IdentityServer AspNetIdentity AspNetUserClaims不在客户端

时间:2017-02-14 16:34:40

标签: asp.net-identity identityserver3

我正在使用IdentityServer3与IdentityServer3.AspNetIdentity使用OpenId客户端我可以成功进行身份验证,但是AspNetUserClaims表中保存的声明不会发送到客户端。 IdentityServer配置为:

  1. 混合流程
  2. 始终发送客户声明
  3. 范围:openid个人资料电子邮件
  4. 我添加了一个基于AspNetIdentityUserService的自定义类,并覆盖了GetClaimsFromAccount方法。我提供了与原始(https://github.com/IdentityServer/IdentityServer3.AspNetIdentity/blob/master/source/IdentityServer3.AspNetIdentity/IdentityServer3.AspNetIdentity.cs)相同的实现并设置了断点 - 我可以看到AspNetUserClaims中保存的所有声明,但它们未包含在客户端的声明集合中。

    我的客户代码是:

    OpenIdConnectAuthenticationOptions openIdConnectAuthenticationOptions = new OpenIdConnectAuthenticationOptions
                {
                    //BackchannelTimeout = TimeSpan.FromMinutes(sessionTimeoutInMinutes),
                    ClientId = "xxx",
                    Authority = "https://xxx/core",
                    PostLogoutRedirectUri = "https://localhost:44304",
                    ResponseType = "code id_token token",
                    Scope = "openid profile email",
                    Notifications = new OpenIdConnectAuthenticationNotifications()
                    {
                        SecurityTokenValidated =  async (context) =>
                        {
                            //string userId = context.AuthenticationTicket.Identity.FindFirst(ClaimTypes.Name).Value;
                            var id_token = context.ProtocolMessage.IdToken;
    
                            var abc = new JwtSecurityToken(id_token);
    
                            var def = abc.Claims;
    
                            List<Claim> claims = new List<Claim>();
    
                            UserInfoClient userInfoClient = new UserInfoClient(new Uri("https://shaves2u.azurewebsites.net/core/connect/userinfo"), context.ProtocolMessage.AccessToken);
    
                            var userInfo = await userInfoClient.GetAsync();
                            userInfo.Claims.ToList().ForEach(ui => claims.Add(new Claim(ui.Item1, ui.Item2)));
    
                            return;
    
                            //return Task.FromResult(0);
                        },
                        RedirectToIdentityProvider = (context) =>
                        {
                            string appBaseUrl = context.Request.Scheme + "://" + context.Request.Host + context.Request.PathBase;
                            context.ProtocolMessage.RedirectUri = appBaseUrl + "/";
                            context.ProtocolMessage.PostLogoutRedirectUri = appBaseUrl + "/";
    
                            if (context.ProtocolMessage.RequestType == OpenIdConnectRequestType.LogoutRequest)
                            {
                                Claim idTokenHint = context.OwinContext.Authentication.User.FindFirst("id_token");
    
                                if (idTokenHint != null)
                                {
                                    context.ProtocolMessage.IdTokenHint = idTokenHint.Value;
                                }
                            }
    
                            return Task.FromResult(0);
                        },
                        AuthorizationCodeReceived = (context) =>
                        {
                            ClaimsIdentity identity = context.AuthenticationTicket.Identity;
    
                            identity.AddClaim(new Claim("id_token", context.ProtocolMessage.IdToken));
    
                            context.AuthenticationTicket = new Microsoft.Owin.Security.AuthenticationTicket(identity, context.AuthenticationTicket.Properties);
    
                            return Task.FromResult(0);
                        },
                        AuthenticationFailed = (context) =>
                        {
                            if (context.Exception.Message.StartsWith("OICE_20004") || context.Exception.Message.Contains("IDX10311"))
                            {
                                context.SkipToNextMiddleware();
                                return Task.FromResult(0);
                            }
                            return Task.FromResult(0);
                        }
                    }
                };
    

    来自代码abc.Claims不包含来自AspNetUserClaims的任何声明,也不包含userInfo.Claims。

    有人可以帮忙吗?

1 个答案:

答案 0 :(得分:1)

对于遇到同样问题的其他人,我想分享我的解决方案。最后,这是一个配置设置。将Scope的IncludeAllClaimsForUser设置为true。我为我的应用程序创建了一个新的Scope,但是在配置文件范围上设置此属性也应该有效。