在我的Asp.Net Core应用程序中,我想向我的ClaimsIdentity添加自定义声明,以便我可以在我的应用程序的不同层中访问它们。为此,我添加了以下代码
启动
services.AddSingleton<IHttpContextAccessor, HttpContextAccessor>();
services.AddTransient<IPrincipal>(
provider => provider.GetService<IHttpContextAccessor>().HttpContext.User);
services.AddTransient<IClaimsTransformation, ClaimsTransformer>();
ClaimsTransformer
public class ClaimsTransformer : IClaimsTransformation
{
private readonly IUnitOfWork _unitOfWork;
private readonly IPrincipal _principal;
public ClaimsTransformer(IUnitOfWork unitOfWork, IPrincipal principal)
{
_unitOfWork = unitOfWork;
_principal = principal;
}
public Task<ClaimsPrincipal> TransformAsync(ClaimsPrincipal principal)
{
var currentPrincipal = (ClaimsIdentity)_principal.Identity;
var identity = (ClaimsIdentity)principal.Identity;
if (currentPrincipal.Claims.All(p => p.Type != "UserId"))
{
var person = _unitOfWork.PersonRepository.GetPersonBySubjectId(principal.Claims.First(p => p.Type == "sub").Value);
person.Wait();
if (person.Result != null)
{
currentPrincipal.AddClaim(new Claim("UserId", person.Result.Id.ToString()));
currentPrincipal.AddClaim(new Claim("TenantId", person.Result.PersonTeams.FirstOrDefault(p => p.Team.TeamType == TeamType.OrganizationTeam)?.Team.OrganizationId.ToString()));
if (principal.Claims.Any(p => p.Type == "Admin"))
{
currentPrincipal.AddClaim(new Claim("Admin", "True"));
}
}
foreach (var claim in identity.Claims)
{
currentPrincipal.AddClaim(claim);
}
}
return Task.FromResult(principal);
}
}
我不明白的是,当我运行我的Claimtrnsformation并逐步执行代码时,所有需要的声明都可用,但是当我将我的IPrincipal注入自定义类时,声明集合是空的,当我没有使用ClaimsTransformation,索赔可以通过注入的IPrincipal获得。
要解决此问题,我将我的IPrincipal添加到ClaimsTransformer并从TransformAsync输入参数复制声明并添加UserId和TenantId。 这是有效的,但我遇到的问题是我不明白为什么在运行ClaimsTransformer时删除了声明,为什么我需要添加 hack
答案 0 :(得分:2)
我在同一个地方。 我不得不删除IPrincipal DI
<强>启动
services.AddSingleton<IHttpContextAccessor, HttpContextAccessor>();
services.AddTransient<IClaimsTransformation, ClaimsTransformer>();
services.AddAuthentication(IISDefaults.AuthenticationScheme);
services.AddAuthorization(options =>
{
options.AddPolicy("SystemAdminOnly", policy => policy.RequireClaim(ClaimTypes.Role, "SystemAdmin"));
});
<强> ClaimsTransformer
public ClaimsTransformer(IRepository repository, IHttpContextAccessor httpContextAccessor/*, IPrincipal principal*/, IMemoryCache cache)
{
_repository = repository;
_httpContextAccessor = httpContextAccessor;
// _principal = principal;
_cache = cache;
}
public async Task<ClaimsPrincipal> TransformAsync(ClaimsPrincipal principal)
{
if (principal.Identity.IsAuthenticated)
{
var currentPrincipal = (ClaimsIdentity)principal.Identity;//_principal.Identity;
var ci = (ClaimsIdentity)principal.Identity;
var cacheKey = ci.Name;
if (_cache.TryGetValue(cacheKey, out List<Claim> claims))
{
currentPrincipal.AddClaims(claims);
}
else
{
claims = new List<Claim>();
var isUserSystemAdmin = await _repository.IsUserAdmin(ci.Name);
if (isUserSystemAdmin)
{
var c = new Claim(ClaimTypes.Role, "SystemAdmin");
claims.Add(c);
}
_cache.Set(cacheKey, claims);
currentPrincipal.AddClaims(claims);
}
//foreach (var claim in ci.Claims)
//{
// currentPrincipal.AddClaim(claim);
//}
}
return await Task.FromResult(principal);
}
它有效!