添加声明(asp.net core mvc OpenID Owin Katana 身份验证)
Add Claims (asp.net core mvc OpenID Owin Katana Authentication )
我正在学习本教程 link。我可以使用 azure 广告用户登录。但是一旦用户通过身份验证。我们想将其存储到身份声明中以进行身份验证。
我们正在将 Asp.net MVC 应用程序迁移到 asp.net 核心 MVC 1.0。在 Asp.net MVC 应用程序中,我们添加这样的声明
context.AuthenticationTicket.Identity.AddClaim(new System.Security.Claims.Claim("urn:Projectname:access_token", result.AccessToken, XmlSchemaString, "Projectname"));
我想知道如何在上面的教程中添加声明标识。
代码片段
app.UseOpenIdConnectAuthentication(new OpenIdConnectOptions
{
ClientId = clientId,
ClientSecret = clientSecret,
Authority = authority,
CallbackPath = Configuration["AzureAd:AuthCallback"],
ResponseType = OpenIdConnectResponseType.CodeIdToken,
PostLogoutRedirectUri = "/signed-out",
Events = new OpenIdConnectEvents()
{
OnAuthorizationCodeReceived = async context =>
{
var request = context.HttpContext.Request;
var currentUri = UriHelper.BuildAbsolute(request.Scheme, request.Host,request.PathBase, request.Path);
var credential = new ClientCredential(clientId, clientSecret);
var authContext = new AuthenticationContext(authority, AuthPropertiesTokenCache.ForCodeRedemption(context.Properties));
var result = await authContext.AcquireTokenByAuthorizationCodeAsync(
context.ProtocolMessage.Code, new Uri(currentUri), credential, resource);
// In result variable , we are getting the AccessToken and we want to add this into claims identity here.
context.HandleCodeRedemption();
}
}
});
更新
我们正在存储令牌、域名(从数据库中获取)、用于中间层身份验证的租户信息。就像在非常控制器的操作方法中一样,我们从声明中获取存储的信息。
类似的东西(旧 Asp.net MVC 应用程序代码)。
在Startup.Auth.csclass
在所有控制器操作方法中
我们正在将 Asp.net MVC 应用程序迁移到 asp.net 核心 MVC 1.0。那么在 asp.net 核心中是否有任何等效的方法来添加声明。我正在关注 This sample。我可以使用 azure 广告用户登录。但是一旦用户通过身份验证。我们想将其存储到身份声明中以进行身份验证(中间层)。
这就是我使用 Claims Identity 登录的方式:
using System.Security.Claims;
private void registerLogin(Person person)
{
var userClaims = new List<Claim>
{
new Claim(ClaimTypes.Name, person.LoginName),
new Claim(ClaimTypes.GivenName, person.FirstName),
new Claim(ClaimTypes.Surname, person.LastName),
new Claim(ClaimTypes.Email, person.Email)
};
var principal = new ClaimsPrincipal(new ClaimsIdentity(userClaims, "local"));
Context.Authentication.SignInAsync("PutNameHere", principal);
}
代码
ClaimsPrincipal claimsPrincipal = await TransformClaims(context.Ticket.Principal, result);
context.Ticket = new AuthenticationTicket(
claimsPrincipal,
context.Ticket.Properties,
context.Ticket.AuthenticationScheme);
TransformClaims 方法 类似的东西
private Task<ClaimsPrincipal> TransformClaims(ClaimsPrincipal principal, AuthenticationResult result)
{
if (principal.Identity.IsAuthenticated)
{
// get this from cache or db
var nickname = "Nanu";
(principal.Identity as ClaimsIdentity).AddClaim(new Claim("Nickname", nickname));
(principal.Identity as ClaimsIdentity).AddClaim(new Claim("urn:innubex:access_token", result.AccessToken));
}
return Task.FromResult(principal);
}
访问声明
string accesstoken = "", Nickname = "";
var claimsIdentity = User.Identity as ClaimsIdentity;
if (claimsIdentity.IsAuthenticated)
{
accesstoken = claimsIdentity.FindAll("urn:access_token").FirstOrDefault().Value;
Nickname = claimsIdentity.FindAll("Nickname").FirstOrDefault().Value;
}
我正在学习本教程 link。我可以使用 azure 广告用户登录。但是一旦用户通过身份验证。我们想将其存储到身份声明中以进行身份验证。 我们正在将 Asp.net MVC 应用程序迁移到 asp.net 核心 MVC 1.0。在 Asp.net MVC 应用程序中,我们添加这样的声明
context.AuthenticationTicket.Identity.AddClaim(new System.Security.Claims.Claim("urn:Projectname:access_token", result.AccessToken, XmlSchemaString, "Projectname"));
我想知道如何在上面的教程中添加声明标识。
代码片段
app.UseOpenIdConnectAuthentication(new OpenIdConnectOptions
{
ClientId = clientId,
ClientSecret = clientSecret,
Authority = authority,
CallbackPath = Configuration["AzureAd:AuthCallback"],
ResponseType = OpenIdConnectResponseType.CodeIdToken,
PostLogoutRedirectUri = "/signed-out",
Events = new OpenIdConnectEvents()
{
OnAuthorizationCodeReceived = async context =>
{
var request = context.HttpContext.Request;
var currentUri = UriHelper.BuildAbsolute(request.Scheme, request.Host,request.PathBase, request.Path);
var credential = new ClientCredential(clientId, clientSecret);
var authContext = new AuthenticationContext(authority, AuthPropertiesTokenCache.ForCodeRedemption(context.Properties));
var result = await authContext.AcquireTokenByAuthorizationCodeAsync(
context.ProtocolMessage.Code, new Uri(currentUri), credential, resource);
// In result variable , we are getting the AccessToken and we want to add this into claims identity here.
context.HandleCodeRedemption();
}
}
});
更新
我们正在存储令牌、域名(从数据库中获取)、用于中间层身份验证的租户信息。就像在非常控制器的操作方法中一样,我们从声明中获取存储的信息。 类似的东西(旧 Asp.net MVC 应用程序代码)。
在Startup.Auth.csclass
在所有控制器操作方法中
我们正在将 Asp.net MVC 应用程序迁移到 asp.net 核心 MVC 1.0。那么在 asp.net 核心中是否有任何等效的方法来添加声明。我正在关注 This sample。我可以使用 azure 广告用户登录。但是一旦用户通过身份验证。我们想将其存储到身份声明中以进行身份验证(中间层)。
这就是我使用 Claims Identity 登录的方式:
using System.Security.Claims;
private void registerLogin(Person person)
{
var userClaims = new List<Claim>
{
new Claim(ClaimTypes.Name, person.LoginName),
new Claim(ClaimTypes.GivenName, person.FirstName),
new Claim(ClaimTypes.Surname, person.LastName),
new Claim(ClaimTypes.Email, person.Email)
};
var principal = new ClaimsPrincipal(new ClaimsIdentity(userClaims, "local"));
Context.Authentication.SignInAsync("PutNameHere", principal);
}
代码
ClaimsPrincipal claimsPrincipal = await TransformClaims(context.Ticket.Principal, result);
context.Ticket = new AuthenticationTicket(
claimsPrincipal,
context.Ticket.Properties,
context.Ticket.AuthenticationScheme);
TransformClaims 方法 类似的东西
private Task<ClaimsPrincipal> TransformClaims(ClaimsPrincipal principal, AuthenticationResult result)
{
if (principal.Identity.IsAuthenticated)
{
// get this from cache or db
var nickname = "Nanu";
(principal.Identity as ClaimsIdentity).AddClaim(new Claim("Nickname", nickname));
(principal.Identity as ClaimsIdentity).AddClaim(new Claim("urn:innubex:access_token", result.AccessToken));
}
return Task.FromResult(principal);
}
访问声明
string accesstoken = "", Nickname = "";
var claimsIdentity = User.Identity as ClaimsIdentity;
if (claimsIdentity.IsAuthenticated)
{
accesstoken = claimsIdentity.FindAll("urn:access_token").FirstOrDefault().Value;
Nickname = claimsIdentity.FindAll("Nickname").FirstOrDefault().Value;
}