如何在asp.net核心webapi中添加两个不同的令牌
[英]How add Two diferents Tokens in asp.net core webapi
问题描述
I need the Authorize attribute in our Controller can accept two difernts tokens.
One token, is provided from one private ADFS, and other token is
provided from AzureAd.
Several Ionic clients go to over ADFS, other Ionic clients go to over Azure AD
My Dev Scenario : Asp.Net Core 2.2 WebApi
My actual startup.cs (abreviated)
CongigureService() { 
CongigureService(){
services.AddAuthentication(JwtBearerDefaults.AuthenticationScheme)
.AddJwtBearer((options =>
{
options.Audience = Configuration["Adfs:Audience"];
options.Authority = Configuration["Adfs:Issuer"];
options.SaveToken = true;
options.TokenValidationParameters = new TokenValidationParameters
{
ValidateIssuer = false
};
}));
} }
I need here the other Authentication with AzureAD. 我需要在这里使用AzureAD进行其他身份验证。 ¿How? 怎么样?
The Configure Method of Startup.cs Startup.cs的配置方法
Configure(…)
{
app.UseAuthentication()
}
With this code, only can access the ADFS Token and this users, can obtains result from the controllers. 使用此代码,只能访问ADFS令牌和该用户,可以从控制器获取结果。 However, the AzureAD user's can't obtain access 但是,AzureAD用户无法获取访问权限
I don't know how make this code for double token authorization, and our controllers can response if one token is from ADFS or other token is from AzureAD 我不知道如何使这个代码用于双令牌授权,如果一个令牌来自ADFS或其他令牌来自AzureAD,我们的控制器可以响应
1 个解决方案
解决方案1
2 已采纳 2019-08-01 02:22:20
You can set multiple JWT Bearer Authentication with different schema name : 您可以使用不同的模式名称设置多个JWT承载认证:
services.AddAuthentication()
.AddJwtBearer("ADFS",options =>
{
options.Audience = Configuration["Adfs:Audience"];
options.Authority = Configuration["Adfs:Issuer"];
options.SaveToken = true;
options.TokenValidationParameters = new TokenValidationParameters
{
ValidateIssuer = false
};
})
.AddJwtBearer("AAD", options =>
{
//AAD jwt validation configuration
});
If you want to make your controller/action to accept two jwt tokens , tokens from AAD or ADFS are ok to access your controller/action , you can make a policy to let both the AAD and ADFS authentication schemes tried to authenticate the request : 如果要使控制器/操作接受两个jwt令牌,来自AAD或ADFS令牌可以访问您的控制器/操作,您可以制定策略以允许AAD和ADFS身份验证方案尝试对请求进行身份验证:
services
.AddAuthorization(options =>
{
options.DefaultPolicy = new AuthorizationPolicyBuilder()
.RequireAuthenticatedUser()
.AddAuthenticationSchemes("AAD", "ADFS")
.Build();
});
In addition , if you want to know which schema the token is from , you can check the particular claim in user's identity , or directly add authentication schema value to user claims in events : 此外,如果您想知道令牌来自哪个架构,您可以检查用户身份中的特定声明,或直接将身份验证架构值添加到事件中的用户声明:
options.Events = new Microsoft.AspNetCore.Authentication.JwtBearer.JwtBearerEvents
{
OnTokenValidated = (context) =>
{
var claimsIdentity = (ClaimsIdentity)context.Principal.Identity;
//add your custom claims here
claimsIdentity.AddClaim(new Claim("schema", "AAD"));
return Task.FromResult(0);
}
};
And get in action after authentication : 并在身份验证后开始行动:
var result = User.Claims.Where(c=>c.Type=="schema").FirstOrDefault().Value;
声明:本站的技术帖子网页,遵循CC BY-SA 4.0协议,如果您需要转载,请注明本站网址或者原文地址。任何问题请咨询:yoyou2525@163.com.