使用api2.1从承载令牌获取自定义声明值
[英]Get a custom claim value from a bearer token with api2.1
问题描述
多亏了@leastprivilege,我与我要达到的目标更加接近了。
我为索赔添加了一些自定义值(我自己的原始作品都没有!!)
更新Auth.Startup文件后
public partial class Startup
{
static Startup()
{
PublicClientId = "self";
UserManagerFactory = () => new UserManager<IdentityUser>(new UserStore<IdentityUser>());
OAuthOptions = new OAuthAuthorizationServerOptions
{
TokenEndpointPath = new PathString("/Token"),
Provider = new ApplicationOAuthProvider(PublicClientId, UserManagerFactory),
AuthorizeEndpointPath = new PathString("/api/Account/ExternalLogin"),
AccessTokenExpireTimeSpan = TimeSpan.FromDays(14),
AllowInsecureHttp = true
};
}
public static OAuthAuthorizationServerOptions OAuthOptions { get; private set; }
public static Func<UserManager<IdentityUser>> UserManagerFactory { get; set; }
public static string PublicClientId { get; private set; }
// For more information on configuring authentication, please visit http://go.microsoft.com/fwlink/?LinkId=301864
public void ConfigureAuth(IAppBuilder app)
{
// Enable the application to use a cookie to store information for the signed in user
// and to use a cookie to temporarily store information about a user logging in with a third party login provider
app.UseCookieAuthentication(new CookieAuthenticationOptions());
app.UseExternalSignInCookie(DefaultAuthenticationTypes.ExternalCookie);
// transform claims to application identity
app.UseClaimsTransformation(TransformClaims);
// Enable the application to use bearer tokens to authenticate users
app.UseOAuthBearerTokens(OAuthOptions);
// Uncomment the following lines to enable logging in with third party login providers
//app.UseMicrosoftAccountAuthentication(
// clientId: "",
// clientSecret: "");
//app.UseTwitterAuthentication(
// consumerKey: "",
// consumerSecret: "");
//app.UseFacebookAuthentication(
// appId: "",
// appSecret: "");
//app.UseGoogleAuthentication();
}
private Task<ClaimsPrincipal> TransformClaims(ClaimsPrincipal incoming)
{
if (!incoming.Identity.IsAuthenticated)
{
return Task.FromResult<ClaimsPrincipal>(incoming);
}
// parse incoming claims - create new principal with app claims
var claims = new List<Claim>
{
new Claim(ClaimTypes.Role, "foo"),
new Claim(ClaimTypes.Role, "bar")
};
var nameId = incoming.FindFirst(ClaimTypes.NameIdentifier);
if (nameId != null)
{
claims.Add(nameId);
}
var thumbprint = incoming.FindFirst(ClaimTypes.Thumbprint);
if (thumbprint != null)
{
claims.Add(thumbprint);
}
var id = new ClaimsIdentity("Application");
id.AddClaims(claims);
return Task.FromResult<ClaimsPrincipal>(new ClaimsPrincipal(id));
}
}
我尝试通过访问访问索赔类型角色
var cp = ClaimsPrincipal.Current.Identities;
但是,深入研究似乎找不到对ClaimTypes.Role的任何引用。
我是否尝试以错误的方式访问角色?
1 个解决方案
解决方案1
0 2014-02-11 12:13:14
顺序OWIN事项-把声明转换令牌中间件之后 。
IDW10201:在不记名令牌中找不到 scope 或角色声明。 定制web api芯
[英]IDW10201: Neither scope or roles claim was found in the bearer token. custom web api core
如何在ASP.NET Web API中从Bearer令牌之后的令牌中获取用户信息
[英]How to get user info from token after Bearer Token in asp.net web api
承载令牌:签名无效-发布到Azure的默认ASP.NET Core 2.1 Web Api模板
[英]Bearer token: The signature is invalid - Default ASP.NET Core 2.1 Web Api template published to Azure
Asp.net Web API .NET Core 3.1 和 Azure AD - system.unauthorizedaccessexception:在不记名令牌中找不到范围或角色声明
[英]Asp.net Web API .NET Core 3.1 and Azure AD - system.unauthorizedaccessexception: neither scope or roles claim was found in the bearer token
声明:本站的技术帖子网页,遵循CC BY-SA 4.0协议,如果您需要转载,请注明本站网址或者原文地址。任何问题请咨询:yoyou2525@163.com.
相关问题
从持有人令牌(Web API)获取自定义声明值
IDW10201:在不记名令牌中找不到 scope 或角色声明。 定制web api芯
Web API从自定义身份验证提供程序验证JWT承载令牌
从OWIN Cookie获取持有者令牌并将其置于API请求中
Web API 2 OWIN Bearer令牌自定义身份验证
在 api logging 中获取 bearer access token
如何在ASP.NET Web API中从Bearer令牌之后的令牌中获取用户信息
从OWIN中的OAuth Bearer Token获取IPrincipal
承载令牌:签名无效-发布到Azure的默认ASP.NET Core 2.1 Web Api模板
Asp.net Web API .NET Core 3.1 和 Azure AD - system.unauthorizedaccessexception:在不记名令牌中找不到范围或角色声明
相关标签