I am implementing wsfed authentication using wsfederation plugin on top of Thinktecture IdentityServer, I got my own UserService implemented with AuthenticateLocalAsync method as below
public async Task<AuthenticateResult> AuthenticateLocalAsync(string username, string password, SignInMessage message)
{
var requestViewModel = new SignInRequestViewModel
{
EmailAddress = username,
Password = password
};
var result = await signInApplicationService.SignInAsync(requestViewModel);
var responseViewModel = result.ViewModel;
var claims = claimBuilder.GetClaims(responseViewModel);
return new AuthenticateResult(
responseViewModel.CustomerId.ToString(),
string.Format("{0} {1}", responseViewModel.FirstName, responseViewModel.LastName),
claims);
}
This method get called when a login event triggered, as you can see I authenticate users against my own database repository, then from the result I built up claims object which referenced in AuthenticateResult object and return back.
So I thought that the claims should now be available on the client, so no need to make further request, but it actually makes second request to itself which the GetProfileDataAsync method get called, and based on document:
This method is called whenever claims about the user are requested (e.g. during token creation or via the userinfo endpoint
Which kinda of making sense, but does it mean that I need to call my database again to retrieve customer data again, and rebuild the claims same as I did in my AuthenticateLocalAsync method?
If so, what's the point to pass claims back in the first authenticate method?
Can someone explain please?
Thanks
Ming
The call to GetProfileDataAsync has a ClaimsPrincipal. The claims you put there in the authentication stage should be on that principal. So no need for a db roundtrip.
If the claims are not to be found there, this would be a bug and you should open an issue on the issue tracker.