![](/img/trans.png)
[英]thinktecture identity server v3 managing users in Asp.Net Identity v2
[英]Thinktecture Identity Server v3 How to keep Claims from external providers?
我正在嘗試遵循簡單的指南mvcGettingStarted 。 現在,我已經實現了GoogleAuthentication
和FacebookAuthentication
提供程序,一切都按預期工作,我實際上可以登錄,如果我使用我的身份服務器登錄,我還獲得了每個用戶的角色聲明。 我想知道,如果我想保留外部提供商提供的所有索賠怎么辦? 簡單的例子。 這就是我的Facebook提供商設置的樣子:
var facebookOptions = new FacebookAuthenticationOptions() {
AuthenticationType = "Facebook",
Caption = "Sign in with Facebook",
AppId = "*****",
AppSecret = "****",
SignInAsAuthenticationType = signInAsType,
Provider = new FacebookAuthenticationProvider() {
OnAuthenticated = (context) => {
foreach (var x in context.User) {
context.Identity.AddClaim(new Claim(x.Key, x.Value.ToString()));
}
return Task.FromResult(context);
}
},
};
facebookOptions.Scope.Add("email");
facebookOptions.Scope.Add("public_profile");
facebookOptions.Scope.Add("user_friends");
app.UseFacebookAuthentication(facebookOptions);
在每個循環中我試圖將所有Facebook聲明存儲在Identity中,但是當我回到SecurityTokenValidated
回調時,我的身份沒有它們。
app.UseOpenIdConnectAuthentication(new OpenIdConnectAuthenticationOptions() {
Authority = "https://localhost:44302/identity/",
ClientId = "my_client",
Scope = "openid profile roles email",
RedirectUri = "https://localhost:44302/",
ResponseType = "id_token token",
SignInAsAuthenticationType = "Cookies",
UseTokenLifetime = false,
Notifications = new OpenIdConnectAuthenticationNotifications() {
SecurityTokenValidated = async context => {
//let's clean up this identity
//context.AuthenticationTicket.Identity doesn't have the claims added in the facebook callback
var nid = new ClaimsIdentity(
context.AuthenticationTicket.Identity.AuthenticationType,
Constants.ClaimTypes.GivenName,
Constants.ClaimTypes.Role);
........
是因為我在操縱兩個不同的身份嗎? 有沒有正確的方法來實現我想要做的事情? 謝謝。
正如@ brock-allen所說,用戶服務是正確的道路。 所以我繼續實現了一個簡單的UserService
public class UserService {
private static InMemoryUserService _service = null;
public static InMemoryUserService Get() {
if(_service == null)
_service = new InMemoryUserService(Users.Get());
return _service;
}
}
在我的工廠注冊了我的用戶服務
public void Configuration(IAppBuilder app) {
AntiForgeryConfig.UniqueClaimTypeIdentifier = Constants.ClaimTypes.Subject;
JwtSecurityTokenHandler.InboundClaimTypeMap = new Dictionary<string, string>();
var factory = InMemoryFactory.Create(
users: Users.Get(),
clients: Clients.Get(),
scopes: Scopes.Get());
factory.UserService = new Registration<IUserService>(resolver => UserService.Get());
.....
(當然那是我的Startup類中的Configuration方法)
所以現在我可以在外部提供程序(在本例中是facebook)的身份驗證回調中驗證外部用戶,指定我需要的所有聲明:
var facebookOptions = new FacebookAuthenticationOptions() {
AuthenticationType = "Facebook",
Caption = "Sign in with Facebook",
AppId = "******",
AppSecret = "*******",
SignInAsAuthenticationType = signInAsType,
Provider = new FacebookAuthenticationProvider() {
OnAuthenticated = (context) => {
foreach (var x in context.User) {
context.Identity.AddClaim(new Claim(x.Key, x.Value.ToString()));
}
ExternalIdentity identity = new ExternalIdentity() {
Claims = context.Identity.Claims,
Provider = "Facebook",
ProviderId = "Facebook"
};
SignInMessage signInMessage = new SignInMessage();
UserService.Get().AuthenticateExternalAsync(identity, signInMessage);
return Task.FromResult(context);
}
},
}
現在,我可以做到
List<Claim> claims = await UserService.Get().GetProfileDataAsync(User as ClaimsPrincipal) as List<Claim>;
並且看到我的用戶在認證期間提供了facebook提供的所有聲明。 當然這段代碼僅用於測試目的,它可以進行很多改進。
您可以在自定義用戶服務實現中執行此操作。 默認設置使外部提供商的聲明可用。 自定義用戶服務的文檔: https : //identityserver.github.io/Documentation/docsv2/advanced/userService.html
聲明:本站的技術帖子網頁,遵循CC BY-SA 4.0協議,如果您需要轉載,請注明本站網址或者原文地址。任何問題請咨詢:yoyou2525@163.com.