向AAD OpenIDConnect身份验证的用户添加自定义声明

时间:2019-05-14 19:44:59

标签: c# .net azure-active-directory openid-connect claims

我有一个MVC应用程序.NET v。4.5.2,在其中我需要向AAD OpenIDConnect身份验证的用户添加自定义声明。

验证码(Startup.cs):

    string clientId = System.Configuration.ConfigurationManager.AppSettings["ClientId"];
    string redirectUrl = System.Configuration.ConfigurationManager.AppSettings["redirectUrl"];
    static string tenant = System.Configuration.ConfigurationManager.AppSettings["Tenant"];
    string authority = String.Format(System.Globalization.CultureInfo.InvariantCulture, System.Configuration.ConfigurationManager.AppSettings["Authority"], tenant);

    public void Configuration(IAppBuilder app)
    {
        app.SetDefaultSignInAsAuthenticationType(CookieAuthenticationDefaults.AuthenticationType);
        app.UseCookieAuthentication(new CookieAuthenticationOptions());
        app.UseOpenIdConnectAuthentication(
            new OpenIdConnectAuthenticationOptions
            {
            ClientId = clientId,
                Authority = authority,
                RedirectUri = redirectUrl,

            PostLogoutRedirectUri = redirectUrl,

            Scope = OpenIdConnectScope.OpenIdProfile,

            ResponseType = OpenIdConnectResponseType.IdToken,

            TokenValidationParameters = new TokenValidationParameters()
                {
                    ValidateIssuer = true
                },

            Notifications = new OpenIdConnectAuthenticationNotifications
                {
                    AuthenticationFailed = OnAuthenticationFailed,
                    AuthorizationCodeReceived = async context =>
                    {
                        var id = new ClaimsIdentity(context.AuthenticationTicket.Identity.AuthenticationType);
                        //var id = new ClaimsIdentity(CookieAuthenticationDefaults.AuthenticationType);

                        id.AddClaims(context.AuthenticationTicket.Identity.Claims);
                        var appToken = context.ProtocolMessage.AccessToken;
                        id.AddClaim(new Claim("MyTestClaim", appToken));
                        id.AddClaim(new Claim("MyTestClaim2", "TestValue"));

                        context.AuthenticationTicket = new AuthenticationTicket
                        (
                             new ClaimsIdentity(id.Claims, context.AuthenticationTicket.Identity.AuthenticationType),
                               context.AuthenticationTicket.Properties
                        );
                    }
               }
            }
        );

home控制器中的以下行始终为空:

var userClaims = User.Identity as System.Security.Claims.ClaimsIdentity;
var test = userClaims?.FindFirst("MyTestClaim")?.Value;

显示了来自通过身份验证的用户的所有声明,但是我无法显示“ MyTestClaim”。

1 个答案:

答案 0 :(得分:0)

结果是我的代码在错误的OpenIdConnectAuthenticationNotifications部分中。我应该使用SecurityTokenValidation而不是使用AuthorizationCodeReceived。到目前为止,在此处添加自定义声明还可以确保当用户导航至应用中的其他页面时,自定义声明不会消失。

private void dataReporte_CellFormatting(object sender, DataGridViewCellFormattingEventArgs e)
{
    if (this.dataReporte.Columns[e.ColumnIndex].Name == "accepted")
    {
        if (Convert.ToBoolean(e.Value) == true)
        {
            dataReporte.CurrentRow.DefaultCellStyle.BackColor = Color.GreenYellow;
        }
        else
        {
            dataReporte.CurrentRow.DefaultCellStyle.BackColor = Color.Red;
        }
    }
}

Credit