Identity implementation

[BlagoCuljak]

Hi guys,
We are using CustomIdentity within our project, and that works flawlessly with WPF models. However, we recently started introducing Blazor UI (server side) reusing our business library. That required some smaller changes in the custom identity implementation, and now - as a consequence - we are having some issues with client sessions. Namely, the authorization rule is properly initialized when the first user logs in, and it assigns CRUD authorization properties on a BusinessEdit object as it should. However, as soon as the next user logs in, the authorization rules seem to be inherited from the previous user/instance (the breakpoint set on rules is not hit at all). I hope it all makes sense to you. Can you please point out to some possible design flaws in our identity implementation?

[rockfordlhotka]

Microsoft has stopped supporting anything except ClaimsPrincipal and ClaimsIdentity (and not subclasses either) in modern ASP.NET scenarios. As a result, you need to switch your custom properties/claims/etc. to be "claims" in a ClaimsIdentity.

The MobileFormatter understands how to serialize a ClaimsPrincipal (even though it isn't serializable normally), so you can get normal CSLA behavior between client and app server via the data portal.

[rockfordlhotka]

You can see how the modern ClaimsIdentity is used in ProjectTracker and in the samples (now mostly updated for .NET 5) from my Blazor book.