然后，您可以从数据库中获取所需的角色，并将其添加到声明中.I have a Blazer Server app which now uses authentication from a local ADFS server. Having identified the user, I now need to load their permissions. We don't think this can be provided via claims from the ADFS server, so want to configure this in the DB, but need to understand how/when to get this information.Regarding the hook into ADFS, my code is as follows (any suggestions on improvement most welcome)App.razor<CascadingAuthenticationState> <Router AppAssembly="@typeof(Program).Assembly"> <Found Context="routeData"> <AuthorizeRouteView RouteData="@routeData" DefaultLayout="@typeof(MainLayout)"> <NotAuthorized> <h1>Sorry</h1> <p>You're not authorized to reach this page.</p> <p>You may need to log in as a different user.</p> </NotAuthorized> </AuthorizeRouteView> </Found> <NotFound> <LayoutView Layout="@typeof(MainLayout)"> <h1>Sorry</h1> <p>Sorry, there's nothing at this address.</p> </LayoutView> </NotFound> </Router></CascadingAuthenticationState>appsettings.Development.json{ "DetailedErrors": "true", "ConnectionStrings": { "MyDB": "Data Source=x.x.x.x;Initial Catalog=xxxxx;user id=me;password=sshhh;Persist Security Info=False;" }, "Ida": { "ADFSMetadata": "https://adfs.ourServer.com/FederationMetadata/2007-06/FederationMetadata.xml", "Wtrealm": "https://localhost:44323/" } }Startup.cs (only showing security related code)using Microsoft.AspNetCore.Authentication;using Microsoft.AspNetCore.Authentication.Cookies;using Microsoft.AspNetCore.Authentication.WsFederation;public class Startup{ public static void Configure(IApplicationBuilder app, IWebHostEnvironment env) { ..... app.UseAuthentication(); app.Use(async (context, next) => { context.Response.Headers.Add("X-Frame-Options", "DENY"); var user = context.User; if (user?.Identities.HasNoItems(identity => identity.IsAuthenticated) ?? true) { await context.ChallengeAsync(WsFederationDefaults.AuthenticationScheme).ConfigureAwait(false); } if (next != null) { await next().ConfigureAwait(false); } }); .... }... public void ConfigureServices(IServiceCollection services) { var wtrealm = this.Configuration.GetSection("Ida:Wtrealm").Value; var metadataAddress = this.Configuration.GetSection("Ida:ADFSMetadata").Value; services .AddAuthentication(sharedOptions => { sharedOptions.DefaultScheme = CookieAuthenticationDefaults.AuthenticationScheme; sharedOptions.DefaultSignInScheme = CookieAuthenticationDefaults.AuthenticationScheme; sharedOptions.DefaultChallengeScheme = WsFederationDefaults.AuthenticationScheme; }) .AddWsFederation(options => { options.Wtrealm = wtrealm ; options.MetadataAddress = metadataAddress; options.UseTokenLifetime = false; }) .AddCookie(); .... }}Any suggestions regarding the above code? When the user enters our site (any page), they automatically get pushed to the ADFS server to authenticate. Seems okay, but prevents the user from logging out....So, from ADFS we get several claims that identify the user, e.g. their UPNname. My thought is to go to the DB and load all the roles/permissions/rights that this user has. Where in my code should I put such codeThe DB is currently used by another application that uses the older "membership" tables. I want to use something a bit more up-to-date, the identity model? I can't risk breaking security for the other application. Should I store security in a new DB?Any pointers would be most welcome...assume I'm a novice at this. 解决方案 The usual way to do this is to write a custom attribute provider for ADFS.Then you can get the roles you want from the DB and they are added to the claims. 这篇关于Blazor-将ADFS与本地数据库存储库一起使用可确保安全:如何/何时挂接到SQL的文章就介绍到这了，希望我们推荐的答案对大家有所帮助，也希望大家多多支持！