[英]Passing custom claims from Angular app to dotnet core web api
I have a working Angular 9 app which calls a Dotnet core 3.1 web api backend to return data.我有一个有效的 Angular 9 应用程序,它调用 Dotnet 核心 3.1 web api 后端返回数据。 I secure it using the @angular/msal MSAL library which authenticate the AzureAD user on the angular app then sends the AzureADBearer token to the API to access the endpoints.我使用@angular/msal MSAL 库对其进行保护,该库在 angular 应用程序上对 AzureAD 用户进行身份验证,然后将 AzureADBearer 令牌发送到 API 以访问端点。 On angular app, we have an employeeID which we get using Microsoft Graph.在 angular 应用程序上,我们有一个使用 Microsoft Graph 获得的员工 ID。 We wanted to pass this in to the web api in order to use it in some of the controllers.我们想将它传递给 web api 以便在某些控制器中使用它。 I am able to get the claims of the authenticate user from the api by accessing the HttpContextAccessor, i see username, email, sid... etc. my question is, is there anyway to pass in that employeeID so that I can get it in the claims?我可以通过访问 HttpContextAccessor 从 api 获取经过身份验证的用户的声明,我看到了用户名、email、sid ......等等索赔? I'm not sure if that's even possible.我不确定这是否可能。 AzureAD allows optional additional claims to be added in their configuration but employeeID was not on the list. AzureAD 允许在其配置中添加可选的附加声明,但employeeID 不在列表中。 I have 2 workarounds that are not ideal and I would prefer not to do if possible.我有 2 个不理想的解决方法,如果可能的话,我不希望这样做。
you can use the claims mapping feature, as per here https://docs.microsoft.com/en-us/azure/active-directory/develop/active-directory-claims-mapping您可以使用声明映射功能,按照此处https://docs.microsoft.com/en-us/azure/active-directory/develop/active-directory-claims-mapping
this can allow you to emit claims that aren't in the default claims or optional claims.这可以让您发出不在默认声明或可选声明中的声明。
声明:本站的技术帖子网页,遵循CC BY-SA 4.0协议,如果您需要转载,请注明本站网址或者原文地址。任何问题请咨询:yoyou2525@163.com.