使用Azure Active Directory进行ASP.NET Core身份验证并在请求之间持久保留自定义声明

本文介绍了使用Azure Active Directory进行ASP.NET Core身份验证并在请求之间持久保留自定义声明的处理方法，对大家解决问题具有一定的参考价值，需要的朋友们下面随着小编来一起学习吧！

问题描述

我在Visual Studio 2017中创建了一个默认的ASP.NET Core网站.我选择使用Azure Active Directory进行身份验证.我运行的网站，并可以成功登录使用的帐户在Active Directory.

I have a default ASP.NET Core website created within Visual Studio 2017. I have chosen to authenticate using an Azure Active Directory.I run the site and can successfully login using an account in the Active Directory.

我可以检索由Active Directory，例如提供如权利要求的信息通过调用以下行，我得到了名称".

I can retrieve Claim information provided by Active Directory, e.g. by calling the following line I get the 'name'.

User.Claims.FirstOrDefault(c => c.Type == "name")?.Value;

我想为登录用户添加自定义声明-CompanyId = 123456.我可以添加自定义的要求但它是只有在要求设置在页面上可用的.

I want to add a custom claim - CompanyId = 123456 for the logged in user.I'm able to add a custom claim however it is only available on the page where the claim is set.

Claim claim = new Claim("CompanyId", "123456", ClaimValueTypes.String);
((ClaimsIdentity)User.Identity).AddClaim(claim);

我的理解是，我需要以某种方式更新Active Directory已发布的令牌或在发布令牌之前设置声明.我不确定该怎么做.

My understanding is that I somehow need to update the token that has been issued by Active Directory or set the claim before the token is issued. I'm unsure how to do this.

我怀疑这需要在SignIn()的AccountController中完成

I suspect this needs to be done in the AccountController at SignIn()

// GET: /Account/SignIn
[HttpGet]
public IActionResult SignIn()
{
    return Challenge(
            new AuthenticationProperties { RedirectUri = "/" }, OpenIdConnectDefaults.AuthenticationScheme);
}

我已经阅读了许多有关这种情况的文章和示例(包括 https: //github.com/ahelland/AADGuide-CodeSamples/tree/master/ClaimsWebApp )，但是尚未设法解决如何在请求中持久保留Claim的问题.

I've read numerous articles and samples about this scenario (including https://github.com/ahelland/AADGuide-CodeSamples/tree/master/ClaimsWebApp) however have not managed to solve how to persist the Claim across requests.

我已成功地设法坚持使用ASP.NET身份作为身份验证提供自定义声明，但是这似乎是因为自定义如权利要求被保存到数据库中..

I have successfully managed to persist custom Claims using ASP.NET Identity as the Authentication Provider, but this appears to be because the custom Claim is saved to the database..

推荐答案

OnTokenValidated为您提供了修改从传入令牌获得的ClaimsIdentity的机会，以下代码供您参考:

OnTokenValidated offers you the chance to modify the ClaimsIdentity obtained from the incoming token , code below is for your reference :

private Task TokenValidated(TokenValidatedContext context)
{
    Claim claim = new Claim("CompanyId", "123456", ClaimValueTypes.String);
    (context.Ticket.Principal.Identity as ClaimsIdentity).AddClaim(claim);

    return Task.FromResult(0);
}

设置:

Setting the OpenIdConnectEvents:

Events = new OpenIdConnectEvents
{
    OnRemoteFailure = OnAuthenticationFailed,
    OnAuthorizationCodeReceived = OnAuthorizationCodeReceived,

    OnTokenValidated = TokenValidated
}

然后使用:

var companyId=  User.Claims.FirstOrDefault(c => c.Type == "CompanyId")?.Value;

这篇关于使用Azure Active Directory进行ASP.NET Core身份验证并在请求之间持久保留自定义声明的文章就介绍到这了，希望我们推荐的答案对大家有所帮助，也希望大家多多支持！