Warning: file_get_contents(/data/phpspider/zhask/data//catemap/0/asp.net-core/3.json): failed to open stream: No such file or directory in /data/phpspider/zhask/libs/function.php on line 167

Warning: Invalid argument supplied for foreach() in /data/phpspider/zhask/libs/tag.function.php on line 1116

Notice: Undefined index: in /data/phpspider/zhask/libs/function.php on line 180

Warning: array_chunk() expects parameter 1 to be array, null given in /data/phpspider/zhask/libs/function.php on line 181
Asp.net core 如何在Blazor Wasm中使用Azure广告设置角色声明?_Asp.net Core_Azure Active Directory_Authorization_Claims Based Identity_Authorize Attribute - Fatal编程技术网
Fatal编程技术网
  • asp.net-core/
  • Asp.net core 如何在Blazor Wasm中使用Azure广告设置角色声明?

Asp.net core 如何在Blazor Wasm中使用Azure广告设置角色声明?

asp.net-core azure-active-directory

Asp.net core 如何在Blazor Wasm中使用Azure广告设置角色声明?,asp.net-core,azure-active-directory,authorization,claims-based-identity,authorize-attribute,Asp.net Core,Azure Active Directory,Authorization,Claims Based Identity,Authorize Attribute,我正在使用Azure AD身份验证进行身份验证。我使用CustomAccountFactory将自定义声明添加到我的身份中。下面是program.cs文件的外观: builder.Services.AddMsalAuthentication<RemoteAuthenticationState, CustomUserAccount>(options => { builder.Configuration.Bind("Az

我正在使用Azure AD身份验证进行身份验证。我使用CustomAccountFactory将自定义声明添加到我的身份中。下面是program.cs文件的外观:

    builder.Services.AddMsalAuthentication<RemoteAuthenticationState,
      CustomUserAccount>(options =>
      {
          builder.Configuration.Bind("AzureAd", options.ProviderOptions.Authentication);
          options.ProviderOptions.DefaultAccessTokenScopes.Add("https://graph.microsoft.com/openid");
          options.UserOptions.RoleClaim = "appRole";
      }).AddAccountClaimsPrincipalFactory<RemoteAuthenticationState, CustomUserAccount,
  CustomUserFactory>();
它返回False。这些角色作为键值对添加到声明中,如“appRole”:“ADMIN”。但是,是否未设置授权服务器上的角色?此外,它还显示在任何视图的上下文中

我需要做什么来确保获得这些角色。

问题可能是,在角色授权中,您使用的是角色名称,但在构造函数中,您使用的是userIdentity.AddClaim(新声明(“appRole”,role.RsecGrpId);。没有看到你的CustomUserAccount,我不确定

尝试更改: AddClaim(新声明(“appRole”,role.RsecGrpId))

AddClaim(新声明(“appRole”,角色))

 public class CustomUserFactory
: AccountClaimsPrincipalFactory<CustomUserAccount>
{
    private readonly ILogger<CustomUserFactory> logger;
    private readonly IHttpClientFactory clientFactory;

 
    public IUserService _userService { get; set; }

    public CustomUserFactory(IAccessTokenProviderAccessor accessor,IUserService userService,
        ILogger<CustomUserFactory> logger)
        : base(accessor)
    {
        this.logger = logger;
        _userService = userService;
    }

    public async override ValueTask<ClaimsPrincipal> CreateUserAsync(
        CustomUserAccount account,
        RemoteAuthenticationUserOptions options)
    {
        var initialUser = await base.CreateUserAsync(account, options);

        if (initialUser.Identity.IsAuthenticated)
        {
            var userIdentity = (ClaimsIdentity)initialUser.Identity;

            if (_userService != null)
            {
                var roles = await _userService.GetUserRolesByUserName("UsernameTest").ConfigureAwait(true);

                Console.WriteLine("roles count before: " + roles?.Count);
                Console.WriteLine("claims count before: " + userIdentity.Claims.Count());

                foreach (var role in roles)
                {
                  //  userIdentity.AddClaim(new Claim(ClaimTypes.Role, role.RsecGrpId));

                    userIdentity.AddClaim(new Claim("appRole", role.RsecGrpId));


                }

                Console.WriteLine("roles count after: " + roles?.Count);
                Console.WriteLine("claims count after: " + userIdentity.Claims.Count());

 

            }
            Console.WriteLine("printing claims");
            foreach (var item in userIdentity.Claims)
            {
        
                Console.WriteLine(item?.Value);
                Console.WriteLine(item?.Type);
            }
       
        }

        return initialUser;
    }
}

   @attribute [Authorize(Roles = "ADMIN")]