堆栈内存溢出
  简体   繁体   English

添加声明(asp.net核心mvc OpenID Owin Katana身份验证)

[英]Add Claims (asp.net core mvc OpenID Owin Katana Authentication )

 原文  2016-10-27 12:24:02       azure/ asp.net-core-mvc/ claims-based-identity/ openid-connect/ katana

问题描述

I am following this tutorial link . 我正在关注本教程链接 I am able login with azure ad user. 我可以使用Azure广告用户登录。 but once the user gets authenticated. 但一旦用户通过身份验证。 we want to store it into Identity claims for authentication. 我们希望将其存储到身份声明中进行身份验证。 We are migrating Asp.net MVC application into asp.net core MVC 1.0. 我们正在将Asp.net MVC应用程序迁移到asp.net核心MVC 1.0中。 In Asp.net MVC application we are adding the claims like this 在Asp.net MVC应用程序中,我们正在添加这样的声明 

context.AuthenticationTicket.Identity.AddClaim(new System.Security.Claims.Claim("urn:Projectname:access_token", result.AccessToken, XmlSchemaString, "Projectname"));

I want to know how to add the claims identity in the above tutorial. 我想知道如何在以上教程中添加声明标识。

Code Snippet 代码段 

app.UseOpenIdConnectAuthentication(new OpenIdConnectOptions
    {
        ClientId = clientId,
        ClientSecret = clientSecret,  
        Authority = authority,
        CallbackPath = Configuration["AzureAd:AuthCallback"],
        ResponseType = OpenIdConnectResponseType.CodeIdToken,
        PostLogoutRedirectUri = "/signed-out",
        Events = new OpenIdConnectEvents()
        {
            OnAuthorizationCodeReceived = async context =>
            {
                var request = context.HttpContext.Request;
                var currentUri = UriHelper.BuildAbsolute(request.Scheme, request.Host,request.PathBase, request.Path);
                var credential = new ClientCredential(clientId, clientSecret);
                var authContext = new AuthenticationContext(authority, AuthPropertiesTokenCache.ForCodeRedemption(context.Properties));
                var result = await authContext.AcquireTokenByAuthorizationCodeAsync(
                    context.ProtocolMessage.Code, new Uri(currentUri), credential, resource);

             // In result variable , we are getting the AccessToken and we want to add this into claims identity here.

                context.HandleCodeRedemption();
            }
        }
    });

Update 更新资料

we are storing tokens,domain name ( Getting it from DB), Tenant Info for middle layer Authentication. 我们存储令牌,域名(从数据库获取),用于中间层身份验证的租户信息。 Like in very controller action methods, we are getting the stored info from claims. 就像在控制器操作方法中一样,我们从声明中获取存储的信息。 Something like that(Old Asp.net MVC Application code). 那样的东西(旧的Asp.net MVC应用程序代码)。

In Startup.Auth.cs class 在Startup.Auth.cs类中

在此处输入图片说明

In All controller action methods 在所有控制器动作方法中

在此处输入图片说明

We are migrating Asp.net MVC application into asp.net core MVC 1.0. 我们正在将Asp.net MVC应用程序迁移到asp.net核心MVC 1.0中。 So is there any equivalent method in asp.net core for adding the claims. 因此,在asp.net核心中是否有任何等效方法可以添加声明。 I am following This sample . 我正在关注此示例 I am able login with azure ad user. 我可以使用Azure广告用户登录。 but once the user gets authenticated. 但一旦用户通过身份验证。 we want to store it into Identity claims for authentication(middle layer). 我们要将其存储到身份声明中进行身份验证(中间层)。

2 个解决方案

解决方案1
 0  2016-10-28 17:18:48

This is how I was able to login using Claims Identity: 这就是我能够使用Claims Identity登录的方式: 

using System.Security.Claims;

private void registerLogin(Person person)
{
  var userClaims = new List<Claim>
    {
      new Claim(ClaimTypes.Name, person.LoginName),
      new Claim(ClaimTypes.GivenName, person.FirstName),
      new Claim(ClaimTypes.Surname, person.LastName),
      new Claim(ClaimTypes.Email, person.Email)
    };

  var principal = new ClaimsPrincipal(new ClaimsIdentity(userClaims, "local"));
  Context.Authentication.SignInAsync("PutNameHere", principal);
}

解决方案2
 0 已采纳  2016-11-08 12:21:29

The Code 编码 

  ClaimsPrincipal claimsPrincipal = await TransformClaims(context.Ticket.Principal, result);

                 context.Ticket = new AuthenticationTicket(
                     claimsPrincipal,
                     context.Ticket.Properties,
                     context.Ticket.AuthenticationScheme);

TransformClaims method Something like that TransformClaims方法类似的东西 

   private Task<ClaimsPrincipal> TransformClaims(ClaimsPrincipal principal, AuthenticationResult result)
    {
        if (principal.Identity.IsAuthenticated)
        {
            // get this from cache or db
            var nickname = "Nanu";
            (principal.Identity as ClaimsIdentity).AddClaim(new Claim("Nickname", nickname));

            (principal.Identity as ClaimsIdentity).AddClaim(new Claim("urn:innubex:access_token", result.AccessToken));
        }
        return Task.FromResult(principal);
    }

Access the claims 访问索赔 

string accesstoken = "", Nickname = "";
        var claimsIdentity = User.Identity as ClaimsIdentity;
        if (claimsIdentity.IsAuthenticated)
        {
            accesstoken = claimsIdentity.FindAll("urn:access_token").FirstOrDefault().Value;
            Nickname = claimsIdentity.FindAll("Nickname").FirstOrDefault().Value;
        }

暂无
暂无

声明:本站的技术帖子网页,遵循CC BY-SA 4.0协议,如果您需要转载,请注明本站网址或者原文地址。任何问题请咨询:yoyou2525@163.com.

相关问题 ASP.NET Core OpenId身份验证 - ASP.NET Core OpenId Authentication 如何使用OWIN / Katana保护ASP.NET MVC Web Api? - How do I secure an ASP.NET MVC Web Api using OWIN/Katana? asp.net核心如何向User添加声明 - asp.net core how to add claims to User ASP.NET Core的身份验证中间件是否始终对OpenID Connect使用隐式流? - Does ASP.NET Core's authentication middleware always use implicit flow for OpenID Connect? 用户在ASP.NET MVC中声明Azure Active Directory - User claims Azure active Directory in asp.net mvc ASP.NET CORE 5 - AD 认证 - ASP.NET CORE 5 - AD Authentication 天蓝色。 Owin OpenId身份验证。 添加了自定义声明。 未调用AuthorizationCodeReceived - Azure. Owin OpenId authentication. Added custom claims. AuthorizationCodeReceived is not called ASP.NET MVC 身份验证的最小开销 - Minimum overhead for ASP.NET MVC authentication Azure中的ASP.NET MVC Core应用 - ASP.NET MVC Core app in Azure ASP.NET Core MVC 6 Azure B2C Active Directory身份验证问题 - ASP.NET Core MVC 6 Azure B2C Active Directory Authentication issue
相关标签
 
粤ICP备18138465号  © 2020-2024 STACKOOM.COM