问题描述
我已经实现了Jwt作为验证用户身份的方法.但是,我对如何在应用程序中执行某些角色方面的工作感到困惑.目前,我的Jwt令牌包含用户的电子邮件,电话,ID和他们拥有的角色列表.
I have implemented Jwt as a way to authenticate my user. However, I am stuck on how I can do certain things on my application with regards to roles. Currently my Jwt Token contains the users email, phone , id and a list of roles that they have.
我对该令牌所做的操作是这样的:
What I do with that token is like this:
[TypeFilter(typeof(ValidateRolesFilter), Arguments = new object[] {
ApplicationGlobals.ApplicationSecretKey, RoleGlobals.SystemAdministrator
})]
public IActionResult Index()
{
return View();
}
我的Typefilter包含一个rest请求,该请求将令牌发送到另一个应用程序以验证我的用户是否可以访问该Function.然而,谈到我,我陷入了困境.我想对某些容器进行细分,以允许具有特定角色的某些用户查看它们.
My Typefilter contains a rest request that sends the token to another application to verify if my user can access that Function. However,I am stuck when it comes to the view. I want to segment certain containers to be allowed to be viewed by certain users with certain roles.
我有一个想法,如果我像非jwt应用程序一样将用户声明添加到signinmanager,则可以从httpcontext中获得声明.但是,我不知道我所拥有的是否可以与使用jwt的应用程序一起使用.
I have an idea that if I were to add my users claims to the signinmanager just like a non jwt application, i would be able to get the claims from the httpcontext. However, I don't know if what I have can work with an application that uses jwt.
public async Task SignInUserAsync(TIdentityUser user, bool isPersistent, IEnumerable<Claim> customClaims)
{
var claimsPrincipal = await _signInManager.CreateUserPrincipalAsync(user);
var identity = claimsPrincipal.Identity as ClaimsIdentity;
var claims = (from c in claimsPrincipal.Claims select c).ToList();
var savedClaims = claims;
foreach (var item in claims)
{
identity.RemoveClaim(item);
}
if (customClaims != null)
{
identity.AddClaim(savedClaims[0]);
identity.AddClaim(savedClaims[1]);
identity.AddClaim(savedClaims[2]);
identity.AddClaims(customClaims);
}
await _signInManager.Context.SignInAsync(IdentityConstants.ApplicationScheme,
claimsPrincipal,
new AuthenticationProperties { IsPersistent = isPersistent });
}
推荐答案
JSON Web令牌由点(.)分隔的三个部分组成:Header,Payload,Signature.因此,JWT通常看起来像xxxxx.yyyyy .zzzzz.令牌的第二部分是有效负载,其中包含声明.
JSON Web Tokens consist of three parts separated by dots (.), which are: Header,Payload,Signature .Therefore, a JWT typically looks like xxxxx.yyyyy.zzzzz .The second part of the token is the payload, which contains the claims.
您可以解码访问令牌以获得与您的角色有关的声明:
You can decode the access token to get the claims which related to your roles :
使用System.IdentityModel解码和验证JWT令牌.Tokens.Jwt
如果您正在使用Owin OpenID Connect中间件从身份提供程序(如Azure AD,Idenity服务器4)对用户进行身份验证,则可以在OnTokenValidated事件下向主体添加其他声明.
If you are using Owin OpenID Connect middlerware to autheticate user from identity provider like Azure AD , Idenity server 4.... You can add additional claims to principal under OnTokenValidated event .
您还可以在登录前将声明(解码并获得声明)添加到用户上下文中:
You can also add the claims(decode and get the claims) to user context before sign- in :
var identity = new ClaimsIdentity(CookieAuthenticationDefaults.AuthenticationScheme, ClaimTypes.Name, ClaimTypes.Role);
identity.AddClaim(new Claim(ClaimTypes.NameIdentifier, loginData.Username));
identity.AddClaim(new Claim(ClaimTypes.Name, loginData.Username));
//add your custom claims
....
var principal = new ClaimsPrincipal(identity);
await HttpContext.SignInAsync(CookieAuthenticationDefaults.AuthenticationScheme, principal, new AuthenticationProperties { IsPersistent = loginData.RememberMe });
然后,您可以在视图中访问声明,例如:
Then you can access the claims in view like :
@foreach (var item in Context.User.Claims)
{
<p>@item.Value</p>
};
这篇关于ASP.NET Core Jwt实现Signinmanager声明的文章就介绍到这了,希望我们推荐的答案对大家有所帮助,也希望大家多多支持!