身份服务器 Windows 身份验证声明
[英]Identity Server Windows Authentication Claims
问题描述
I am trying to configure Identity 4 server to work with my API project.
我正在尝试将 Identity 4 服务器配置为与我的 API 项目一起使用。 At this moment I can request token but I need to add user name and role to payload.此时我可以请求令牌,但我需要将用户名和角色添加到有效负载。 I tried with IProfileService but no action was performed.我尝试使用 IProfileService 但未执行任何操作。 How can I obtain this information from windows authentication?如何从 windows 身份验证中获取此信息? Here is my configuration:这是我的配置:
launchSettings.json启动设置.json
"iisSettings": {
"windowsAuthentication": true,
"anonymousAuthentication": false
Program.cs程序.cs
public static IWebHostBuilder CreateWebHostBuilder(string[] args) =>
WebHost.CreateDefaultBuilder(args)
.UseKestrel()
.UseIISIntegration()
.UseStartup<Startup>();
Startup.cs启动.cs
services.Configure<IISOptions>(iis =>
{
iis.AutomaticAuthentication = true;
});
var builder = services.AddIdentityServer()
.AddInMemoryIdentityResources(IdentityResourcesConfig.Get())
.AddInMemoryApiResources(ApiResourcesConfig.Get())
.AddInMemoryClients(ClientsConfig.Get());
ClientsConfig.cs ClientsConfig.cs
return new Client[]
{
new Client
{
ClientId = "XYC",
AllowedGrantTypes = GrantTypes.ClientCredentials,
AllowedScopes = { "XYC" },
RequireClientSecret = false,
AlwaysIncludeUserClaimsInIdToken = true
}
};
2 个解决方案
解决方案1
0 2019-11-04 17:21:51
I only worked with normal authentication but the classes that are creating and controll the way the claims are shared to other applications should be the same.我只使用普通身份验证,但创建和控制声明与其他应用程序共享方式的类应该是相同的。
You probably just need to add the Claims to the API ressource because by default the claims used by the client will be not inlcuded into the Access Token also given to the client to request an API.您可能只需要将声明添加到 API 资源,因为默认情况下,客户端使用的声明不会包含在访问令牌中,该令牌也提供给客户端以请求 API。
public static IEnumerable<ApiResource> GetApis()
{
return new ApiResource[]
{
new ApiResource("MyApi", "This is my Api name", new List<string> {
"mynameclaimclaimname",
}),
the claim name you add in there is Name of claim.您在那里添加的索赔名称是索赔名称。 If this is not working it would be helpful to give us further information.如果这不起作用,向我们提供更多信息会很有帮助。 How are the API Ressources configured ( IdentityServer side and client side)?如何配置 API 资源(身份服务器端和客户端)? Or do you try to configure an API as Client?或者您是否尝试将 API 配置为客户端?
解决方案2
0 2019-11-05 06:24:56
The first point is in IdentityServer, Windows authentication is an external provider (as opposed to the IS native authentication cookie).第一点在 IdentityServer 中,Windows 身份验证是一个外部提供者(相对于 IS 本机身份验证 cookie)。 Windows authentication is triggered by using the ChallengeAsync API on the HttpContext using the scheme Windows .You can click here for details. Windows 身份验证是通过使用方案Windows的 HttpContext 上的ChallengeAsync API 触发的。您可以单击此处了解详细信息。
Another point is you are using client credential flow, which is wrong in your scenario.另一点是您正在使用客户端凭据流,这在您的场景中是错误的。 Client credential flow use app's identity, there is no user in it.客户端凭证流使用应用程序的身份,其中没有用户。
声明:本站的技术帖子网页,遵循CC BY-SA 4.0协议,如果您需要转载,请注明本站网址或者原文地址。任何问题请咨询:yoyou2525@163.com.