我使用Identity Server 3通过几个Web客户端和一个API进行身份验证。在API项目(MVC,.NET Framework 4.8)内部,我有一个hangfire后台作业服务器,用于公开仪表板。授权是在IDashboardAuthorizationFilter的自定义实现中完成的,但是我似乎无法弄清楚用户是否已从此过滤器实现中登录了我的任何客户端(更不用说要通过API身份验证了)。显然(来自hangfire文档)我应该能够执行以下操作:
public class MyAuthorizationFilter : IDashboardAuthorizationFilter
{
public bool Authorize(DashboardContext context)
{
var owinDictionary = context.GetOwinEnvironment();
var owinContext = new OwinContext(owinDictionary);
var isauthed = owinContext.Authentication.User.Identity.IsAuthenticated;
return isauthed;
}
}
但owinContext.Authentication.User.Identity为null。我如何才能在这里获得用户信誉以验证其访问权限(如果他们已通过ID服务器登录),或者更普遍地说,有一种更好的方法来弥补我的缺失? startup.cs中的配置方法如下所示(略有缩短):
public void Configuration(IAppBuilder app)
{
...(container IoC stuff)…
Hangfire.GlobalConfiguration.Configuration.UseActivator(new WindsorJobActivator(hangfireContainer.Kernel));
app.UseIdentityServerBearerTokenAuthentication(new IdentityServerBearerTokenAuthenticationOptions
app.UseClaimsTransformation(TransformClaims);
app.UseResourceAuthorization(new CommonWeb.AuthorizationManager());
var config = new HttpConfiguration();
...(webapi config stuff)...
app.UseWebApi(config);
app.UseHangfireAspNet(GetHangfireServers);
app.UseHangfireDashboard("/hangfire", new DashboardOptions
{
Authorization = new[] { new MyAuthorizationFilter() }
});
}