我有一个使用Identityserver4和ElmahCore的简单项目。 我添加了自定义IProfileService和IResourceOwnerPasswordValidator 身份验证就像一个超级按钮,但是当我尝试限制Elmah访问时,我在Profile Service中添加的自定义声明不会显示在委托人中。
services.AddElmah<SqlErrorLog>(
options => {
options.CheckPermissionAction = context => context.User.Identity.IsAuthenticated;
}
);
用户身份已存在并已通过身份验证,但是存在的唯一声明是sub,name,auth_time,idp和amr。
其他自定义声明未显示。
sub的值设置为我期望的值。
在致电services.AddIdentityServer()之前,我还添加了这一行,但没有改变:
services.AddScoped<IUserClaimsPrincipalFactory<HaproUser>, AppClaimsPrincipalFactory>();
应用程序配置如下设置:
public void Configure(IApplicationBuilder app)
{
app.UseForwardedHeaders(
new ForwardedHeadersOptions
{
ForwardedHeaders = ForwardedHeaders.XForwardedProto
}
);
if (Environment.IsDevelopment())
{
app.UseDeveloperExceptionPage();
}
app.UseFileServer();
app.UseIdentityServer();
app.UseMvcWithDefaultRoute();
app.UseElmah();
}
服务配置是这样的:
services.AddMvc();
services.AddScoped<IUserClaimsPrincipalFactory<HaproUser>, AppClaimsPrincipalFactory>();
var builder = services.AddIdentityServer()
.AddInMemoryIdentityResources(Config.GetIdentityResources())
.AddInMemoryApiResources(Config.GetApis())
.AddInMemoryClients(Config.GetClients());
builder.Services.AddSingleton<IUserRepository, UserRepository>();
builder.AddProfileService<HaproProfileService>();
builder.AddResourceOwnerValidator<HaproPasswordValidator>();
if (Environment.IsDevelopment())
{
builder.AddDeveloperSigningCredential();
}
ProfileService非常简单:
public class HaproProfileService : IProfileService
{
// IsActiveAsync omitted
public Task GetProfileDataAsync(ProfileDataRequestContext context)
{
var sub = context.Subject.GetSubjectId();
var claims = context.RequestedClaimTypes.Select(type => MapClaim(type, user)).ToList();
context.AddRequestedClaims(claims);
return Task.FromResult(0);
}
private static Claim MapClaim(string type, HaproUser user)
{
switch (type)
{
case "name":
return new Claim(type, user.DisplayName);
// Omitted cases here
}
}
}