I've got my custom ClaimsAuthorizationManager working using the standard configuration file settings but I want to inject a business layer service into my implementation and I can't figure it out.
<system.identityModel>
<identityConfiguration>
<claimsAuthorizationManager
type="Authentication.AuthorizationManager, Assembly" />
<claimsAuthenticationManager
type="Authentication.ClaimsTransformer, Assembly" />
</identityConfiguration>
<system.identityModel>
I've tried manually setting it using the static FederatedAuthentication class but with no joy. The ClaimsAuthorizationModule
is always null.
FederatedAuthentication.ClaimsAuthorizationModule.ClaimsAuthorizationManager = DependencyConfig.Container.Resolve<ClaimsAuthorizationManager>();
I've tried the answers from this question to try and ensure that the module is loaded...
FederatedAuthentication.WSFederationAuthenticationModule is null at runtime
...but they don't have an effect. I also wonder if the information in those is dated because there's I've got modules with the same names from the System.IdentityModel assembly already in my application.
I'm using Thinktecture IdentityModel but I can't see anywhere in there which solves my problem. This issue seems to hint at it but doesn't give me a solution. https://github.com/thinktecture/Thinktecture.IdentityModel/issues/9
I've resolved the issue with the null ClaimsAuthorizationModule, the answer was out of date and I needed to use the claims auth module from the System.IdentityModel.Services assembly. Now I can inject the ClaimsAuthManager but CheckAccess isn't being called.
There's an event you can handle - FederatedAuthentication.ServiceConfigurationCreated. This allows setting the claims authorization manager programmatically.