![](/img/trans.png)
[英]How do the ASP.NET Core 5 OpenIdConnect authentication cookies work in theory?
[英]How to make Asp.Net Core Identity to work with OpenIdConnect
如何从 asp.net 核心项目重新生成 open id connect 自定义声明?
我已经设置了手动映射到声明类型名称,但有时我需要从事件 OnTicketRecieved 之外更新其他声明,即来自 controller,所以在那个阶段我确实需要以某种方式重新生成声明。 我通过以下方式设置了 openIdConnect:
_services
.AddAuthentication(options =>
{
options.DefaultSignInScheme = CookieAuthenticationDefaults.AuthenticationScheme;
options.DefaultAuthenticateScheme = CookieAuthenticationDefaults.AuthenticationScheme;
options.DefaultChallengeScheme = OpenIdConnectDefaults.AuthenticationScheme;
options.DefaultScheme = CookieAuthenticationDefaults.AuthenticationScheme;
})
.AddOpenIdConnect(options =>
{
options.ClientId = clientId;
options.ClientSecret = clientSecret;
options.Authority = $"{baseAuthorityUrl}/{tenantId}";
options.CallbackPath = new PathString(callBackPath);
options.Scope.Add("email");
options.Scope.Add("profile");
options.TokenValidationParameters = new TokenValidationParameters
{
NameClaimType = "name"
};
options.SaveTokens = true;
options.GetClaimsFromUserInfoEndpoint = true;
options.Events = new OpenIdConnectEvents
{
OnRedirectToIdentityProvider = e =>
{
return Task.CompletedTask;
},
OnTicketReceived = e =>
{
e.Principal.Identities.First().AddClaim(new Claim(ClaimTypes.Name, e.Principal.FindFirstValue("name")));
return Task.CompletedTask;
}
};
})
我如何重新生成 controller 的声明? 我在想只是以某种方式覆盖 signInManager.RefreshSignInAsync(user)。
如果要在初始登录后在控制器中添加声明,则应使身份验证管理器使用新身份:
if (HttpContext.User.Identity is ClaimsIdentity identity)
{
identity.AddClaim(new Claim("userId", "1234"));
await HttpContext.SignInAsync(
CookieAuthenticationDefaults.AuthenticationScheme,
new ClaimsPrincipal(HttpContext.User.Identity));
}
这是您可以在登录事件之外更新声明的方式。 update是一个controller的方法。
public async Task Update()
{
AuthenticateResult authenticateResult = await HttpContext.AuthenticateAsync();
// Make a copy of the principal so we can modify it's claims
ClaimsPrincipal newPrincipal = new ClaimsPrincipal(User.Identity)
ClaimsIdentity claimsIdentity = (ClaimsIdentity)newPrincipal.Identity;
// Add/remove claims
claimsIdentity.AddClaim(new Claim("name", "value"));
Claim toRemove = claimsIdentity.Claims.FirstOrDefault(c => string.Equals(c.Type, "claimnametoremove", StringComparison.Ordinal));
if (toRemove != null)
claimsIdentity.RemoveClaim(toRemove);
// If these aren't updated, calls to "User" will pull the old principal value
HttpContext.User = newPrincipal;
Thread.CurrentPrincipal = newPrincipal;
// Sign in the user with the new principal to "refresh" our logged-in user
await HttpContext.SignInAsync(CookieAuthenticationDefaults.AuthenticationScheme, newPrincipal, authenticateResult.Properties);
}
声明:本站的技术帖子网页,遵循CC BY-SA 4.0协议,如果您需要转载,请注明本站网址或者原文地址。任何问题请咨询:yoyou2525@163.com.