如何使用 Azure Active Directory 在 ASP.NET Core 应用程序中获取经过身份验证的用户的名称
[英]How to get Name of Authenticated user in ASP.NET Core application using Azure Active Directory
问题描述
In a ASP.NET Core application with Azure AD Connected and Configured.
在 ASP.NET Core 应用程序中,已连接并配置 Azure AD。 I am able to get the NameIdentifier using this code:我能够使用此代码获取 NameIdentifier:
var user = User.FindFirst(ClaimTypes.NameIdentifier).Value; ✔️
When trying to get just a name with the following line of code:当尝试使用以下代码行获取名称时:
var user = User.FindFirst(ClaimTypes.Name).Value; ❌
I receive the following error:我收到以下错误:
Object reference not set to an instance of an object.
Looked up in Azure Active Directory the user does have a full first and last name.在 Azure Active Directory 中查找,用户确实有完整的名字和姓氏。 Tried many examples online, it looks like the name should be showing.在网上试了很多例子,看起来名字应该显示出来。
UPDATE:更新:
Finally figured it out, at first I managed to get all the human readable text like this:终于弄明白了,起初我设法得到了所有人类可读的文本,如下所示:
foreach (Claim item in User.Claims)
{
if (item.Type.Contains("name"))
{
var username = item.Value;
}
}
this is much better这个好多了
var userName = User.FindFirst("name").Value;
2 个解决方案
解决方案1
8 已采纳 2019-07-25 06:40:49
According to document : https://docs.microsoft.com/en-us/azure/architecture/multitenant-identity/claims :根据文件: https : //docs.microsoft.com/en-us/azure/architecture/multitenant-identity/claims :
In ASP.NET Core, the OpenID Connect middleware converts some of the claim types when it populates the Claims collection for the user principal:
oid > http://schemas.microsoft.com/identity/claims/objectidentifier
tid > http://schemas.microsoft.com/identity/claims/tenantid
unique_name > http://schemas.xmlsoap.org/ws/2005/05/identity/claims/name
upn > http://schemas.xmlsoap.org/ws/2005/05/identity/claims/upn
So that if the unique_name exists in ID token , the middleware will populate the value of ClaimTypes.Name .这样,如果 ID 令牌中存在 unique_name ,中间件将填充ClaimTypes.Name的值。 But according to document : Microsoft identity platform ID tokens :但根据文件: Microsoft 身份平台 ID 令牌:
unique_name : Provides a human readable value that identifies the subject of the token.
So that the claim only issued in Azure AD V1.0 id tokens ,and it isn't guaranteed to be unique within a tenant .因此,声明仅在 Azure AD V1.0 id 令牌中发出,并且不保证在租户中是唯一的。
You can get the user's name and email by (The profile scope is required to receive the claims & test with Azure AD V2.0 app):您可以通过以下方式获取用户名和电子邮件(使用 Azure AD V2.0 应用程序接收声明和测试需要profile范围):
var userName = User.FindFirst("name").Value;
var Email = User.FindFirst("preferred_username").Value;
If you want to know the first name and last name of current user , you may acquire access token for Microsoft Graph , call user endpoint with token and check the givenName / surname values from response :如果您想知道当前用户的名字和姓氏,您可以获取 Microsoft Graph 的访问令牌,使用令牌调用用户端点并检查来自响应的givenName / surname值:
https://docs.microsoft.com/en-us/graph/api/user-get?view=graph-rest-1.0&tabs=http https://docs.microsoft.com/en-us/graph/api/user-get?view=graph-rest-1.0&tabs=http
解决方案2
0 2022-04-06 19:36:57
I struggled with the same issue and found an example and it works very well:我遇到了同样的问题并找到了一个例子并且效果很好:
Basically:基本上:
public WeatherForecastController(ILogger<WeatherForecastController> logger, ITokenAcquisition tokenAcquisition, GraphServiceClient graphServiceClient, IOptions<MicrosoftGraphOptions> graphOptions)
{
_logger = logger;
_tokenAcquisition = tokenAcquisition;
_graphServiceClient = graphServiceClient;
_graphOptions = graphOptions;
}
[HttpGet]
public IEnumerable<WeatherForecast> Get()
{
HttpContext.VerifyUserHasAnyAcceptedScope(scopeRequiredByApi);
User user = _graphServiceClient.Me.Request().GetAsync().GetAwaiter().GetResult();
_logger.LogInformation("User Id: " + user.Id.ToString());
This link will give the details on how to use it with Azure AD, .net web api, and angular此链接将详细介绍如何使用 Azure AD、.net web api 和 angular
active-directory-do.net-native-as.netcore-v2 活动目录-do.net-native-as.netcore-v2
声明:本站的技术帖子网页,遵循CC BY-SA 4.0协议,如果您需要转载,请注明本站网址或者原文地址。任何问题请咨询:yoyou2525@163.com.