我正在尝试使用 azure-samples 专门从我的 asp.net core 3.1 mvc 应用程序登录用户。该示例可用并记录在here。
但是,我找不到添加/修改在令牌中收到的声明的方法。使用的扩展方法是AddMicrosoftIdentityWebAppAuthentication() from Microsoft.Identity.Web nuget package version 0.4.0-preview。
【问题讨论】:
标签: asp.net-core azure-active-directory openid-connect
使用以下代码向ClaimsPrincipal 添加新的角色声明:
public ActionResult AddClaim()
{
Claim displayName = ClaimsPrincipal.Current.FindFirst(ClaimsPrincipal.Current.Identities.First().NameClaimType);
ViewBag.DisplayName = displayName != null ? displayName.Value : string.Empty;
//ClaimType, Value, ValueType, Issuer
Claim localClaim = new Claim(ClaimTypes.Webpage, "http://localhost", ClaimValueTypes.String, "AADGuide");
//Method 1 - short version
ClaimsPrincipal.Current.Identities.First().AddClaim(localClaim);
//Method 2 - slightly longer version
//var user = User as ClaimsPrincipal;
//var identity = user.Identity as ClaimsIdentity;
//identity.AddClaim(localClaim);
return View();
}
此外,您可以使用 IUserClaimsPrincipalFactory 向 Identity 添加声明。
【讨论】:
services.AddMicrosoftIdentityWebAppAuthentication(Configuration, "AzureAD");
putting the claims in ClaimsPrincipal.Current。因此,您可以在 startup.cs 文件中使用ClaimsPrincipal.Current.Identities.First().AddClaim(localClaim); 来添加声明。
public void ConfigureServices(IServiceCollection services){ services.AddMicrosoftIdentityWebAppAuthentication(Configuration, "AzureAD") .EnableTokenAcquisitionToCallDownstreamApi(initialScopes) .AddMicrosoftGraph(Configuration.GetSection("MSGraphApi")) .AddInMemoryTokenCaches(); } services.Configure<MicrosoftIdentityOptions>(options =>{options.Events.OnTokenValidated = async (context) => { // how to call call Graph to get AD groups and store them as claims? }}