IdentityServer4和.net核心身份 - 传递/访问声明
我在单独的项目中有一个工作的IdentityServer和MVC客户端,我还在我的asp.net身份表中存储了针对角色的声明,这是我的种子数据代码,然后分配给用户:< / p>
if (await _roleManager.FindByNameAsync("Trainer") == null)
{
//Add Traininer Role
var trainerRole = new IdentityRole("Trainer");
await _roleManager.CreateAsync(trainerRole);
await _roleManager.AddClaimAsync(trainerRole, new Claim(CustomClaimTypes.Permission, "bookings.viewrelated"));
await _roleManager.AddClaimAsync(trainerRole, new Claim(CustomClaimTypes.Permission, "bookings.updatestatus"));
await _roleManager.AddClaimAsync(trainerRole, new Claim(CustomClaimTypes.Permission, "contacts.viewrelated"));
await _roleManager.AddClaimAsync(trainerRole, new Claim(CustomClaimTypes.Permission, "locations.viewrelated"));
await _roleManager.AddClaimAsync(trainerRole, new Claim(CustomClaimTypes.Permission, "attendee.view"));
await _roleManager.AddClaimAsync(trainerRole, new Claim(CustomClaimTypes.Permission, "attendee.create"));
await _roleManager.AddClaimAsync(trainerRole, new Claim(CustomClaimTypes.Permission, "attendee.update"));
await _roleManager.AddClaimAsync(trainerRole, new Claim(CustomClaimTypes.Permission, "attendee.delete"));
}
if (await _roleManager.FindByNameAsync("Booking Management") == null)
{
//Add Traininer Role
var trainerRole = new IdentityRole("Booking Management");
await _roleManager.CreateAsync(trainerRole);
await _roleManager.AddClaimAsync(trainerRole, new Claim(CustomClaimTypes.Permission, "companies.view"));
await _roleManager.AddClaimAsync(trainerRole, new Claim(CustomClaimTypes.Permission, "companies.create"));
await _roleManager.AddClaimAsync(trainerRole, new Claim(CustomClaimTypes.Permission, "companies.edit"));
await _roleManager.AddClaimAsync(trainerRole, new Claim(CustomClaimTypes.Permission, "companies.delete"));
await _roleManager.AddClaimAsync(trainerRole, new Claim(CustomClaimTypes.Permission, "locations.view"));
await _roleManager.AddClaimAsync(trainerRole, new Claim(CustomClaimTypes.Permission, "locations.create"));
await _roleManager.AddClaimAsync(trainerRole, new Claim(CustomClaimTypes.Permission, "locations.update"));
await _roleManager.AddClaimAsync(trainerRole, new Claim(CustomClaimTypes.Permission, "locations.delete"));
await _roleManager.AddClaimAsync(trainerRole, new Claim(CustomClaimTypes.Permission, "contacts.view"));
await _roleManager.AddClaimAsync(trainerRole, new Claim(CustomClaimTypes.Permission, "contacts.create"));
await _roleManager.AddClaimAsync(trainerRole, new Claim(CustomClaimTypes.Permission, "contacts.update"));
await _roleManager.AddClaimAsync(trainerRole, new Claim(CustomClaimTypes.Permission, "contacts.delete"));
await _roleManager.AddClaimAsync(trainerRole, new Claim(CustomClaimTypes.Permission, "bookings.view"));
await _roleManager.AddClaimAsync(trainerRole, new Claim(CustomClaimTypes.Permission, "bookings.create"));
await _roleManager.AddClaimAsync(trainerRole, new Claim(CustomClaimTypes.Permission, "bookings.update"));
await _roleManager.AddClaimAsync(trainerRole, new Claim(CustomClaimTypes.Permission, "bookings.updatestatus"));
await _roleManager.AddClaimAsync(trainerRole, new Claim(CustomClaimTypes.Permission, "bookings.cancel"));
await _roleManager.AddClaimAsync(trainerRole, new Claim(CustomClaimTypes.Permission, "bookings.delete"));
await _roleManager.AddClaimAsync(trainerRole, new Claim(CustomClaimTypes.Permission, "attendee.view"));
await _roleManager.AddClaimAsync(trainerRole, new Claim(CustomClaimTypes.Permission, "attendee.create"));
await _roleManager.AddClaimAsync(trainerRole, new Claim(CustomClaimTypes.Permission, "attendee.update"));
await _roleManager.AddClaimAsync(trainerRole, new Claim(CustomClaimTypes.Permission, "attendee.delete"));
await _roleManager.AddClaimAsync(trainerRole, new Claim(CustomClaimTypes.Permission, "courses.view"));
}
if (await _roleManager.FindByNameAsync("Management") == null)
{
//Add Traininer Role
var trainerRole = new IdentityRole("Management");
await _roleManager.CreateAsync(trainerRole);
await _roleManager.AddClaimAsync(trainerRole, new Claim(CustomClaimTypes.Permission, "reporting.finance"));
await _roleManager.AddClaimAsync(trainerRole, new Claim(CustomClaimTypes.Permission, "reporting.customers"));
await _roleManager.AddClaimAsync(trainerRole, new Claim(CustomClaimTypes.Permission, "users.view"));
await _roleManager.AddClaimAsync(trainerRole, new Claim(CustomClaimTypes.Permission, "users.create"));
await _roleManager.AddClaimAsync(trainerRole, new Claim(CustomClaimTypes.Permission, "users.update"));
await _roleManager.AddClaimAsync(trainerRole, new Claim(CustomClaimTypes.Permission, "users.delete"));
await _roleManager.AddClaimAsync(trainerRole, new Claim(CustomClaimTypes.Permission, "config.view"));
}
if (await _roleManager.FindByNameAsync("Course Management") == null)
{
//Add Traininer Role
var trainerRole = new IdentityRole("Course Management");
await _roleManager.CreateAsync(trainerRole);
await _roleManager.AddClaimAsync(trainerRole, new Claim(CustomClaimTypes.Permission, "courses.view"));
await _roleManager.AddClaimAsync(trainerRole, new Claim(CustomClaimTypes.Permission, "courses.create"));
await _roleManager.AddClaimAsync(trainerRole, new Claim(CustomClaimTypes.Permission, "courses.update"));
await _roleManager.AddClaimAsync(trainerRole, new Claim(CustomClaimTypes.Permission, "courses.delete"));
}
if (await _roleManager.FindByNameAsync("Admin") == null)
{
//Add Traininer Role
var trainerRole = new IdentityRole("Admin");
await _roleManager.CreateAsync(trainerRole);
await _roleManager.AddClaimAsync(trainerRole, new Claim(CustomClaimTypes.Permission, "config.view"));
await _roleManager.AddClaimAsync(trainerRole, new Claim(CustomClaimTypes.Permission, "config.update"));
}
当我登录身份服务器时,我的权限是列表
当我使用我的MVC客户端登录时,我没有获得用户的权限
在我的MVC客户端中,我希望能够在我的导航中执行类似的操作
@if (user.HasClaim(CustomClaimTypes.Permission, "config.view"))
{
<li>
<a href="#"><i class="fa fa-cogs"></i> <span class="nav-label" data-i18n="nav.layouts">Configuration Settings</span></a>
<ul class="nav nav-second-level collapse">
<li>
<a href="/configuration#!/awardingbodies/"> <span class="nav-label" data-i18n="nav.layouts">Awarding Bodies</span></a>
</li>
</ul>
</li>
}
理想情况下,我假设您不希望不断查询数据库的检查权限,因此我认为最好通过令牌获取权限,但我失去了如何执行此操作?
编辑1:身份服务器中的客户端配置(Config.cs)
new Client
{
ClientId = "webclientmvc",
ClientName = "CRM MVC Client",
AllowedGrantTypes = GrantTypes.Hybrid,
AlwaysSendClientClaims = true,
RequireConsent = true,
ClientSecrets =
{
new Secret("secret".Sha256())
},
RedirectUris = { "http://localhost:5009/signin-oidc" },
PostLogoutRedirectUris = { "http://localhost:5009" },
AllowedScopes =
{
StandardScopes.OpenId.Name,
StandardScopes.Profile.Name,
StandardScopes.OfflineAccess.Name,
StandardScopes.Roles.Name,
StandardScopes.AllClaims.Name,
"api1",
"claims"
}
},
在MVC Client(startup.cs)中配置
public void Configure(IApplicationBuilder app, IHostingEnvironment env, ILoggerFactory loggerFactory)
{
JwtSecurityTokenHandler.DefaultInboundClaimTypeMap.Clear();
loggerFactory.AddConsole(Configuration.GetSection("Logging"));
loggerFactory.AddDebug();
if (env.IsDevelopment())
{
app.UseDeveloperExceptionPage();
}
else
{
app.UseExceptionHandler("/Home/Error");
}
app.UseCookieAuthentication(new CookieAuthenticationOptions
{
AuthenticationScheme = "Cookies",
AutomaticChallenge = true,
AutomaticAuthenticate = true,
});
app.UseOpenIdConnectAuthentication(new OpenIdConnectOptions
{
AuthenticationScheme = "oidc",
SignInScheme = "Cookies",
Authority = "http://localhost:5000",
RequireHttpsMetadata = false,
ClientId = "webclientmvc",
ClientSecret = "secret",
ResponseType = "code id_token",
Scope = { "profile", "api1", "offline_access", "roles" },
GetClaimsFromUserInfoEndpoint = true,
SaveTokens = true
});
app.UseStaticFiles();
app.UseMvcWithDefaultRoute();
}
1 个答案:
答案 0 :(得分:0)
我现在已经开始工作,但是想知道是否有人可以评论它是否正确。我从我在网上找到的一个例子中实现了我自己的IProfileService,但后来将角色部分修改为:
if (_userManager.SupportsUserRole)
{
var roles = await _userManager.GetRolesAsync(user);
claims.AddRange(roles.Select(role => new Claim(JwtClaimTypes.Role, role)));
foreach (var item in roles)
{
var role = await _roleManager.FindByNameAsync(item);
if (!(role == null))
{
claims.AddRange(await _roleManager.GetClaimsAsync(role));
}
}
}
默认实现似乎并未包含声明,因为它们被分配给角色,因此我的解决方案是遍历角色并获取声明并添加它们,这样可行,我现在可以在我的MVC网站中使用它们。 / p>
相关问题
- IdentityServer4和.net核心身份 - 传递/访问声明
- ValidateAsync Identity Server 4传递dbConnection
- 身份服务器和访问令牌声明
- IdentityServer4将client_附加到声明
- 在Identity Server 4中,我有一个用户的身份,但有0个声明
- 身份服务器 - 使用刷新令牌
- Identity Server:在MVC客户端中使用混合流向ClaimPrincipal添加声明
- ASP.Net身份和IndentityServer4声明
- IdentityServer4和ASP.Net Identity:添加其他声明
- Identity Server:如何结合客户端用户声明和提供者用户声明
最新问题
- 我写了这段代码,但我无法理解我的错误
- 我无法从一个代码实例的列表中删除 None 值,但我可以在另一个实例中。为什么它适用于一个细分市场而不适用于另一个细分市场?
- 是否有可能使 loadstring 不可能等于打印?卢阿
- java中的random.expovariate()
- Appscript 通过会议在 Google 日历中发送电子邮件和创建活动
- 为什么我的 Onclick 箭头功能在 React 中不起作用?
- 在此代码中是否有使用“this”的替代方法?
- 在 SQL Server 和 PostgreSQL 上查询,我如何从第一个表获得第二个表的可视化
- 每千个数字得到
- 更新了城市边界 KML 文件的来源?