Say I have a vanilla ASP.NET MVC web app using claims-based authentication. The server has access to claims easily enough from the controller's User property. But say I wanted to access the claims in the frontend, is that possible? Or do I need to expose a route on my controller which I would invoke with ajax from the frontend to retrieve the claims?
Then let's ratchet it up a notch: instead of a vanilla app, I'm using Thinktecture's IdentityServer as the identity provider and WS-Federation to authenticate from my app (on a different domain). Is it possible then?
I think claims are stored in the authentication cookie, but probably encrypted and not accessible by javascript. You'll need to add an api controller and send it manually.