Identity in .NET 4.5–Part 3: (Breaking) changes
- by Your DisplayName here!
I recently started porting a private build of Thinktecture.IdentityModel to
.NET 4.5 and noticed a number of changes. The good news is that I can delete large
parts of my library because many features are now in the box. Along the way I found
some other nice additions.
ClaimsIdentity now has methods to query the claims collection, e.g. HasClaim(), FindFirst(), FindAll().
ClaimsPrincipal has those methods as well. But they work across all contained
identities. Nice!
ClaimsPrincipal.Current retrieves the ClaimsPrincipal from Thread.CurrentPrincipal.
Combined with the above changes, no casting necessary anymore.
SecurityTokenHandler now has read and write methods that work directly with
strings. This makes it much easier to deal with non-XML tokens like SWT or JWT.
A new session security token handler that uses the ASP.NET machine key to protect
the cookie. This makes it easier to get started in web farm scenarios.
No need for a custom service host factory or the federation behavior anymore. WCF
can be switched into “WIF mode” with the useIdentityConfiguration switch
(odd name though).
Tooling has become better and the new test STS makes it very easy to get started.
On the other hand – and that was kind of expected – to bring claims into the core
framework, there are also some breaking changes for WIF code. If you want to migrate
(and I would recommend that), most changes to your code are mechanical. The following
is a brain dump of the changes I encountered.
Assembly Microsoft.IdentityModel is gone. The new functionality is now in mscorlib, System.IdentityModel(.Services) and System.ServiceModel.
All the namespaces have changed as well.
No IClaimsPrincipal and IClaimsIdentity anymore.
Configuration section has been split into <system.identityModel /> and <system.identityModel.services
/>.
WCF configuration story has changed as well.
Claim.ClaimType is now Claim.Type.
ClaimCollection is now IEnumerable<Claim>.
IsSessionMode is now IsReferenceMode.
Bootstrap token handling is different now.
ClaimsPrincipalHttpModule is gone. This is not really needed anymore, apart
from maybe claims transformation (see here).
Various factory methods on ClaimsPrincipal are gone (e.g. ClaimsPrincipal.CreateFromIdentity()).
SecurityTokenHandler.ValidateToken now returns a ReadOnlyCollection<ClaimsIdentity>.
Some lower level helper classes are gone or internal now (e.g. KeyGenerator).
The WCF WS-Trust bindings are gone. I think this is a pity. They were *really* useful
when doing work with WSTrustChannelFactory.
Since WIF is part of the Windows operating system and also supported in future versions
of .NET, there is no urgent need to migrate to the 4.5 claims model. But obviously,
going forward, at some point you want to make the move.
