[英]How to add roles to the asp identity bearer token
I implemented OWIN bearer token authorization, and based on this article: http://bitoftech.net/2014/06/01/token-based-authentication-asp-net-web-api-2-owin-asp-net-identity/ , and now i want to add roles to the bearer token so that i can be able retrieve it on the controller like am doing with the userName... identity.AddClaim(new Claim(ClaimTypes.Name, context.UserName));
我实现了OWIN承载令牌授权,并基于本文: http ://bitoftech.net/2014/06/01/token-based-authentication-asp-net-web-api-2-owin-asp-net-identity / ,现在我想向承载令牌添加角色,以便可以像使用userName ...一样在控制器上检索它identity.AddClaim(new Claim(ClaimTypes.Name, context.UserName));
and was able to get the username of the current user with User.Identity.Name
并能够使用User.Identity.Name
获取当前用户的用户名
Check my latest post on bitoftech where I read Roles once I generate token, or you can assign roles manually using the ClaimsType.Role
like you assign the UserName. 查看我关于bitoftech的最新文章,在我生成令牌后阅读“角色”,或者您可以使用ClaimsType.Role
手动分配角色,就像分配UserName一样。 Hope this answers your question. 希望这能回答您的问题。
http://forums.asp.net/t/1998896.aspx?Cannot+assign+claims+identity+to+a+variable+using+asp+net+WebAPI+with+Oauth+ http://forums.asp.net/t/1998896.aspx?Cannot+assign+claims+identity+to+a+variable+using+asp+net+WebAPI+with+Oauth+
http://nareshjois.com/custom-information-in-asp-net-identity-cookie-ticket/ http://nareshjois.com/custom-information-in-asp-net-identity-cookie-ticket/
i managed to add and read new roles manually by creating a new column in the asp identity AspNetUsers
table named RoleName and i added roles directly... 我设法通过在asp身份AspNetUsers
表中创建名为RoleName的新列来手动添加和读取新角色,并直接添加了角色...
public override async Task GrantResourceOwnerCredentials(OAuthGrantResourceOwnerCredentialsContext context)
{
context.OwinContext.Response.Headers.Add("Access-Control-Allow-Origin", new[] { "*" });
using (AuthRepo _repo = new AuthRepo())
{
UserProfile user = await _repo.FindUser(context.UserName, context.Password);
if (user == null)
{
context.SetError("invalid_grant", "The user name or password is incorrect.");
return;
}
/*var claims = new List<Claim>
{
new Claim(ClaimTypes.GivenName, user.FirstName),
};*/
var identity = new ClaimsIdentity(context.Options.AuthenticationType);
identity.AddClaim(new Claim("sub", context.UserName));
identity.AddClaim(new Claim("role", "user"));
identity.AddClaim(new Claim(ClaimTypes.Name, context.UserName));
identity.AddClaim(new Claim("RoleName", user.RoleName));
context.Validated(identity);
}
}
i then could read a role associated with each user like so 然后,我可以像这样读取与每个用户相关联的角色
var cp = User as ClaimsPrincipal; //var cp = (ClaimsPrincipal)User;
var roleName = ((Claim)cp.Claims.SingleOrDefault(x => x.Type == "RoleName")).Value.ToString();
I PERSONALLY FIND THIS EASIER TO MAINTAIN... 我个人很容易维护
You can add a function to do so. 您可以添加一个功能。
public static AuthenticationProperties CreateProperties(string userName, string Roles)
{
IDictionary<string, string> data = new Dictionary<string, string>
{
{ "userName", userName },
{"roles",Roles}
};
return new AuthenticationProperties(data);
}
声明:本站的技术帖子网页,遵循CC BY-SA 4.0协议,如果您需要转载,请注明本站网址或者原文地址。任何问题请咨询:yoyou2525@163.com.