boolean otherwise you will have "myToken": "false" as string format.
1

To get the correct type you want in the response, you need to overload TokenEndpointResponse

public override Task TokenEndpointResponse(OAuthTokenEndpointResponseContext context)
        {
            foreach (var item in context.Identity.Claims)
            {
                object value;

                if (item.ValueType.Contains("boolean"))
                    value = bool.Parse(item.Value);
                else
                    value = item.Value;

                context.AdditionalResponseParameters.Add(item.Type, value);
            }

            return base.TokenEndpointResponse(context);
        }

of course after specifying the ClaimValueTypes as mentioned in previous answers, otherwise it will identify all fields as string type.

Improve this answer

Comments

Start asking to get answers

Find the answer to your question by asking.

Ask question

Explore related questions

See similar questions with these tags.