我正在设置身份服务器,并且无法理解为什么我无法从我的MVC网站访问新添加的声明。
我正在使用快速启动示例no 5:(Link on github)在身份服务器中进行以下更改:
public static IEnumerable<IdentityResource> GetIdentityResources()
{
return new List<IdentityResource>
{
new IdentityResources.OpenId(),
new IdentityResources.Profile(),
**new IdentityResource
{
Name = JwtClaimTypes.Role,
DisplayName = JwtClaimTypes.Role,
UserClaims = { JwtClaimTypes.Role }
}**
};
}
public static IEnumerable<Client> GetClients()
{
// client credentials client
return new List<Client>
{
new Client
{
ClientId = "mvc",
ClientName = "MVC Client",
AllowedGrantTypes = GrantTypes.HybridAndClientCredentials,
ClientSecrets =
{
new Secret("secret".Sha256())
},
RedirectUris = { "http://localhost:5002/signin-oidc" },
PostLogoutRedirectUris = { "http://localhost:5002/signout-callback-oidc" },
AllowedScopes =
{
IdentityServerConstants.StandardScopes.OpenId,
IdentityServerConstants.StandardScopes.Profile,
"api1",
**JwtClaimTypes.Role**
},
AllowOfflineAccess = true
}
};
}
public static List<TestUser> GetUsers()
{
return new List<TestUser>
{
new TestUser
{
SubjectId = "1",
Username = "alice",
Password = "password",
Claims = new List<Claim>
{
new Claim("name", "Alice"),
new Claim("website", "https://alice.com"),
**new Claim(JwtClaimTypes.Role, "Admin")**
}
}
};
}
并在mvc项目中进行以下更改
.AddOpenIdConnect("oidc", options =>
{
options.SignInScheme = "Cookies";
options.Authority = "http://localhost:5000";
options.RequireHttpsMetadata = false;
options.ClientId = "mvc";
options.ClientSecret = "secret";
options.ResponseType = "code id_token";
options.SaveTokens = true;
options.GetClaimsFromUserInfoEndpoint = true;
options.Scope.Add("api1");
options.Scope.Add("offline_access");
**options.Scope.Add(JwtClaimTypes.Role);**
});
然而,我没有在MVC应用程序中对ClaimsPrincipal的声明中看到角色声明。我确信有一些东西我不见了。我可以将声明添加到我的accessstoken并在那里找到它。我还试图实现一个ProfileService来在那里添加声明,但在登录后仍然无法在ClaimsPrincipal中找到它。请赐教我=)
我的个人资料服务:
public Task GetProfileDataAsync(ProfileDataRequestContext context)
{
var user = Config.GetUsers().First();
var claims = new List<Claim>
{
new Claim(JwtClaimTypes.Role, "Admin"),
};
context.IssuedClaims.AddRange(claims);
return Task.FromResult(0);
}
答案 0 :(得分:0)
好的,所以我在这个帖子https://github.com/aspnet/Security/issues/1449
中找到了答案简而言之:在.net core 2.0中,为避免cookie膨胀,您必须使用声明操作手动映射声明。
修复程序如下所示:
.AddOpenIdConnect("oidc", options =>
{
options.SignInScheme = "Cookies";
options.Authority = "http://localhost:5000";
options.RequireHttpsMetadata = false;
options.ClientId = "mvc";
options.ClientSecret = "secret";
options.ResponseType = "code id_token";
options.SaveTokens = true;
options.GetClaimsFromUserInfoEndpoint = true;
options.Scope.Add("api1");
options.Scope.Add("offline_access");
**options.Scope.Add(JwtClaimTypes.Role);**
**options.ClaimActions.MapJsonKey(JwtClaimTypes.Role, JwtClaimTypes.Role);**
});