如何使用C＃代码设置对aad令牌的自定义声明

本文介绍了如何使用C＃代码设置对aad令牌的自定义声明的处理方法，对大家解决问题具有一定的参考价值，需要的朋友们下面随着小编来一起学习吧！

问题描述

我有一个webapi生成 aad 令牌，并且我在 Get（）方法中编写了令牌生成逻辑

我可以从webapi get（）方法生成aad jwt令牌，但是现在我想在令牌中包含一些自定义声明。

如何使用c＃将自定义声明设置为aad令牌。

我已使用以下代码生成aad

  var authenticationContext = new Microsoft.IdentityModel.Clients.ActiveDirectory.AuthenticationContext（ https://login.windows.net / + ConfigurationManager.AppSettings [ TenantID]。ToString（））; 
 var credential = new ClientCredential（clientId：ConfigurationManager.AppSettings [ ClientID]。ToString（），clientSecret：secret）; 
 var result = await authenticationContext.AcquireTokenAsync（
 ConfigurationManager.AppSettings [ Resource]。ToString（），
凭据
）.ConfigureAwait（false）;

请共享任何示例c＃代码，以将自定义声明设置为根据上述代码生成的aad令牌。

注意：我想为aad令牌设置新的自定义声明，该自定义声明是从外部逻辑获得自定义声明值的。

更新1：

如下所示的帖子可能会有用。

我要使用从外部获取的值动态更新扩展声明属性 extension_clientid_moviename 的值源代码。怎么做。

更新3：

我尝试了以下代码进行更新扩展声明属性出现在可选声明ID令牌中。

 等待graphApiServiceClient.Users [ abcd@hotmail.com] 
 .Request（）
 .UpdateAsync（new User（）
 {
 AdditionalData = dictionary 
}）;

我遇到以下错误

 代码：Request_ResourceNotFound\r\nMessage：资源''不存在，或者其查询的参考属性对象之一不存在。

解决方案

关于Update 3中的问题，我们不能在此处使用来宾用户电子邮件。我们应该改用ObjectId。这就是为什么出现 Request_ResourceNotFound 错误的原因。

 等待graphApiServiceClient.Users [ ObjectId] 
 .Request（）
 .UpdateAsync（new User（）
 {
 AdditionalData = dictionary 
}）;

I have a webapi which generates aad token and I have written token generation logic in Get() method in webapi.

I'm able generate aad jwt token from webapi get() method but, now I want to include some custom claims into the token.

How can I set custom claims to aad token using c#.

I have used below code for generating aad token.

var authenticationContext = new Microsoft.IdentityModel.Clients.ActiveDirectory.AuthenticationContext("https://login.windows.net/" + ConfigurationManager.AppSettings["TenantID"].ToString());
            var credential = new ClientCredential(clientId: ConfigurationManager.AppSettings["ClientID"].ToString(), clientSecret: secret);
            var result = await authenticationContext.AcquireTokenAsync(
                ConfigurationManager.AppSettings["Resource"].ToString(),
                credential
                ).ConfigureAwait(false);

Kindly share any sample c# code to set custom claims to aad token generated from above code .

Note: I want to set a new custom claim for aad token where custom claim value obtained from external logic.

Update 1:

Looks like below post may be useful.

https://www.rahulpnath.com/blog/azure-ad-custom-attributes-and-optional-claims-from-an-asp-dot-net-application/

I tried below following above post.

Generated jwt token to call Graph API. But I got blocked at below code.

    var dictionary = new Dictionary<string, object>();
        dictionary.Add(employeeCodePropertyName, employee.Code);

//Here I can't use graphApiClient.Users because, I don't have any user info on my jwt token. It will be just Access token which as details related to aad application.I want to update extension attribute which is present in OptionalClaims -> Access Token of AAD Application Manifest.
        await graphApiClient.Users[employee.EmailAddress]  
            .Request()
            .UpdateAsync(new User()
            {
                AdditionalData = dictionary
            });

How to update extension claim attribute present in access token of optional claims . I want to update through c# code.How to do that. Kindly suggest.

Update 2:

I want to use code similar to below for updating custom extension claim attribute present in optional claims of azure ad app but UpdateAsync is not working.

await graphApiClient.Application[clientid]  
            .Request()
            .UpdateAsync(new Application()
            {
                AdditionalData = dictionary
            });

At UpdateAsync(), I'm getting issue as below

Specified HTTP method is not allowed for the request

Kindly let me know the solution to add custom user defined claim to azure ad access token.

Note: Since, I want to update access token ,there will be not be any user info on access token. So, graphApiClient.Users[employee.EmailAddress] won't work, as access token will not have any user info like EmailAddress

I have created extension claim attribute in azure ad ap manifest as below

I want to update extension claim attribute extension_clientid_moviename value dynamically with value obtained from external source through code. How to do that. Kindly suggest.

Update 3:

I have tried below code to update extension claim attribute present in Optional claims ID Token.

   await graphApiServiceClient.Users["abcd@hotmail.com"]
                .Request()
                .UpdateAsync(new User()
                {
                    AdditionalData = dictionary
                });

I am getting error as below

Code: Request_ResourceNotFound\r\nMessage: Resource '' does not exist or one of its queried reference-property objects are not present.

解决方案

Regarding the issue in Update 3, we can not use the guest user email here. We should use ObjectId instead. That's why you got Request_ResourceNotFound error.

await graphApiServiceClient.Users["ObjectId"]
                .Request()
                .UpdateAsync(new User()
                {
                    AdditionalData = dictionary
                });

这篇关于如何使用C＃代码设置对aad令牌的自定义声明的文章就介绍到这了，希望我们推荐的答案对大家有所帮助，也希望大家多多支持！