如何在 Azure Web App 上托管的 Web 表单中检索当前的 Azure AD 用户信息(电子邮件、名字、姓氏)?

How can I retrieve current Azure AD User informations (email, firstname, lastname) in web-forms hosted on Azure Web App?

我有一个托管在 Azure Web 应用程序上的网站解决方案(.net framework/web 表单)。

我想检索(在 Global.Asax 的 Session_Start 中)当前的 azure AD 用户信息,但它不适用于此代码:

    if (((System.Security.Claims.ClaimsIdentity)User.Identity) != null)
        string IdentityName = ((System.Security.Claims.ClaimsIdentity)User.Identity).Name;

    if (System.Security.Claims.ClaimsPrincipal.Current.FindFirst(System.Security.Claims.ClaimTypes.Name) != null)
        string name = System.Security.Claims.ClaimsPrincipal.Current.FindFirst(System.Security.Claims.ClaimTypes.Name).Value;

    if (System.Security.Claims.ClaimsPrincipal.Current.FindFirst("http://schemas.microsoft.com/identity/claims/objectidentifier") != null)
        string ObjectId = System.Security.Claims.ClaimsPrincipal.Current.FindFirst("http://schemas.microsoft.com/identity/claims/objectidentifier").Value;

    if (System.Security.Claims.ClaimsPrincipal.Current.FindFirst(System.Security.Claims.ClaimTypes.GivenName) != null)
        string GivenName = System.Security.Claims.ClaimsPrincipal.Current.FindFirst(System.Security.Claims.ClaimTypes.GivenName).Value;

    if (System.Security.Claims.ClaimsPrincipal.Current.FindFirst(System.Security.Claims.ClaimTypes.Surname) != null)
        string Surname = System.Security.Claims.ClaimsPrincipal.Current.FindFirst(System.Security.Claims.ClaimTypes.Surname).Value;

    if (System.Security.Claims.ClaimsPrincipal.Current.FindFirst(System.Security.Claims.ClaimTypes.Upn) != null)
        string UPN = System.Security.Claims.ClaimsPrincipal.Current.FindFirst(System.Security.Claims.ClaimTypes.Upn).Value;

    if (System.Security.Claims.ClaimsPrincipal.Current.FindFirst(System.Security.Claims.ClaimTypes.Email) != null)
        string Email = System.Security.Claims.ClaimsPrincipal.Current.FindFirst(System.Security.Claims.ClaimTypes.Email).Value;

你能帮帮我吗?

谢谢。

Global.asax Session_Start 在会话开始时调用,也就是说,当浏览器访问您的站点时。浏览器用户此时通常还没有登录,因此不会有任何 HttpContext.Current.User.Identity.Name 供您获取。你应该得到一个空字符串。

如果您在认证时在声明中添加用户信息,您可以通过代码获取。

  • 您可以使用 Graph Api 按 id 检索用户详细信息,如下所示:
GET https://graph.microsoft.com/v1.0/users/{id | userPrincipalName}
  • 您可以使用中间件获取当前登录的用户信息、声明并将其添加到您的身份用户。
 public class Middleware
    {
        private readonly RequestDelegate _next;

        public Middleware(RequestDelegate next)
        {
            _next = next;
        }

       public async Task Invoke(HttpContext httpContext)
       {
            if (httpContext.Request.Headers.ContainsKey("X-MS-CLIENT-PRINCIPAL-ID"))
            {
                 // Read headers from Azure and get jwt claims
                 var idHeader = httpContext.Request.Headers["X-MS-CLIENT-PRINCIPAL-ID"][0];
                 var idTokenHeader = httpContext.Request.Headers["X-MS-TOKEN-AAD-ID-TOKEN"][0];

                 var handler = new JwtSecurityTokenHandler();
                 var jwtToken = handler.ReadToken(idTokenHeader) as JwtSecurityToken;
                 var jwtClaims = jwtToken.Claims.ToList();
                 jwtClaims.Add(new Claim("http://schemas.microsoft.com/identity/claims/objectidentifier", idHeader));

                 // Set user in current context as claims principal
                 var identity = new GenericIdentity(idHeader);
                 identity.AddClaims(jwtClaims);

                 // Set current thread user to identity
                 httpContext.User = new GenericPrincipal(identity, null);
            }
            await _next.Invoke(httpContext);
       }


// Extension method used to add the middleware to the HTTP request pipeline.
    public static class Middleware
    {
        public static IApplicationBuilder UseMiddleware(this IApplicationBuilder builder)
        {
            return builder.UseMiddleware<Middleware>();
        }
    }


//and is startup use it like this: 
public void Configure(IApplicationBuilder app, IHostingEnvironment env)
{
   app.UseMiddleware();
}