Sep 182018
 
 September 18, 2018  Posted by at 9:02 am .NET Core, ASP  Add comments

I’m setting up OpenIdConnect authentication for our system and came across a peculiar problem. Although I was able to log in using an external authentication server (for example a Google account) the HttpContext.User.Identity.Name would be null. But looking at the claims I could see a name claim. What was going on?

When you authenticate the ClaimsPrincipal is set, and by default the name claim type used is http://schemas.xmlsoap.org/ws/2005/05/identity/claims/name , however if you look at the claims received the user name claim is “name”. To override this default behavior and set the User.Identity.Name make sure to set the TokenValidationParameter NameClaimType to “name”.
 


.AddOpenIdConnect(options =>
{
    options.ClientId = Configuration["ClientId"];
    options.ClientSecret = Configuration["ClientSecret"];
    options.Authority = Configuration["Authority"];
 
    options.ResponseType = OpenIdConnectResponseType.Code;
 
    options.TokenValidationParameters = new TokenValidationParameters
    {
        NameClaimType = "name",
        ValidateIssuer = true
    };
 
    options.SaveTokens = true;
});

 Leave a Reply

You may use these HTML tags and attributes: <a href="" title=""> <abbr title=""> <acronym title=""> <b> <blockquote cite=""> <cite> <code> <del datetime=""> <em> <i> <q cite=""> <s> <strike> <strong>

(required)

(required)

What is 6 + 6 ?
Please leave these two fields as-is:
IMPORTANT! To be able to proceed, you need to solve the following simple math (so we know that you are a human) :-)