stackoom
  简体   繁体   中英

Identity Server Windows Authentication Claims

 原文  2019-11-04 13:05:57       c#/ asp.net-core/ identityserver4/ windows-authentication

Question

I am trying to configure Identity 4 server to work with my API project. At this moment I can request token but I need to add user name and role to payload. I tried with IProfileService but no action was performed. How can I obtain this information from windows authentication? Here is my configuration:

launchSettings.json

"iisSettings": {
  "windowsAuthentication": true, 
  "anonymousAuthentication": false

Program.cs

public static IWebHostBuilder CreateWebHostBuilder(string[] args) =>
        WebHost.CreateDefaultBuilder(args)
            .UseKestrel()
            .UseIISIntegration()
            .UseStartup<Startup>();

Startup.cs

        services.Configure<IISOptions>(iis =>
        {
            iis.AutomaticAuthentication = true;
        });

        var builder = services.AddIdentityServer()
              .AddInMemoryIdentityResources(IdentityResourcesConfig.Get())
              .AddInMemoryApiResources(ApiResourcesConfig.Get())
              .AddInMemoryClients(ClientsConfig.Get());

ClientsConfig.cs 

        return new Client[]
        {
            new Client
            {
                ClientId = "XYC",
                AllowedGrantTypes = GrantTypes.ClientCredentials,
                AllowedScopes = { "XYC" },
                RequireClientSecret = false,
                AlwaysIncludeUserClaimsInIdToken = true
            }
        };

2 answers

solution1
 0  2019-11-04 17:21:51

I only worked with normal authentication but the classes that are creating and controll the way the claims are shared to other applications should be the same.

You probably just need to add the Claims to the API ressource because by default the claims used by the client will be not inlcuded into the Access Token also given to the client to request an API.

    public static IEnumerable<ApiResource> GetApis()
    {
        return new ApiResource[]
        {
             new ApiResource("MyApi", "This is my Api name", new List<string> {
                    "mynameclaimclaimname", 

             }),

the claim name you add in there is Name of claim. If this is not working it would be helpful to give us further information. How are the API Ressources configured ( IdentityServer side and client side)? Or do you try to configure an API as Client?

solution2
 0  2019-11-05 06:24:56

The first point is in IdentityServer, Windows authentication is an external provider (as opposed to the IS native authentication cookie). Windows authentication is triggered by using the ChallengeAsync API on the HttpContext using the scheme Windows .You can click here for details.

Another point is you are using client credential flow, which is wrong in your scenario. Client credential flow use app's identity, there is no user in it.

暂无
暂无

The technical post webpages of this site follow the CC BY-SA 4.0 protocol. If you need to reprint, please indicate the site URL or the original address.Any question please contact:yoyou2525@163.com.

Related Question Adding claims with profile service in Identity server causing looping in the authentication process Identity Server 4 Adding claims after authentication from a UI Mixing Windows Authentication with Claims Role based claims in Identity Server 3 + AspNet Identity Using Claims Transformation with Windows Authentication Windows identity foundation - sign out or update claims identity server 4 does not show all user claims Identity Server 4: adding claims to access token adding custom claims to identity server 4 GrantValidationResult Identity Server 4 add custom claims to User
Related Tags
 
粤ICP备18138465号  © 2020-2024 STACKOOM.COM