Asp.net core 如何在Blazor Wasm中使用Azure广告设置角色声明?
我正在使用Azure AD身份验证进行身份验证。我使用CustomAccountFactory将自定义声明添加到我的身份中。下面是program.cs文件的外观:Asp.net core 如何在Blazor Wasm中使用Azure广告设置角色声明?,asp.net-core,azure-active-directory,authorization,claims-based-identity,authorize-attribute,Asp.net Core,Azure Active Directory,Authorization,Claims Based Identity,Authorize Attribute,我正在使用Azure AD身份验证进行身份验证。我使用CustomAccountFactory将自定义声明添加到我的身份中。下面是program.cs文件的外观: builder.Services.AddMsalAuthentication<RemoteAuthenticationState, CustomUserAccount>(options => { builder.Configuration.Bind("Az
builder.Services.AddMsalAuthentication<RemoteAuthenticationState,
CustomUserAccount>(options =>
{
builder.Configuration.Bind("AzureAd", options.ProviderOptions.Authentication);
options.ProviderOptions.DefaultAccessTokenScopes.Add("https://graph.microsoft.com/openid");
options.UserOptions.RoleClaim = "appRole";
}).AddAccountClaimsPrincipalFactory<RemoteAuthenticationState, CustomUserAccount,
CustomUserFactory>();
它返回False。这些角色作为键值对添加到声明中,如“appRole”:“ADMIN”。但是,是否未设置授权服务器上的角色?此外,它还显示在任何视图的上下文中
我需要做什么来确保获得这些角色。问题可能是,在角色授权中,您使用的是角色名称,但在构造函数中,您使用的是userIdentity.AddClaim(新声明(“appRole”,role.RsecGrpId);。没有看到你的CustomUserAccount,我不确定 尝试更改: AddClaim(新声明(“appRole”,role.RsecGrpId)) 到 AddClaim(新声明(“appRole”,角色))
public class CustomUserFactory
: AccountClaimsPrincipalFactory<CustomUserAccount>
{
private readonly ILogger<CustomUserFactory> logger;
private readonly IHttpClientFactory clientFactory;
public IUserService _userService { get; set; }
public CustomUserFactory(IAccessTokenProviderAccessor accessor,IUserService userService,
ILogger<CustomUserFactory> logger)
: base(accessor)
{
this.logger = logger;
_userService = userService;
}
public async override ValueTask<ClaimsPrincipal> CreateUserAsync(
CustomUserAccount account,
RemoteAuthenticationUserOptions options)
{
var initialUser = await base.CreateUserAsync(account, options);
if (initialUser.Identity.IsAuthenticated)
{
var userIdentity = (ClaimsIdentity)initialUser.Identity;
if (_userService != null)
{
var roles = await _userService.GetUserRolesByUserName("UsernameTest").ConfigureAwait(true);
Console.WriteLine("roles count before: " + roles?.Count);
Console.WriteLine("claims count before: " + userIdentity.Claims.Count());
foreach (var role in roles)
{
// userIdentity.AddClaim(new Claim(ClaimTypes.Role, role.RsecGrpId));
userIdentity.AddClaim(new Claim("appRole", role.RsecGrpId));
}
Console.WriteLine("roles count after: " + roles?.Count);
Console.WriteLine("claims count after: " + userIdentity.Claims.Count());
}
Console.WriteLine("printing claims");
foreach (var item in userIdentity.Claims)
{
Console.WriteLine(item?.Value);
Console.WriteLine(item?.Type);
}
}
return initialUser;
}
}
@attribute [Authorize(Roles = "ADMIN")]