堆栈内存溢出
  简体   繁体   English

基于角色的令牌ASP.net身份

[英]Role based tokens ASP.net Identity

 原文  2014-06-05 22:18:53       asp.net/ asp.net-mvc-5/ asp.net-identity/ owin/ asp.net-web-api2

问题描述

I am using the standard ASP.net OWIN OAuth middleware system to authenticate local users with Bearer tokens. 我正在使用标准ASP.net OWIN OAuth中间件系统来使用Bearer令牌对本地用户进行身份验证。 What I would like to do is is hand out role-based tokens for the same user account. 我想做的是为同一用户帐户分发基于角色的令牌。 eg. 例如。 

           OAuth TokenA => General User Privileges 
UserA -> 
           OAuth TokenB => Admin User Privileges

Is this supported in any way? 是否以任何方式支持?

2 个解决方案

解决方案1
 1 已采纳  2014-06-09 17:07:55

I was able to solve this using the following method - 我可以使用以下方法解决此问题- 

//ensure the token is a User role token only
identity.AddClaim(new Claim(ClaimTypes.Role, "User"));

Where 'identity' is an instance of 其中“身份”是 

System.Security.Claims.Identity

Then in my System.Web.Http.AuthorizeAttribute implementation, I can check the claim like so- 然后在我的System.Web.Http.AuthorizeAttribute实现中,我可以像这样检查声明: 

//get claims of the Role type
var identity = (ClaimsIdentity)actionContext.RequestContext.Principal.Identity;
IEnumerable<Claim> claims = identity.Claims.Where(c => c.Type == ClaimTypes.Role);

//check if any claim for the User role, if so this is a non-privleged token
var nonPrivToken = claims.Any(c => c.Value == "User");

解决方案2
 0  2014-07-01 07:58:54

You can add claims to the user just before the bearer token is generated. 您可以在生成承载令牌之前向用户添加声明。 So if you change the things you put into, two different bearer token can be generated and consumed. 因此,如果您更改放入的物品,则会生成并使用两个不同的承载令牌。

(From the taiseer-joudeh-blog ) (摘自taiseer-joudeh-blog 

 public class SimpleAuthorizationServerProvider : OAuthAuthorizationServerProvider
{
    public override async Task ValidateClientAuthentication(OAuthValidateClientAuthenticationContext context)
    {
        context.Validated();
    }

    public override async Task GrantResourceOwnerCredentials(OAuthGrantResourceOwnerCredentialsContext context)
    {

        context.OwinContext.Response.Headers.Add("Access-Control-Allow-Origin", new[] { "*" });

        using (AuthRepository _repo = new AuthRepository())
        {
            IdentityUser user = await _repo.FindUser(context.UserName, context.Password);

            if (user == null)
            {
                context.SetError("invalid_grant", "The user name or password is incorrect.");
                return;
            }
        }

        var identity = new ClaimsIdentity(context.Options.AuthenticationType);
         // Change the role and create new bearer token
        identity.AddClaim(new Claim("role", "user"));
        context.Validated(identity);




    }
}

暂无
暂无

声明:本站的技术帖子网页,遵循CC BY-SA 4.0协议,如果您需要转载,请注明本站网址或者原文地址。任何问题请咨询:yoyou2525@163.com.

相关问题 基于角色的访问控制与ASP.NET身份 - Role based access control with ASP.NET identity Asp.Net身份中基于角色的会话过期持续时间 - Role Based Session Expiring Duration in Asp.Net Identity ASP.NET Core 3.1 中基于角色的授权,带有身份和外部登录 - Role based authorization in ASP.NET Core 3.1 with Identity and ExternalLogin ASP.NET MVC 5 Identity 2基于用户角色的登录重定向 - ASP.NET MVC 5 Identity 2 Login redirect based on user role Identity 2.0 中的 ASP.NET 角色管理 - ASp.net Role management in Identity 2.0 将用户添加到角色ASP.NET身份 - Add User to Role ASP.NET Identity ASP.NET身份动态角色授权 - ASP.NET Identity Dynamic Role Authorization Asp.Net Identity 查找不在角色中的用户 - Asp.Net Identity find users not in role Asp.Net 身份角色管理器 - ASp.Net Identity Role manager 按角色获取ASP.NET Identity用户 - Get ASP.NET Identity users by role
相关标签
 
粤ICP备18138465号  © 2020-2024 STACKOOM.COM