我正在使用Identityserver 4创建IDP。服务器已启动并正在运行。但现在我想限制谁可以创建用户。在我的方案中,管理员在服务器上本地登录并添加/删除/等用户。
因此,在布局文件中,我正在尝试获取自己定义的名为user_type的声明来检查登录用户是否为管理员。我正在尝试使用此代码执行此操作:
@using IdentityServer4.Extensions
@{
string name = null;
string type_user = null;
if (!true.Equals(ViewData["signed-out"]))
{
name = Context.User?.GetDisplayName();
type_user = Context.User?.Claims?.FirstOrDefault(g => g.Type ==
"type_user")?.Value;
}
}
带配置的启动类:
public Startup(IHostingEnvironment env)
{
var builder = new ConfigurationBuilder()
.SetBasePath(env.ContentRootPath)
.AddJsonFile("appsettings.json", optional: false, reloadOnChange: true)
.AddJsonFile($"appsettings.{env.EnvironmentName}.json", optional: true, reloadOnChange: true)
.AddEnvironmentVariables();
Configuration = builder.Build();
}
// This method gets called by the runtime. Use this method to add services to the container.
// For more information on how to configure your application, visit https://go.microsoft.com/fwlink/?LinkID=398940
public void ConfigureServices(IServiceCollection services)
{
var connectionString = secret;
services.AddEntityFrameworkNpgsql().AddDbContext<UserContext>(o => o.UseNpgsql(connectionString));
services.AddScoped<IUserRepository, UserRepository>();
var identityServerDataDBConnectionString =
secret;
var migrationsAssembly = typeof(Startup).GetTypeInfo().Assembly.GetName().Name;
services.AddAuthentication(CookieAuthenticationDefaults.AuthenticationScheme)
.AddCookie();
services.AddMvc();
services.AddIdentityServer()
.AddSigningCredential(LoadCertificateFromStore())
.AddJanssenUserStore()
.AddInMemoryClients(InMemoryConfig.GetClients())
.AddInMemoryIdentityResources(InMemoryConfig.GetIdentityResources())
.AddInMemoryApiResources(InMemoryConfig.GetApiResource())
.AddOperationalStore((options =>
{
options.ConfigureDbContext = builder =>
builder.UseNpgsql(identityServerDataDBConnectionString,
b => b.MigrationsAssembly(migrationsAssembly));
}));
}
// This method gets called by the runtime. Use this method to configure the HTTP request pipeline.
public void Configure(IApplicationBuilder app, IHostingEnvironment env, ILoggerFactory loggerFactory, UserContext userContext,
PersistedGrantDbContext persistedGrantDbContext)
{
loggerFactory.AddConsole();
if (env.IsDevelopment())
{
app.UseDeveloperExceptionPage();
}
persistedGrantDbContext.Database.Migrate();
userContext.Database.Migrate();
userContext.EnsureSeedDataForContext();
app.UseIdentityServer();
app.UseStaticFiles();
app.UseMvcWithDefaultRoute();
}
登录并检查Context.user的值时,我注意到用户中存在声明。但是缺少type_user。我使用IdentityServer4中的Quickstart GUI。
我认为我应该做的是以某种方式声明范围。但我不确定如何做到这一点。
有人有个主意吗?
感谢您的帮助