C# 如何从ASP.Net OpenID Connect OWIN组件设置声明?
我对使用新的ASP.Net OpenID Connect框架在身份验证管道期间添加新声明有疑问,如下面的代码所示。我不确定幕后到底发生了多少“魔法”。我想我的大部分问题都集中在不太了解OWIN认证中间件而不是OpenID Connect 问题1。我是否应该从C# 如何从ASP.Net OpenID Connect OWIN组件设置声明?,c#,asp.net,authentication,owin,openid-connect,C#,Asp.net,Authentication,Owin,Openid Connect,我对使用新的ASP.Net OpenID Connect框架在身份验证管道期间添加新声明有疑问,如下面的代码所示。我不确定幕后到底发生了多少“魔法”。我想我的大部分问题都集中在不太了解OWIN认证中间件而不是OpenID Connect 问题1。我是否应该从OwinContext.Authentication.User手动设置HttpContext.Current.User和Thread.CurrentPrincipal 问题2。我希望能够像使用System.IdentityModel.clai
OwinContext.Authentication.User
手动设置HttpContext.Current.User
和Thread.CurrentPrincipal
问题2。我希望能够像使用System.IdentityModel.claims.claims那样,将对象类型添加到声明中。新的System.Security.Claims.Claims
类只接受字符串值吗
第三季度。我是否需要在System.Security.Claims.CurrentPrincipal
中为我的ClaimsPrincipal
使用新的SessionSecurityToken
包装器来序列化为cookie?我正在使用app.UseCookieAuthentication(新的CookieAuthenticationOptions())代码>但现在确定这在维护我在SecurityTokenValidated
事件期间添加的任何附加声明方面究竟起到了什么作用
public void ConfigureAuth(IAppBuilder app)
{
app.SetDefaultSignInAsAuthenticationType(CookieAuthenticationDefaults.AuthenticationType);
app.UseCookieAuthentication(new CookieAuthenticationOptions());
app.UseOpenIdConnectAuthentication(
new OpenIdConnectAuthenticationOptions
{
ClientId = clientId,
Authority = authority,
PostLogoutRedirectUri = postLogoutRedirectUri,
Notifications = new OpenIdConnectAuthenticationNotifications()
{
SecurityTokenValidated = (context) =>
{
// retriever caller data from the incoming principal
var UPN = context.AuthenticationTicket.Identity.FindFirst(ClaimTypes.Name).Value;
var db = new SOSBIADPEntities();
var user = db.DomainUser.FirstOrDefault(b => (b.EntityName == UPN));
if (user == null)
{
// the caller was not a registered user - throw to block the authentication flow
throw new SecurityTokenValidationException();
}
var applicationUserIdentity = new ClaimsIdentity();
applicationUserIdentity.AddClaim(new Claim(ClaimTypes.Name, UPN, ""));
applicationUserIdentity.AddClaim(new Claim(ClaimTypes.Sid, user.ID.ToString(CultureInfo.InvariantCulture)));
var applications =
db.ApplicationUser
.Where(x => x.ApplicationChild != null && x.DomainUser.ID == user.ID)
.Select(x => x.ApplicationChild).OrderBy(x => x.SortOrder);
applications.ForEach(x =>
applicationUserIdentity.AddClaim(new Claim(ClaimTypes.System, x.ID.ToString(CultureInfo.InvariantCulture))));
context.OwinContext.Authentication.User.AddIdentity(applicationUserIdentity);
var hasOutlook = context.OwinContext.Authentication.User.HasClaim(ClaimTypes.System, "1");
hasOutlook = hasOutlook;
HttpContext.Current.User = context.OwinContext.Authentication.User;
Thread.CurrentPrincipal = context.OwinContext.Authentication.User;
var usr = HttpContext.Current.User;
var c = System.Security.Claims.ClaimsPrincipal.Current.Claims.Count();
return Task.FromResult(0);
},
}
}
);
}
您添加新的索赔实体
是否有特定原因
实现目标的最简单方法是通过ClaimsIdentity claimsId=context.AuthenticationTicket.Identity,检索通过验证传入令牌生成的ClaimsIdentity
代码>一旦拥有了它,只需添加声明即可。中间件的其余部分将负责在会话cookie中序列化它以及其他所有内容,将结果放入当前的ClaimsPrincipal
,以及您似乎要手动执行的所有其他操作。
HTH
五,