Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Consider creating a workaround for serialization of netfx ClaimsPrincipal #1877

Closed
rockfordlhotka opened this issue Oct 28, 2020 · 3 comments · Fixed by #4024
Closed

Consider creating a workaround for serialization of netfx ClaimsPrincipal #1877

rockfordlhotka opened this issue Oct 28, 2020 · 3 comments · Fixed by #4024
Assignees
@rockfordlhotka
Labels
flag/help wanted flag/researching kind/enhancement

Comments

@rockfordlhotka
Copy link
Member

As per this thread: #1868 (reply in thread)

There appears to be a bug in the netfx implementation of ClaimsPrincipal where it can't deserialize from a byte stream created by the same type. The behavior works as expected in netstandard, but not netfx.

Currently MobileFormatter uses the CslaClaimsPrincipal type to "wrap" any ClaimsPrincipal found in an object graph so serialization of the principal/identity is possible. Similarly, MobileFormatter has special code to deserialize the ClaimsPrincipal byte array to rehydrate the principal/identity during deserialization.

That behavior relies on ClaimsPrincipal properly serializing/deserializing itself, and so fails in netfx.

Possible solution

A possible solution would be to have a netfx-specific bit of code in MobileFormatter and/or CslaClaimsPrincipal to manually pull out all settable property values from the principal, and all the claims from the identity, and to put them into a serializable temp object graph, which would then be serialized into a byte array. On deserialization, that temp object graph would be rehydrated, and could be used to create a new principal/identity object pair.

Whether this would actually work is unknown. Research is required.
@rockfordlhotka rockfordlhotka mentioned this issue Dec 8, 2020
Closed
@rockfordlhotka
Copy link
Member Author

Possible solution based on the following idea:

using System;
using System.Collections.Generic;
using System.Linq;
using System.Security.Claims;

namespace ClaimsPrincipalSerialize
{
    internal class Program
    {
        static void Main(string[] args)
        {
            var principal = new ClaimsPrincipal(new ClaimsIdentity(
            [
                new Claim(ClaimTypes.Name, "John Doe"),
                new Claim(ClaimTypes.Email, "Abdul Ahad")
            ]));
            ((ClaimsIdentity)principal.Identity).Label = "My Identity Label";

            var serialized = SerializePrincipal(principal);
            var deserialized = DeserializePrincipal(serialized);
            Console.WriteLine(deserialized.Identity.Name);
            Console.WriteLine(((ClaimsIdentity)deserialized.Identity).Label);
            foreach (var claim in deserialized.Claims)
            {
                Console.WriteLine($"{claim.Type}: {claim.Value}");
            }
            Console.ReadLine();
        }

        //private static byte[] SerializePrincipal(ClaimsPrincipal principal)
        //{
        //    using var buffer = new System.IO.MemoryStream();
        //    using var writer = new System.IO.BinaryWriter(buffer);
        //    principal.WriteTo(writer);
        //    return buffer.ToArray();
        //}
        private static string SerializePrincipal(ClaimsPrincipal principal)
        {
            var identity = (ClaimsIdentity)principal.Identity;
            var dto = new PrincipalDto
            {
                Identity = new IdentityDto
                {
                    AuthenticationType = principal.Identity.AuthenticationType,
                    Label = identity.Label,
                    Claims = identity.Claims.Select(c => new ClaimDto
                    {
                        Type = c.Type,
                        Value = c.Value,
                        ValueType = c.ValueType
                    }).ToList()
                }
            };
            return System.Text.Json.JsonSerializer.Serialize(dto);
        }

        //private static ClaimsPrincipal DeserializePrincipal(byte[] bytes)
        //{
        //    using var buffer = new System.IO.MemoryStream(bytes);
        //    using var reader = new System.IO.BinaryReader(buffer);
        //    return new ClaimsPrincipal(reader);
        //}

        private static ClaimsPrincipal DeserializePrincipal(string json)
        {
            var dto = System.Text.Json.JsonSerializer.Deserialize<PrincipalDto>(json);
            var claims = dto.Identity.Claims.Select(c => new Claim(c.Type, c.Value, c.ValueType)).ToList();
            var identity = new ClaimsIdentity(claims, dto.Identity.AuthenticationType)
            {
                Label = dto.Identity.Label
            };
            return new ClaimsPrincipal(identity);
        }
    }

    public class PrincipalDto
    {
        public IdentityDto Identity { get; set; }
    }

    public class IdentityDto
    {
        public string AuthenticationType { get; set; }
        public string Label { get; set; }
        public List<ClaimDto> Claims { get; set; }
    }

    public class ClaimDto
    {
        public string Type { get; set; }
        public string Value { get; set; }
        public string ValueType { get; set; }
    }
}

@rockfordlhotka rockfordlhotka moved this to In Progress in CSLA Version 9.0.0 May 15, 2024
@rockfordlhotka rockfordlhotka moved this from In Progress to Todo in CSLA Version 9.0.0 May 15, 2024
@rockfordlhotka
Copy link
Member Author

Once #2531 is complete, we should be able to use that technique to solve the ClaimsPrincipal issue in a clean manner.

@rockfordlhotka rockfordlhotka self-assigned this Jun 14, 2024
@rockfordlhotka rockfordlhotka moved this from Todo to In Progress in CSLA Version 9.0.0 Jun 14, 2024
rockfordlhotka added a commit that referenced this issue Jun 15, 2024
@rockfordlhotka
#1877 Add implementation of ClaimsPrincipal serialization for .NET Fr…
01a1dac 
…amework
@rockfordlhotka rockfordlhotka mentioned this issue Jun 15, 2024
Merged
rockfordlhotka added a commit that referenced this issue Jun 20, 2024
@rockfordlhotka
Add custom serializers to MobileFormatter (#4024)
1f16f6b 
* #2531 Initial changes to implement IMobileSerializer concept

* #2531 Maintain Serialization configuration for custom formatters

* Use modern namespace technique

* Fix comment

* #2531 Initial implementation of deserialization

* Resolve build warning

* #2531 Rework how mobile formatter config works

* #2531 Custom serializer now works with ClaimsPrincipal

* #2531 Remove obsolete CslaClaimsPrincipal type

* Clean up ctor and application context

* #2531 Put ClaimsPrincipalSerializer into core framework

* #2531 Add custom serializer tests

* #2531 Updates based on PR feedback

* Fix comments

* #2531 Move serialzation formatter config to be instance not static

* Clean up what were static methods to work correctly now

* #2531 Allow unknown types to fall through FieldDataManager as "children"

* #2531 Ensure native types are handled correctly

* #2531 Update tests

* #2531 Use a func to determine if a type can be handled by a serializer

* #2531 Add test using CanSerialize

* #2531 Rework TypeMap to use generics for type safety and readability

* #3363 Add test for DateTime.Kind serialization

* #1877 Add implementation of ClaimsPrincipal serialization for .NET Framework

* Fix build warning

* #2148 Add Json-based PocoSerializer for simple types

* #2531 Update method name

* #2531 Add and use MobileFormatterException

* #2531 Update implementation and property scopes

* #2531 Make type internal

* Update tests

* #2531 Use DI to get the ISerializationFormatter service

* #2531 Remove SerializationFormatterFactory type

* #2531 Remove OriginalType

* Remove commented code

* #2531 Clean up code

* #2531 Fix expected exception type

* Remove obsolete compiler conditionals

* #3871 Updated release notes

* Add `dev/` prefix to working branch names

* #2531 Code cleanup and improvement based on PR review

* #2531 Make MobileFormatterOptions a service
@github-project-automation github-project-automation bot moved this from In Progress to Done in CSLA Version 9.0.0 Jun 20, 2024
@github-actions GitHub Actions
Copy link

This issue has been automatically locked since there has not been any recent activity after it was closed. Please open a new issue for related bugs.

@github-actions github-actions bot locked as resolved and limited conversation to collaborators Dec 18, 2024
Sign up for free to subscribe to this conversation on GitHub. Already have an account? Sign in.
Assignees

@rockfordlhotka rockfordlhotka

Labels
flag/help wanted flag/researching kind/enhancement
Projects
CSLA Version 9.0.0
Status: Done
Milestone
No milestone
Development

Successfully merging a pull request may close this issue.

Add custom serializers to MobileFormatter MarimerLLC/csla
1 participant
@rockfordlhotka