What is Claim based Authentication ?
.NET Developers or Developers in other platforms too would have worked on Authentication in their Projects . Here’s one of them thats been talked more about these days . Its called “Claim based Authentication”.
What is Claim based Authentication?
Claim based Authentication uses the authentication providers . The authentication providers authenticates the user when the user tries to Log in and returns the token which the Application should understand and validates the identity of the user to the Application .
Now , the Application can utlize the token returned by the authentication provider and provide access to the Application accordingly .
For example , assume that the user registers his profile in website “A” and Website “B” seperately with different username and password .Now , the user has to remember the credentials each time he tries to Login . What happens when the user registers in more number of websites ? .
There are also other credentials like SmartCard that can be used instead of Username and Password .
At some point of time , the user might tend to forget the password ( if different ) and the user might have to enter the Security Question to recover the password and might end up forgetting the security question too sometimes .
Assume , the user has an Facebook account , Windows Live ID or OpenID and how good will it be if he can use that one user credential to access in different websites ?
This will make the users work easier isn’t it ?
This is exactly how an Claim based Authentication works . With this , the Application need not know who exactly the users are .
- Identity in Claim based Authentication contains information that can uniquely identify a user . This can be users , organizations etc.
- Claim or Token – This represents the properties about an identity in Claim based Authentication. These properties or attributes are expressed as XML format called “SAML” – Security Assertion Markup Language.
Authorization can be based on the Claim
- When the users identity is passed in the Claim based Authentication to the authentication provider , if it is a trusted , then the claim is returned that includes the properties of the user .
One advantage of using the Claim based authentication is the non dependency of the authorization process to an specific protocol .