我正在尝试根据此文档https://docs.microsoft.com/en-us/aspnet/core/blazor/security/webassembly/azure-active-directory-groups-and-根据用户定义的角色设置 AAD 授权roles?view=aspnetcore-3.1#user-defined-roles我可以在应用程序清单中设置它并使 API 授权工作。但是,当我尝试在 UI 端执行此操作时,我无法显示该声明。我做了 json 解释类(DirectoryObjects、CustomUserAccount 和 Value(由目录对象使用))。我还添加了删除组内容的 CustomUserFactory,因为我只关心角色:
private readonly ILogger<CustomUserFactory> _logger;
private readonly IHttpClientFactory _clientFactory;
public CustomUserFactory(IAccessTokenProviderAccessor accessor,
IHttpClientFactory clientFactory,
ILogger<CustomUserFactory> logger)
: base(accessor)
{
_clientFactory = clientFactory;
_logger = logger;
}
public async override ValueTask<ClaimsPrincipal> CreateUserAsync(
CustomUserAccount account,
RemoteAuthenticationUserOptions options)
{
var initialUser = await base.CreateUserAsync(account, options);
if (initialUser.Identity.IsAuthenticated)
{
var userIdentity = (ClaimsIdentity)initialUser.Identity;
foreach (var role in account.Roles)
{
userIdentity.AddClaim(new Claim("role", role));
}
}
return initialUser;
}
然后我按照文档中提到的那样修改了 program.cs: …
asp.net azure-authentication blazor blazor-client-side blazor-webassembly