[英]Claims based authorization token in Azure B2C and .Net Core 2.0
I am building a ASP .Net Core 2.0 app and would like to know how to add the groups claim to my Azure B2C access token on my backend. 我正在构建一个ASP .Net Core 2.0应用,并且想知道如何在我的后端将组声明添加到我的Azure B2C访问令牌。 I use the user's id to query MS Graph to get the user's group claim using ADAL and need the groups on the authorization token every time the user hits a controller.
我使用用户的ID来查询MS Graph,以使用ADAL获取用户的组声明,并且每次用户点击控制器时都需要授权令牌上的组。 I would rather not query MS Graph every time a controller is hit.
我宁愿不要在每次命中控制器时查询MS Graph。
Is it possible to add the groups claim to the B2C token after it is retrieved? 在检索到B2C令牌后,是否可以将组声明添加到B2C令牌中?
If not, should I store the groups as a Session variable? 如果没有,是否应该将组存储为会话变量?
If those aren't right, should I craft a second authorization token with the groups and then use that in my header when I send reqeusts? 如果不正确,是否应该在组中创建第二个授权令牌,然后在发送请求时在标头中使用该令牌?
You can in one of the OpenID Notifications (ie OnTokenValidated) and add user's groups(or roles ,but they are different ) to the ClaimsPrincipal. 您可以在OpenID通知之一(即OnTokenValidated)中,并将用户的组(或角色,但它们不同)添加到ClaimsPrincipal。 Something like :
就像是 :
options.Events = new OpenIdConnectEvents
{
OnTokenValidated = ctx =>
{
//query the user's groups using api
// add claims
var claims = new List<Claim>
{
new Claim("groups", xxxx-xx-xx)
};
var appIdentity = new ClaimsIdentity(claims);
ctx.Principal.AddIdentity(appIdentity);
return Task.CompletedTask;
},
};
Below links are code sample with .net framework , you can modify to fit the .net core version : 下面的链接是.net框架的代码示例,您可以进行修改以适合.net核心版本:
Authorize By Group in Azure Active Directory B2C 在Azure Active Directory B2C中按组授权
Azure AD B2C - Role management Azure AD B2C-角色管理
You can support adding group claims to b2c issued tokens by voting for it in the Azure AD B2C feedback forum: Get user membership groups in the claims with Azure AD B2C 您可以通过在Azure AD B2C反馈论坛中对其投票来支持将团体声明添加到b2c发行的令牌中: 使用Azure AD B2C在声明中获取用户成员资格组
声明:本站的技术帖子网页,遵循CC BY-SA 4.0协议,如果您需要转载,请注明本站网址或者原文地址。任何问题请咨询:yoyou2525@163.com.