Claims Transformation Middleware for Katana

One missing piece in Katana security/authentication is claims transformation. Fortunately, this is easy to add:

public class ClaimsTransformationMiddleware : OwinMiddleware

{

    ClaimsAuthenticationManager _claimsAuthenticationManager;

    public ClaimsTransformationMiddleware(
            OwinMiddleware next,
            ClaimsAuthenticationManager claimsAuthenticationManager)
       : base(next)

    {

        if (claimsAuthenticationManager == null)

        {

            throw new ArgumentNullException(“claimsAuthenticationManager”);

        }

        _claimsAuthenticationManager = claimsAuthenticationManager;

    }

    public override Task Invoke(IOwinContext context)

    {

        if (context.Authentication.User != null)

        {

            context.Authentication.User =
              _claimsAuthenticationManager.Authenticate(

                context.Request.Uri.AbsoluteUri,

                context.Authentication.User);

        }

        return Next.Invoke(context);

    }

}

This leverages the .NET built-in ClaimsAuthenticationManager class. The corresponding AppBuilder extension method would look like this:

public static IAppBuilder UseClaimsTransformation(
  this IAppBuilder app, 
  ClaimsAuthenticationManager claimsAuthenticationManager)

{

    app.Use(typeof(ClaimsTransformationMiddleware), claimsAuthenticationManager);

    return app;

}

And last but not least, this is how you would wire it up in the Katana pipeline:

app.UseClaimsTransformation(new ClaimsTransformer());

Place the claims transformation middleware after all your authentication middleware. This will allow it to see all identities.

The full sample can be found here.