[英]Kentor Auth Services - Additional Claim
I'm evaluating the Kentor auth services (the OWIN version of it) to authenticate users using SAML. 我正在评估Kentor auth服务 (它的OWIN版本)以使用SAML对用户进行身份验证。 Now I would like to pass an additional claim to the service. 现在我想对该服务另外提出索赔。 Together with the samples there I was able to send the request to the service and debug it. 与那里的样本一起,我能够将请求发送到服务并进行调试。
I made a custom claimsAuthenticationManager and there I can see the additional claim arriving at the auth service. 我做了一个自定义声明的身份验证管理器,在那里我可以看到另外的声明到达auth服务。 But later on (in the Kendor examples there is a the view home/index listing all the claims) this claim is not available anymore. 但是后来(在肯德尔的例子中有一个查看主页/索引列出所有索赔)这个声明不再可用。 Does anyone have an idea what i'm doing wrong? 有谁知道我做错了什么?
Thanks a lot! 非常感谢!
When using AuthServices (or any external login) together with ASP.NET Identity, the incoming claims are only used for looking up the ASP.NET Identity user in the database. 将AuthServices(或任何外部登录)与ASP.NET Identity一起使用时,传入的声明仅用于在数据库中查找ASP.NET Identity用户。 Then incoming user is then discarded completely and the user from ASP.NET Identity is loaded and used 然后完全丢弃传入的用户,并加载和使用来自ASP.NET Identity的用户
In the default MVC5 template, the switch from the external identity to the ASP.NET Identity is done in AccountController.ExternalLoginCallback()
. 在默认的MVC5模板中,从外部标识到ASP.NET标识的切换是在AccountController.ExternalLoginCallback()
。 To keep the incoming information you have to adjust this method. 要保留传入的信息,您必须调整此方法。 There are two options. 有两种选择。
ExternalLoginCallback()
1.在ExternalLoginCallback()
更新存储的用户 // Sign in the user with this external login provider if the user already has a login
var user = await UserManager.FindAsync(loginInfo.Login);
if (user != null)
{
// Update user with info from external identity and save.
user.GivenName = loginInfo.ExternalIdentity.FindFirst(ClaimTypes.GivenName).Value;
await UserManager.UpdateAsync(user);
await SignInAsync(user, isPersistent: false);
return RedirectToLocal(returnUrl);
}
Copy the contents of SignInAsync()
to your ExternalLoginCallback()
method. 将SignInAsync()
的内容复制到ExternalLoginCallback()
方法。 Extract the call to user.GenerateUserIdentityAsync() to a separate line and. Add claims before calling
将对user.GenerateUserIdentityAsync()的调用解压缩to a separate line and. Add claims before calling
to a separate line and. Add claims before calling
SignInAsync()` to a separate line and. Add claims before calling
SignInAsync() to a separate line and. Add claims before calling
// Sign in the user with this external login provider if the user already has a login
var user = await UserManager.FindAsync(loginInfo.Login);
if (user != null)
{
AuthenticationManager.SignOut(DefaultAuthenticationTypes.ExternalCookie);
var identity = await user.GenerateUserIdentityAsync(UserManager);
identity.AddClaim(loginInfo.ExternalIdentity.FindFirst(ClaimTypes.GivenName));
AuthenticationManager.SignIn(new AuthenticationProperties() { IsPersistent = isPersistent },
identity);
return RedirectToLocal(returnUrl);
}
It is also possible to use external login without ASP.NET Identity . 也可以在没有ASP.NET标识的情况下使用外部登录 。 If you're only using identities from the Idp and no other login method, that is probably easier to work with. 如果您只使用Idp中的身份而没有其他登录方法,则可能更容易使用。
声明:本站的技术帖子网页,遵循CC BY-SA 4.0协议,如果您需要转载,请注明本站网址或者原文地址。任何问题请咨询:yoyou2525@163.com.