索赔类型不正确

Question

我目前正在开发一个 API。令牌从 IdentityServer4 返回。

我正在尝试从令牌声明中取回子 ID，它是当前授权用户的 ID。我可以在此处的声明中看到它。

{
  "nbf": 1512632838,
  "exp": 1512636438,
  "iss": "http://localhost:5000",
  "aud": [
    "http://localhost:5000/resources",
    "testapi"
  ],
  "client_id": "ServiceAccountAccess",
  "sub": "21248582",
  "auth_time": 1512632823,
  "idp": "local",
  "name": "TestUser",
  "resource_id": "21260601",
  "xena_fiscal_id": "21875",
  "fiscal_name": "My company",
  "picture_url": "/Content/images/avatar-company-xena.jpg",
  "application_id": "16140911",
  "scope": [
    "openid",
    "profile",
    "testapi"
  ],
  "amr": [
    "password"
  ]
}

我的 API 调用很简单

    [Authorize]
    public async Task<ActionResult> ChangeFiscal([FromBody] long fiscalId)
    {

        var name = User.Claims.Where(c => c.Type == "http://schemas.xmlsoap.org/ws/2005/05/identity/claims/nameidentifier")
            .Select(c => c.Value).SingleOrDefault();

    }

我不明白为什么 sub 或 subject 被变成了

“http://schemas.xmlsoap.org/ws/2005/05/identity/claims/nameidentifier”

我可以从 api 中看到，它已经完成了很多声明

{
  "nbf": 1512653706,
  "exp": 1512657306,
  "iss": "http://localhost:5000",
  "aud": [
    "http://localhost:5000/resources",
    "testapi"
  ],
  "client_id": "ServiceAccountAccess",
  "http://schemas.xmlsoap.org/ws/2005/05/identity/claims/nameidentifier": "21248582",
  "auth_time": 1512652100,
  "http://schemas.microsoft.com/identity/claims/identityprovider": "local",
  "name": "TestUser",
  "supporter": "21248582",
  "http://schemas.microsoft.com/claims/authnmethodsreferences": "password",
  "resource_id": "21527443",
  "xena_fiscal_id": "21876",
  "fiscal_name": "this",
  "picture_url": "/Content/images/avatar-company-xena.jpg",
  "scope": [
    "openid",
    "profile",
    "testapi"
  ]
}

Answer 1

花了一个小时才弄清楚 Microsoft JWT 处理程序将这些标准声明转换为 Microsoft 专有声明。

通过在启动配置方法中添加以下行，我能够关闭这个烦人的“功能”

JwtSecurityTokenHandler.InboundClaimTypeMap.Clear()