堆栈内存溢出
  简体   繁体   English

Azure B2C和.Net Core 2.0中基于声明的授权令牌

[英]Claims based authorization token in Azure B2C and .Net Core 2.0

 原文  2019-08-08 13:20:58       asp.net-core/ asp.net-core-2.0/ azure-ad-b2c

问题描述

I am building a ASP .Net Core 2.0 app and would like to know how to add the groups claim to my Azure B2C access token on my backend. 我正在构建一个ASP .Net Core 2.0应用,并且想知道如何在我的后端将组声明添加到我的Azure B2C访问令牌。 I use the user's id to query MS Graph to get the user's group claim using ADAL and need the groups on the authorization token every time the user hits a controller. 我使用用户的ID来查询MS Graph,以使用ADAL获取用户的组声明,并且每次用户点击控制器时都需要授权令牌上的组。 I would rather not query MS Graph every time a controller is hit. 我宁愿不要在每次命中控制器时查询MS Graph。

Is it possible to add the groups claim to the B2C token after it is retrieved? 在检索到B2C令牌后,是否可以将组声明添加到B2C令牌中?

If not, should I store the groups as a Session variable? 如果没有,是否应该将组存储为会话变量?

If those aren't right, should I craft a second authorization token with the groups and then use that in my header when I send reqeusts? 如果不正确,是否应该在组中创建第二个授权令牌,然后在发送请求时在标头中使用该令牌?

1 个解决方案

解决方案1
 0  2019-08-09 05:46:25

You can in one of the OpenID Notifications (ie OnTokenValidated) and add user's groups(or roles ,but they are different ) to the ClaimsPrincipal. 您可以在OpenID通知之一(即OnTokenValidated)中,并将用户的组(或角色,但它们不同)添加到ClaimsPrincipal。 Something like : 就像是 : 

options.Events = new OpenIdConnectEvents
{

    OnTokenValidated =  ctx =>
    {
        //query the user's groups using api 

        // add claims
        var claims = new List<Claim>
        {
            new Claim("groups", xxxx-xx-xx)
        };
        var appIdentity = new ClaimsIdentity(claims);

        ctx.Principal.AddIdentity(appIdentity);

        return Task.CompletedTask;
    },   
};

Below links are code sample with .net framework , you can modify to fit the .net core version : 下面的链接是.net框架的代码示例,您可以进行修改以适合.net核心版本:

Authorize By Group in Azure Active Directory B2C 在Azure Active Directory B2C中按组授权

Azure AD B2C - Role management Azure AD B2C-角色管理

You can support adding group claims to b2c issued tokens by voting for it in the Azure AD B2C feedback forum: Get user membership groups in the claims with Azure AD B2C 您可以通过在Azure AD B2C反馈论坛中对其投票来支持将团体声明添加到b2c发行的令牌中: 使用Azure AD B2C在声明中获取用户成员资格组

暂无
暂无

声明:本站的技术帖子网页,遵循CC BY-SA 4.0协议,如果您需要转载,请注明本站网址或者原文地址。任何问题请咨询:yoyou2525@163.com.

相关问题 .Net Core API 中的 Azure B2C - Azure B2C in .Net Core API .Net core api with AD B2C OAuth 2.0 - Invalid_token 错误 - .Net core api with AD B2C OAuth 2.0 - Invalid_token error Asp.Net Core 2.0和Azure AD B2C,用于在WebApp和API上进行身份验证 - Asp.Net Core 2.0 and Azure AD B2C for authentication on WebApp and API 如何从Asp.net Core中的查询字符串验证Azure AD B2C令牌? - How to validate Azure AD B2C token from query string in Asp.net Core? 使用Azure B2C和.NET Core 2.1时如何获取Facebook API的访问令牌 - How to get access token for facebook api when using Azure B2C and .NET Core 2.1 Azure b2c.Net 核心后端总是给出 401,前端反应访问令牌前端 - Azure b2c .Net core backend is always giving a 401, front react access token front end .NET Core API Azure B2C认证配置 - .NET Core API Azure B2C authentication configuration 授权 Azure AD b2c - Authorization Azure AD b2c ASP.NET 核心中的 Azure B2C 注销实现? - Azure B2C Logout implementation in ASP.NET Core? ASP Net Core 调用 Azure B2C 策略 - ASP Net Core call Azure B2C policy
相关标签
 
粤ICP备18138465号  © 2020-2024 STACKOOM.COM