我将EF6与IdentityServer4一起使用。一切都是数据库-用户,声明和客户。
如何从我的不记名令牌中获取用户的角色给客户?目前,我已经为用户分配了名为CustomerAdministrator
的角色,但是无法将其删除。
我的CustomerAdministrator
角色已添加到表中:
我想念什么? 令牌结果:
{
"sid": "20d62652c0504f2b521c8a7c24ee7320",
"sub": "a997a3ad-82bd-430f-9191-5b95408967b1",
"auth_time": 1553518560,
"idp": "local",
"amr": [
"pwd"
],
"name": "Bob Smith",
"given_name": "Bob",
"family_name": "Smith",
"preferred_username": "bob"
}
我在Stack Overflow上发现的其他解决方案似乎是基于内存解决方案的。
注意:这全部基于IdentityServer4的Combined_AspId_and_EFStorage
示例。
在数据库中:
ApsNetRoleClaims
1 | -uudi- | role | CustomerAdministrator
ApsNetRoles
1 | -uudi- | CustomerAdministrator | CustomerAdministrator | -uuid
ApsNetUserRoles
1 | -uuid User- | -uuid RoleId-
ClientScopes
3 | api1 | 1
4 | openid | 4
5 | profile | 4
6 | api | 4
7 | profile | 3
8 | api | 3
10 | role | 1
11 | role | 2
12 | role | 3
13 | role | 4
IdentityResources
1 | 1 | openip | Your user identifier | NULL | 1 | 0 | 1 | ...
2 | 1 | profile| You profile... | ... | 0 | 1 | 1 | ...
3 | 6 | role | User Role | Role | 1 | 1 | 1 | ...
答案 0 :(得分:0)
您是说要从客户端站点的JWT-Token中登录用户的角色吗? 如果是,则可以在Claim对象中传递角色名称或角色ID。
List<string> roleNames = _userManager.GetRolesAsync(user).Result.ToList();
string userRoles = "";
foreach(string rname in roleNames)
{
if (userRoles.Trim().Length == 0)
userRoles = rname;
else
userRoles = userRoles + "," + rname;
}
var claims = new List<Claim>
{
new Claim("UserId", user.Id),
new Claim("UserName", user.UserName),
new Claim("UserRoles", userRoles),
new Claim(ClaimTypes.Role,roleNames.FirstOrDefault()),
new Claim(ClaimTypes.Sid, user.Id)
};
从客户站点按角度
OnSubmit(userName,password){
const jwtHelper = new JwtHelperService();
this.accountService.userAuthentication(userName,password).subscribe((data : any)=>{
var decodedToken=jwtHelper.decodeToken(data.toString());
var userRoles = decodedToken.UserRoles;
});