[英]Authorizing by updating Claim with data from database (Blazor WebAssembly ASP.NET Core hosted)
I have a question regarding authentication in my web-app using Blazor WebAssembly ASP.NET Core hosted.我对使用 Blazor WebAssembly ASP.NET Core 托管的网络应用程序中的身份验证有疑问。 The database used is Azure SQL.使用的数据库是Azure SQL。
I want to avoid storing passwords in the database and the users are therefore restricted to having a Microsoft-account (relevant to the project).我想避免将密码存储在数据库中,因此用户只能拥有 Microsoft 帐户(与项目相关)。
As of now, the user logs in with Azure AD as the third-party authentication provider.截至目前,用户使用Azure AD作为第三方认证提供商登录。 When redirected back to the web-app, a user is created with a claim which only consists of the Email from Azure. The user is directed to a registration page where the Email-input is set to the current user-claim email. When the user clicks the register button, the information provided is now stored in the database.当重定向回网络应用程序时,将创建一个用户,其声明仅包含来自 Azure 的 Email。用户将被定向到注册页面,其中电子邮件输入设置为当前用户声明 email。当用户单击注册按钮,提供的信息现在存储在数据库中。
The problem is that I now have a user in the db, but the claim is still just the Email. I want to be able to use the AuthorizeView role
tag on the different pages, and therefore wondered if its possible to update the claim with a role that the user specified in the registration-page?问题是我现在在数据库中有一个用户,但声明仍然只是 Email。我希望能够在不同的页面上使用AuthorizeView role
标签,因此想知道是否可以使用更新声明用户在注册页面中指定的角色? This data is at this point only stored in the database.此数据此时仅存储在数据库中。
If this is a bad practice, is there any other similar way I could make this work?如果这是一种不好的做法,还有其他类似的方法可以使这项工作成功吗?
To use the AuthorizeView role
, roles claims should be return by your Identity provider (Azure AD in your case).要使用AuthorizeView role
,角色声明应由您的身份提供者(在您的情况下为 Azure AD)返回。 Your application should ask those claims by asking the corresponding scope.您的应用程序应该通过询问相应的 scope 来询问这些声明。
According to the doc: Permissions and consent in the Microsoft identity platform endpoint , the profile scope should return roles claims.根据文档: Permissions and consent in the Microsoft identity platform endpoint ,配置文件scope 应该返回角色声明。
The doc Secure an ASP.NET Core Blazor WebAssembly standalone app with Azure Active Directory explains how to request scopes from Azure AD文档Secure an ASP.NET Core Blazor WebAssembly standalone app with Azure Active Directory解释了如何从 Azure AD 请求范围
声明:本站的技术帖子网页,遵循CC BY-SA 4.0协议,如果您需要转载,请注明本站网址或者原文地址。任何问题请咨询:yoyou2525@163.com.