iBo*_*onZ 5 identity claims-based-identity asp.net-core asp.net-core-identity asp.net-core-2.0
在我的 Asp.Net Core 应用程序中,我想向我的 ClaimsIdentity 添加自定义声明,以便我可以在应用程序的不同层访问这些声明。为了实现这一点,我添加了以下代码
启动
services.AddSingleton<IHttpContextAccessor, HttpContextAccessor>();
services.AddTransient<IPrincipal>(
provider => provider.GetService<IHttpContextAccessor>().HttpContext.User);
services.AddTransient<IClaimsTransformation, ClaimsTransformer>();
索赔变压器
public class ClaimsTransformer : IClaimsTransformation
{
private readonly IUnitOfWork _unitOfWork;
private readonly IPrincipal _principal;
public ClaimsTransformer(IUnitOfWork unitOfWork, IPrincipal principal)
{
_unitOfWork = unitOfWork;
_principal = principal;
}
public Task<ClaimsPrincipal> TransformAsync(ClaimsPrincipal principal)
{
var currentPrincipal = (ClaimsIdentity)_principal.Identity;
var identity = (ClaimsIdentity)principal.Identity;
if (currentPrincipal.Claims.All(p => p.Type != "UserId"))
{
var person = _unitOfWork.PersonRepository.GetPersonBySubjectId(principal.Claims.First(p => p.Type == "sub").Value);
person.Wait();
if (person.Result != null)
{
currentPrincipal.AddClaim(new Claim("UserId", person.Result.Id.ToString()));
currentPrincipal.AddClaim(new Claim("TenantId", person.Result.PersonTeams.FirstOrDefault(p => p.Team.TeamType == TeamType.OrganizationTeam)?.Team.OrganizationId.ToString()));
if (principal.Claims.Any(p => p.Type == "Admin"))
{
currentPrincipal.AddClaim(new Claim("Admin", "True"));
}
}
foreach (var claim in identity.Claims)
{
currentPrincipal.AddClaim(claim);
}
}
return Task.FromResult(principal);
}
}
我不明白的是,当我运行我的 Claimstransformation 并逐步执行代码时,所有需要的声明都可用,但是当我将 IPrincipal 注入自定义类时,声明集合为空,当我不使用时ClaimsTransformation,声明可通过注入的 IPrincipal 获得。
为了解决这个问题,我将我的 IPrincipal 添加到 ClaimsTransformer 并复制来自 TransformAsync 输入参数的声明并添加 UserId 和 TenantId。这有效,但我遇到的问题是我不明白为什么在运行 ClaimsTransformer 时会删除 Claims 以及为什么需要添加此hack
我在同一个地方。我不得不删除 IPrincipal DI
启动
services.AddSingleton<IHttpContextAccessor, HttpContextAccessor>();
services.AddTransient<IClaimsTransformation, ClaimsTransformer>();
services.AddAuthentication(IISDefaults.AuthenticationScheme);
services.AddAuthorization(options =>
{
options.AddPolicy("SystemAdminOnly", policy => policy.RequireClaim(ClaimTypes.Role, "SystemAdmin"));
});
索赔变压器
public ClaimsTransformer(IRepository repository, IHttpContextAccessor httpContextAccessor/*, IPrincipal principal*/, IMemoryCache cache)
{
_repository = repository;
_httpContextAccessor = httpContextAccessor;
// _principal = principal;
_cache = cache;
}
public async Task<ClaimsPrincipal> TransformAsync(ClaimsPrincipal principal)
{
if (principal.Identity.IsAuthenticated)
{
var currentPrincipal = (ClaimsIdentity)principal.Identity;//_principal.Identity;
var ci = (ClaimsIdentity)principal.Identity;
var cacheKey = ci.Name;
if (_cache.TryGetValue(cacheKey, out List<Claim> claims))
{
currentPrincipal.AddClaims(claims);
}
else
{
claims = new List<Claim>();
var isUserSystemAdmin = await _repository.IsUserAdmin(ci.Name);
if (isUserSystemAdmin)
{
var c = new Claim(ClaimTypes.Role, "SystemAdmin");
claims.Add(c);
}
_cache.Set(cacheKey, claims);
currentPrincipal.AddClaims(claims);
}
//foreach (var claim in ci.Claims)
//{
// currentPrincipal.AddClaim(claim);
//}
}
return await Task.FromResult(principal);
}
它有效!