[英]Add custom claims from stored in database on startup
I have the following ClaimsTransformer
class that works very well for assigning custom claims on startup, but I need to also be able to retrieve claims that are stored in a database and add them to the user identity.我有以下ClaimsTransformer
类,它非常适合在启动时分配自定义声明,但我还需要能够检索存储在数据库中的声明并将它们添加到用户身份中。 Unfortunately, I haven't found a way to access the database from within this class.不幸的是,我还没有找到从这个类中访问数据库的方法。 My assumption was that I would be able to inject my database class using DI, but I'm unable to do so because it will no longer accommodate the constructor for IClaimsTransformation
.我的假设是我可以使用 DI 注入我的数据库类,但我无法这样做,因为它将不再容纳IClaimsTransformation
的构造IClaimsTransformation
。
public class ClaimsTransformer : IClaimsTransformation
{
public Task<ClaimsPrincipal> TransformAsync(ClaimsPrincipal principal)
{
var identity = principal.Identity as ClaimsIdentity;
var claims = new List<Claim>();
using (var context = new PrincipalContext(ContextType.Domain))
{
if (identity != null)
{
var user = UserPrincipal.FindByIdentity(context, identity.Name);
if (user != null) claims.Add(new Claim(CustomClaimType.DisplayName.ToString(), user.DisplayName));
}
}
claims.AddRange(identity?.Claims);
//var newIdentity = new ClaimsIdentity(claims, identity?.AuthenticationType);
var newIdentity = new ClaimsIdentity(claims, "Kerberos");
return Task.FromResult(new ClaimsPrincipal(newIdentity));
}
}
You can take a look at the code of the PolicyServer for some inspiration.您可以查看PolicyServer的代码以获得一些启发。 From the code :从代码:
// this sets up the PolicyServer client library and policy provider -
// configuration is loaded from appsettings.json
services.AddPolicyServerClient(Configuration.GetSection("Policy"))
.AddAuthorizationPermissionPolicies();
reads policies from a json file, something like:从 json 文件中读取策略,例如:
"Policy": {
"claims": [
{
"name": "tenantid",
"value": "44"
}
],
"roles": [
but that can be any source.但这可以是任何来源。 In your case it may be a singleton that is filled from the database.在您的情况下,它可能是从数据库中填充的单例。
And add the claims using middleware .并使用middleware添加声明。 In your case something like:在你的情况下是这样的:
// Inject the repository
public async Task Invoke(HttpContext context, IClaimsRepository repository)
{
if (context.User.Identity.IsAuthenticated)
{
// Get claims from (cached) database, singleton.
var claims = await repository.GetClaimsAsync();
if (claims.Count > 0)
{
var id = new ClaimsIdentity(claims, "MyMiddleware", "name", "role");
// Add as extra Identity to User.
context.User.AddIdentity(id);
}
}
await _next(context);
}
声明:本站的技术帖子网页,遵循CC BY-SA 4.0协议,如果您需要转载,请注明本站网址或者原文地址。任何问题请咨询:yoyou2525@163.com.