Question

我在azure Web应用程序上托管了一个网站解决方案（.net框架/网络表单）。

我想检索（在Global.Asax的Session_Start中）当前的天蓝色AD用户信息，但是不适用于此代码：

    if (((System.Security.Claims.ClaimsIdentity)User.Identity) != null)
        string IdentityName = ((System.Security.Claims.ClaimsIdentity)User.Identity).Name;

    if (System.Security.Claims.ClaimsPrincipal.Current.FindFirst(System.Security.Claims.ClaimTypes.Name) != null)
        string name = System.Security.Claims.ClaimsPrincipal.Current.FindFirst(System.Security.Claims.ClaimTypes.Name).Value;

    if (System.Security.Claims.ClaimsPrincipal.Current.FindFirst("http://schemas.microsoft.com/identity/claims/objectidentifier") != null)
        string ObjectId = System.Security.Claims.ClaimsPrincipal.Current.FindFirst("http://schemas.microsoft.com/identity/claims/objectidentifier").Value;

    if (System.Security.Claims.ClaimsPrincipal.Current.FindFirst(System.Security.Claims.ClaimTypes.GivenName) != null)
        string GivenName = System.Security.Claims.ClaimsPrincipal.Current.FindFirst(System.Security.Claims.ClaimTypes.GivenName).Value;

    if (System.Security.Claims.ClaimsPrincipal.Current.FindFirst(System.Security.Claims.ClaimTypes.Surname) != null)
        string Surname = System.Security.Claims.ClaimsPrincipal.Current.FindFirst(System.Security.Claims.ClaimTypes.Surname).Value;

    if (System.Security.Claims.ClaimsPrincipal.Current.FindFirst(System.Security.Claims.ClaimTypes.Upn) != null)
        string UPN = System.Security.Claims.ClaimsPrincipal.Current.FindFirst(System.Security.Claims.ClaimTypes.Upn).Value;

    if (System.Security.Claims.ClaimsPrincipal.Current.FindFirst(System.Security.Claims.ClaimTypes.Email) != null)
        string Email = System.Security.Claims.ClaimsPrincipal.Current.FindFirst(System.Security.Claims.ClaimTypes.Email).Value;

你能帮我吗？

谢谢。

Answer 1

Global.asax Session_Start在启动会话时（即，当浏览器访问您的网站时）被调用。此时浏览器用户通常尚未登录，因此不会有任何HttpContext.Current.User.Identity.Name可供您抓住。您应该得到一个空字符串。

如果您在身份验证期间在声明中添加了用户信息，则可以通过代码获取。

Answer 2

您可以使用Graph Api通过ID检索用户详细信息，如下所示：

GET https://graph.microsoft.com/v1.0/users/{id | userPrincipalName}

您可以使用中间件来获取当前登录的用户信息，声明并添加到您的身份用户中。

 public class Middleware
    {
        private readonly RequestDelegate _next;

        public Middleware(RequestDelegate next)
        {
            _next = next;
        }

       public async Task Invoke(HttpContext httpContext)
       {
            if (httpContext.Request.Headers.ContainsKey("X-MS-CLIENT-PRINCIPAL-ID"))
            {
                 // Read headers from Azure and get jwt claims
                 var idHeader = httpContext.Request.Headers["X-MS-CLIENT-PRINCIPAL-ID"][0];
                 var idTokenHeader = httpContext.Request.Headers["X-MS-TOKEN-AAD-ID-TOKEN"][0];

                 var handler = new JwtSecurityTokenHandler();
                 var jwtToken = handler.ReadToken(idTokenHeader) as JwtSecurityToken;
                 var jwtClaims = jwtToken.Claims.ToList();
                 jwtClaims.Add(new Claim("http://schemas.microsoft.com/identity/claims/objectidentifier", idHeader));

                 // Set user in current context as claims principal
                 var identity = new GenericIdentity(idHeader);
                 identity.AddClaims(jwtClaims);

                 // Set current thread user to identity
                 httpContext.User = new GenericPrincipal(identity, null);
            }
            await _next.Invoke(httpContext);
       }


// Extension method used to add the middleware to the HTTP request pipeline.
    public static class Middleware
    {
        public static IApplicationBuilder UseMiddleware(this IApplicationBuilder builder)
        {
            return builder.UseMiddleware<Middleware>();
        }
    }

//and is startup use it like this: 
public void Configure(IApplicationBuilder app, IHostingEnvironment env)
{
   app.UseMiddleware();
}

如何在Azure Web App上托管的Web表单中检索当前的Azure AD用户信息（电子邮件，名字，姓氏）？

2 个答案: