代码之家 › 专栏 › 技术社区 › Jagadisha B S

添加声明(asp.net核心、mvc、OpenID、Owin和Katana身份验证)

katana openid-connect claims-based-identity asp.net-core-mvc azure

Jagadisha B S · 技术社区 · 8 年前

我正在学习本教程 link .我可以使用azure广告用户登录。但是一旦用户得到认证。我们希望将其存储到身份声明中以进行身份验证。我们正在迁移Asp。net MVC应用程序转换为asp。net核心MVC 1.0。net MVC应用程序,我们添加了如下声明:

context.AuthenticationTicket.Identity.AddClaim(new System.Security.Claims.Claim("urn:Projectname:access_token", result.AccessToken, XmlSchemaString, "Projectname"));

我想知道如何在上述教程中添加声明标识。

代码片段

app.UseOpenIdConnectAuthentication(new OpenIdConnectOptions
    {
        ClientId = clientId,
        ClientSecret = clientSecret,  
        Authority = authority,
        CallbackPath = Configuration["AzureAd:AuthCallback"],
        ResponseType = OpenIdConnectResponseType.CodeIdToken,
        PostLogoutRedirectUri = "/signed-out",
        Events = new OpenIdConnectEvents()
        {
            OnAuthorizationCodeReceived = async context =>
            {
                var request = context.HttpContext.Request;
                var currentUri = UriHelper.BuildAbsolute(request.Scheme, request.Host,request.PathBase, request.Path);
                var credential = new ClientCredential(clientId, clientSecret);
                var authContext = new AuthenticationContext(authority, AuthPropertiesTokenCache.ForCodeRedemption(context.Properties));
                var result = await authContext.AcquireTokenByAuthorizationCodeAsync(
                    context.ProtocolMessage.Code, new Uri(currentUri), credential, resource);

             // In result variable , we are getting the AccessToken and we want to add this into claims identity here.

                context.HandleCodeRedemption();
            }
        }
    });

使现代化

我们正在存储令牌、域名(从数据库中获取)、租户信息以进行中间层身份验证。与控制器操作方法一样,我们从声明中获取存储的信息。类似的(旧的Asp.NETMVC应用程序代码)。

在Startup.Auth。cs类

在所有控制器动作方法中

我们正在迁移Asp。net MVC应用程序转换为asp。net核心MVC 1.0。那么在asp。net核心,用于添加声明。我在跟踪 This sample .我可以使用azure广告用户登录。但是一旦用户得到认证。我们希望将其存储到身份声明中以进行身份验证(中间层)。

2 回复 | 直到 8 年前

Jagadisha B S 8 年前

代码

  ClaimsPrincipal claimsPrincipal = await TransformClaims(context.Ticket.Principal, result);

                 context.Ticket = new AuthenticationTicket(
                     claimsPrincipal,
                     context.Ticket.Properties,
                     context.Ticket.AuthenticationScheme);

TransformClaims方法类似于

   private Task<ClaimsPrincipal> TransformClaims(ClaimsPrincipal principal, AuthenticationResult result)
    {
        if (principal.Identity.IsAuthenticated)
        {
            // get this from cache or db
            var nickname = "Nanu";
            (principal.Identity as ClaimsIdentity).AddClaim(new Claim("Nickname", nickname));

            (principal.Identity as ClaimsIdentity).AddClaim(new Claim("urn:innubex:access_token", result.AccessToken));
        }
        return Task.FromResult(principal);
    }

访问声明

string accesstoken = "", Nickname = "";
        var claimsIdentity = User.Identity as ClaimsIdentity;
        if (claimsIdentity.IsAuthenticated)
        {
            accesstoken = claimsIdentity.FindAll("urn:access_token").FirstOrDefault().Value;
            Nickname = claimsIdentity.FindAll("Nickname").FirstOrDefault().Value;
        }

Rono 8 年前

这是我如何使用声明身份登录的:

using System.Security.Claims;

private void registerLogin(Person person)
{
  var userClaims = new List<Claim>
    {
      new Claim(ClaimTypes.Name, person.LoginName),
      new Claim(ClaimTypes.GivenName, person.FirstName),
      new Claim(ClaimTypes.Surname, person.LastName),
      new Claim(ClaimTypes.Email, person.Email)
    };

  var principal = new ClaimsPrincipal(new ClaimsIdentity(userClaims, "local"));
  Context.Authentication.SignInAsync("PutNameHere", principal);
}