asp.net核心如何向User添加声明

Question

asp.net核心如何向User添加声明

Gre*_*aue 2 c# azure claims-based-identity asp.net-core

我正在使用ASP.NET Core 2.0,Azure AD v2.0端点.我得到这样的声明:

var currentUser = User;

var displayName = currentUser.FindFirst("name").Value;
var claims = currentUser.Claims;

Run Code Online (Sandbox Code Playgroud)

我不习惯使用它User来获取索赔,但是无法通过旧的方式System.Security.Claims来工作.所以我的第一个问题是,这是我应该如何得到我的主张？我的第二个问题是,如何为此添加声明User？

Answer 1

Bru*_*hen 8

这是我应该如何得到我的主张？

AFAIK,您可以利用ControllerBase.HttpContext.User或ControllerBase.User检索System.Security.Claims.ClaimsPrincipal当前用户.您可以遵循类似的问题1和问题2的详细信息.

我的第二个问题是,如何向此用户添加声明？

正如您所说,您正在使用ASP.NET Core 2.0,使用Azure AD v2.0.我假设在使用时UseOpenIdConnectAuthentication,您可以添加以下附加声明OnTokenValidated:

app.UseOpenIdConnectAuthentication(new OpenIdConnectOptions
{
    ClientId = Configuration["AzureAD:ClientId"],
    Authority = string.Format(CultureInfo.InvariantCulture, Configuration["AzureAd:AadInstance"], "common", "/v2.0"),
    ResponseType = OpenIdConnectResponseType.IdToken,
    PostLogoutRedirectUri = Configuration["AzureAd:PostLogoutRedirectUri"],
    Events = new OpenIdConnectEvents
    {
        OnRemoteFailure = RemoteFailure,
        OnTokenValidated = TokenValidated
    },
    TokenValidationParameters = new TokenValidationParameters
    {
        // Instead of using the default validation (validating against
        // a single issuer value, as we do in line of business apps), 
        // we inject our own multitenant validation logic
        ValidateIssuer = false,

        NameClaimType = "name"
    }
});

private Task TokenValidated(TokenValidatedContext context)
{
    /* ---------------------
    // Replace this with your logic to validate the issuer/tenant
        ---------------------       
    // Retriever caller data from the incoming principal
    string issuer = context.SecurityToken.Issuer;
    string subject = context.SecurityToken.Subject;
    string tenantID = context.Ticket.Principal.FindFirst("http://schemas.microsoft.com/identity/claims/tenantid").Value;

    // Build a dictionary of approved tenants
    IEnumerable<string> approvedTenantIds = new List<string>
    {
        "<Your tenantID>",
        "9188040d-6c67-4c5b-b112-36a304b66dad" // MSA Tenant
    };
    o
    if (!approvedTenantIds.Contains(tenantID))
        throw new SecurityTokenValidationException();
        --------------------- */

    var claimsIdentity=(ClaimsIdentity)context.Ticket.Principal.Identity;
    //add your custom claims here
    claimsIdentity.AddClaim(new Claim("test", "helloworld!!!"));

    return Task.FromResult(0);
}

Run Code Online (Sandbox Code Playgroud)

然后,我使用以下代码来检索用户声明:

public IActionResult UserInfo()
{
    return Json(User.Claims.Select(c=>new {type=c.Type,value=c.Value}).ToList());
}

Run Code Online (Sandbox Code Playgroud)

测试:

此外,您可以参考此示例将Azure AD(v2.0端点)集成到ASP.NET Core Web应用程序中.

归档时间：	8 年前
查看次数：	10829 次
最近记录：	8 年前