问题描述
我在Visual Studio 2017中创建了一个默认的ASP.NET Core网站.我选择使用Azure Active Directory进行身份验证.我运行的网站,并可以成功登录使用的帐户在Active Directory.
I have a default ASP.NET Core website created within Visual Studio 2017. I have chosen to authenticate using an Azure Active Directory.I run the site and can successfully login using an account in the Active Directory.
我可以检索由Active Directory,例如提供如权利要求的信息通过调用以下行,我得到了名称".
I can retrieve Claim information provided by Active Directory, e.g. by calling the following line I get the 'name'.
User.Claims.FirstOrDefault(c => c.Type == "name")?.Value;
我想为登录用户添加自定义声明-CompanyId = 123456.我可以添加自定义的要求但它是只有在要求设置在页面上可用的.
I want to add a custom claim - CompanyId = 123456 for the logged in user.I'm able to add a custom claim however it is only available on the page where the claim is set.
Claim claim = new Claim("CompanyId", "123456", ClaimValueTypes.String);
((ClaimsIdentity)User.Identity).AddClaim(claim);
我的理解是,我需要以某种方式更新Active Directory已发布的令牌或在发布令牌之前设置声明.我不确定该怎么做.
My understanding is that I somehow need to update the token that has been issued by Active Directory or set the claim before the token is issued. I'm unsure how to do this.
我怀疑这需要在SignIn()的AccountController中完成
I suspect this needs to be done in the AccountController at SignIn()
// GET: /Account/SignIn
[HttpGet]
public IActionResult SignIn()
{
return Challenge(
new AuthenticationProperties { RedirectUri = "/" }, OpenIdConnectDefaults.AuthenticationScheme);
}
我已经阅读了许多有关这种情况的文章和示例(包括 https: //github.com/ahelland/AADGuide-CodeSamples/tree/master/ClaimsWebApp ),但是尚未设法解决如何在请求中持久保留Claim的问题.
I've read numerous articles and samples about this scenario (including https://github.com/ahelland/AADGuide-CodeSamples/tree/master/ClaimsWebApp) however have not managed to solve how to persist the Claim across requests.
我已成功地设法坚持使用ASP.NET身份作为身份验证提供自定义声明,但是这似乎是因为自定义如权利要求被保存到数据库中..
I have successfully managed to persist custom Claims using ASP.NET Identity as the Authentication Provider, but this appears to be because the custom Claim is saved to the database..
推荐答案
OnTokenValidated
为您提供了修改从传入令牌获得的ClaimsIdentity
的机会,以下代码供您参考:
OnTokenValidated
offers you the chance to modify the ClaimsIdentity
obtained from the incoming token , code below is for your reference :
private Task TokenValidated(TokenValidatedContext context)
{
Claim claim = new Claim("CompanyId", "123456", ClaimValueTypes.String);
(context.Ticket.Principal.Identity as ClaimsIdentity).AddClaim(claim);
return Task.FromResult(0);
}
设置:
Setting the OpenIdConnectEvents
:
Events = new OpenIdConnectEvents
{
OnRemoteFailure = OnAuthenticationFailed,
OnAuthorizationCodeReceived = OnAuthorizationCodeReceived,
OnTokenValidated = TokenValidated
}
然后使用:
var companyId= User.Claims.FirstOrDefault(c => c.Type == "CompanyId")?.Value;
这篇关于使用Azure Active Directory进行ASP.NET Core身份验证并在请求之间持久保留自定义声明的文章就介绍到这了,希望我们推荐的答案对大家有所帮助,也希望大家多多支持!