Topics

All topics

Development

Add and validate custom claims to Simple Web Tokens
Development

Perform the following:

  1. Override the SWTFactory class and register it into the ObjectFactory.
    The following example demonstrates how to use the Global.asax file:
    using System;
    using System.Security.Claims;
    using Telerik.Microsoft.Practices.Unity;
    using Telerik.Sitefinity.Abstractions;
    using Telerik.Sitefinity.Security.Claims.SWT;
    namespace SitefinityWebApp
    {
    public class Global : System.Web.HttpApplication
    {
    protected void Application_Start(object sender, EventArgs e)
    {
    Telerik.Sitefinity.Authentication.AuthenticationModule.Initialized += AuthenticationModule_Initialized;
    }
    private void AuthenticationModule_Initialized(object sender, EventArgs e)
    {
    ObjectFactory.Container.RegisterType<SWTFactory, CustomSWTFactory>(new ContainerControlledLifetimeManager());
    }
    private class CustomSWTFactory : SWTFactory
    {
    public override SimpleWebToken Build(ClaimsPrincipal principal, string realm)
    {
    // Create a custom claim
    var myClaim = new Claim("MyClaim", "123456789");
    // Add it to the Claims Identity
    ((ClaimsIdentity)principal.Identity).AddClaim(myClaim);
    // Call the base login to build the token with the modified principal
    return base.Build(principal, realm);
    }
    }
    }
    }
    view raw CustomSWTSecurityTokenHandler_Global.asax.cs hosted with ❤ by GitHub
  2. Override the SWTSecurityTokenHandler in the following way:
    using System;
    using System.Collections.ObjectModel;
    using System.IdentityModel.Tokens;
    using System.Linq;
    using System.Security.Claims;
    using Telerik.Sitefinity.Security.Claims.SWT;
    namespace SitefinityWebApp.Security
    {
    public class CustomSWTSecurityTokenHandler : SWTSecurityTokenHandler
    {
    public override ReadOnlyCollection<ClaimsIdentity> ValidateToken(SecurityToken token)
    {
    // Get the token
    var swtToken = token as SimpleWebToken;
    if (swtToken == null)
    {
    throw new InvalidOperationException("Token is not a SimpleWebToken");
    }
    // Get the custom claim and validate it
    var myClaim = swtToken.Claims.FirstOrDefault(c => c.Type == "MyClaim");
    if (myClaim == null)
    {
    throw new UnauthorizedAccessException("Unauthorized");
    }
    // Call the base validation logic
    return base.ValidateToken(token);
    }
    }
    }
    view raw CustomSWTSecurityTokenHandler.cs hosted with ❤ by GitHub
  3. Register the handler in the web.config, in the following way:
    <system.identityModel>
    <identityConfiguration>
    <securityTokenHandlers>
    <add type="SitefinityWebApp.Security.CustomSWTSecurityTokenHandler, SitefinityWebApp" />
    </securityTokenHandlers>
    </identityConfiguration>
    </system.identityModel>
    view raw CustomSWTSecurityTokenHandler_web.config.xml hosted with ❤ by GitHub

Want to learn more?

Increase your Sitefinity skills by signing up for our free trainings. Get Sitefinity-certified at Progress Education Community to boost your credentials.

Get started with Integration Hub | Sitefinity Cloud | Sitefinity SaaS

This free lesson teaches administrators, marketers, and other business professionals how to use the Integration hub service to create automated workflows between Sitefinity and other business systems.

Web Security for Sitefinity Administrators

This free lesson teaches administrators the basics about protecting yor Sitefinity instance and its sites from external threats. Configure HTTPS, SSL, allow lists for trusted sites, and cookie security, among others.

Foundations of Sitefinity ASP.NET Core Development

The free on-demand video course teaches developers how to use Sitefinity .NET Core and leverage its decoupled architecture and new way of coding against the platform.

Was this article helpful?

Next article

Login users when using custom authentication