[jira] Commented: (STONEHENGE-111) .NET Trader isn't using the userId claim returned from the ActiveSTS

Thu, 10 Dec 2009 13:38:49 -0800 

    [ 
https://issues.apache.org/jira/browse/STONEHENGE-111?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=12788945#action_12788945
 ] 

Pablo Mariano Cibraro commented on STONEHENGE-111:
--------------------------------------------------

Hi Ben,

The Trader client never get access to the user claims to get the user id. The 
business service is actually who receives the user id from the token negotiated 
with the active STS. We did not remove the user id argument from the business 
service operation because that represented a significant breaking change in 
existing wsdl. I am setting a default user id in the trader client because 
metro is still using that argument (which is something wrong, so we still need 
to change the business service in metro to get the user id from the claims, 
this is a pending task). The .NET business service should always get the user 
id from the claims (I am saying "should", because I found a bug yesterday). I 
will send you the fix for this tomorrow.   

Thanks
Pablo.

> .NET Trader isn't using the userId claim returned from the ActiveSTS
> --------------------------------------------------------------------
>
>                 Key: STONEHENGE-111
>                 URL: https://issues.apache.org/jira/browse/STONEHENGE-111
>             Project: Stonehenge
>          Issue Type: Bug
>          Components: DOTNET_CLIENT
>    Affects Versions: M2
>         Environment: dotnet
>            Reporter: Ben Dewey
>
> I can't seem to find anywhere that the TraderClient is using the userid 
> returned from the active STS.
> There are two places I've seen.
> 1.  Account.aspx.cs (line 40): userid is set to null and the GetDefaultUserId 
> is used
> 2.  Controls/AccountOrders.ascx.cs (line 46): userId is set to 
> HttpContext.Current.User.Identity.Name which returns unll
> The should both be something like the following:
> userid = (from c in 
> ((IClaimsIdentity)HttpContext.Current.User.Identity).Claims
>           where c.ClaimType == 
> "http://schemas.xmlsoap.org/ws/2005/05/identity/claims/nameidentifier";
>           select c.Value).FirstOrDefault();

-- 
This message is automatically generated by JIRA.
-
You can reply to this email to add a comment to the issue online.

Reply via email to