IdentityServer4具有Windows身份验证和自定义声明

时间:2018-05-28 13:30:13

标签: identityserver4

我对Windows身份验证和自定义声明有疑问 我有一个带有Windows身份验证的identityServer和User.Identity.Name显示我的AD名称。 但我无法理解,我应该如何从我的存储中向该用户添加一些属性。我现在有这样的事情:

var claims = new List<Claim> {
      new Claim("devhomepage", "www.devsite.com", ClaimValueTypes.String)};
var userIdentity = new ClaimsIdentity(claims, "siteinfo");
User.AddIdentity(userIdentity);
await HttpContext.SignInAsync(User);
return RedirectToLocal(returnUrl);

它不起作用:-)我的客户将无法获得授权。

这是服务器的配置

new Client
                {
                    ClientId = "mvc",
                    ClientName = "MVC Client",
                    AllowedGrantTypes = GrantTypes.HybridAndClientCredentials,
                    ClientSecrets =
                    {
                        new Secret("secret".Sha256())
                    },
                    RedirectUris = {"http://localhost:60640/signin-oidc"},// where to redirect to after login
                    PostLogoutRedirectUris = {"http://localhost:60640/signout-callback-oidc"},// where to redirect to after logout
                    AllowedScopes = new List<string>
                    {
                        IdentityServerConstants.StandardScopes.OpenId,
                        IdentityServerConstants.StandardScopes.Profile,
                    },
                    AllowOfflineAccess = true,
                    RequireConsent = false

并且不是客户

services.AddAuthentication(options =>
                {
                    options.DefaultScheme = "Cookies";
                    options.DefaultChallengeScheme = "oidc";
                })
                .AddCookie("Cookies")
                .AddOpenIdConnect("oidc", options =>
                {
                    options.SignInScheme = "Cookies";
                    options.Authority = "http://localhost:49245/";
                    options.RequireHttpsMetadata = false;
                    options.ClientId = "mvc";
                    options.ClientSecret = "secret";
                    options.ResponseType = "code id_token";
                    options.GetClaimsFromUserInfoEndpoint = true;
                    options.SaveTokens = true;
                });

1 个答案:

答案 0 :(得分:0)

对于SignIn我必须使用带有方法SignInAsync的Microsoft.AspNetCore.Identity.SignInManager类(/ *我应该雇用一个TUser对象,我存储在我的数据库中,并使用我的AD帐户进行映射* /)

使用自定义声明(将用于IS4中包含自定义声明的所有示例):

public class ProfileService : IProfileService
    {
        protected UserManager<IdentityUser> _userManager;

        public ProfileService(UserManager<IdentityUser> userManager)
        {
            _userManager = userManager;
        }

        public async Task GetProfileDataAsync(ProfileDataRequestContext context)
        {
            //>Processing
            var user = await _userManager.GetUserAsync(context.Subject);
            //my custom claims
            var claims = new List<Claim>
                {
                    new Claim("devhomepage", "www"),
                    new Claim("reporting","reps")
                };

            context.IssuedClaims.AddRange(claims);
        }

        public async Task IsActiveAsync(IsActiveContext context)
        {
            //>Processing
            var user = await _userManager.GetUserAsync(context.Subject);

            context.IsActive = (user != null);
        }
    }

但是这项服务我必须在我的IdentityService

之后注册 
services.AddIdentityServer()
...
services.AddTransient<IProfileService, ProfileService>();
}
配置服务的

相关问题
最新问题