我正在使用Asp.Net Core 2.1和Windows身份验证的Intranet应用程序上工作。我可以很好地从IIS获得通过,但我想使用存储在数据库中的角色进行授权。
我有一个IClaimsTransformeration类,该类基于LAN Id从数据库中获取角色,并将它们添加到带有角色密钥的声明列表中。
public class MyClaimsTransformer : IClaimsTransformation
{
private readonly IUnitOfWorkMtuSecurity _unitOfWork;
public MyClaimsTransformer(IUnitOfWorkMtuSecurity unitOfWork)
{
_unitOfWork = unitOfWork;
}
// Each time HttpContext.AuthenticateAsync() or HttpContext.SignInAsync(...) is called the claims transformer is invoked. So this might be invoked multiple times.
public async Task<ClaimsPrincipal> TransformAsync(ClaimsPrincipal principal)
{
var identity = principal.Identities.FirstOrDefault(x => x.IsAuthenticated);
if (identity == null) return principal;
//var user = await _userManager.GetUserAsync(principal);
var user = identity.Name;
if (user == null) return principal;
//Get user with roles …c# asp.net-mvc authorization authorize-attribute asp.net-core-2.1