Welcome to OStack Knowledge Sharing Community for programmer and developer-Open, Learning and Share
Welcome To Ask or Share your Answers For Others

Categories

0 votes
964 views
in Technique[技术] by (71.8m points)

identityserver4 - 如何使用IdentityServer4为MVC客户端添加其他声明(How to add additional claims for MVC client with IdentityServer4)

I'm using the IdentityServer4 "AspNetCoreAndApis" sample application found here

(我正在使用此处找到的IdentityServer4“ AspNetCoreAndApis”示例应用程序)

It has a token server and an MVC client application.

(它具有令牌服务器和MVC客户端应用程序。)

The identity server project has an external OIDC authentication provider set up using their demo server - https://demo.identityserver.io/

(身份服务器项目外部OIDC认证供应商建立使用他们的演示服务器- https://demo.identityserver.io/)

After hitting a protected endpoint in MvcClient , being redirected to the local identity server, choosing and authenticating with the demo server, it reaches the ExternalController callback of the local identity server.

(在MvcClient命中受保护的终结点MvcClient ,将其重定向到本地身份服务器,选择演示服务器并进行身份验证,它到达本地身份服务器的ExternalController回调。)

At this point I would like to issue additional claims to the user, and have them be available in MvcClient .

(在这一点上,我想向用户发出其他声明,并使它们在MvcClient可用。)

There's code in the callback to add additionalLocalClaims and issue a cookie.

(回调中包含添加additionalLocalClaims LocalClaims并发出Cookie的代码。)

I tried adding another claim:

(我尝试添加另一个声明:)

var additionalLocalClaims = new List<Claim>();
additionalLocalClaims.Add(new Claim("TestKey", "TestValue"));
await HttpContext.SignInAsync(user.SubjectId, user.Username, provider, localSignInProps, additionalLocalClaims.ToArray());

But by the time the user arrives in the HomeController of MvcClient this claim is not there.

(但是,当用户到达MvcClientHomeController ,该声明就不存在了。)

I think I don't properly understand which authentication scheme is being used where, and the function of the relevant cookies.

(我想我不太了解在哪里使用哪种身份验证方案以及相关cookie的功能。)

EDIT:

(编辑:)

In response to the first comment below, I tried attaching a claim to a requested scope, but still no luck - this is the in memory resource store:

(为了响应下面的第一条评论,我尝试将声明附加到请求的范围,但是仍然没有运气-这是内存资源存储区:)

public static IEnumerable<ApiResource> Apis
    {
        get
        {
            var apiResource = new ApiResource("api1", "My API");
            apiResource.UserClaims.Add("TestKey");
            var resources = new List<ApiResource>
            {
                apiResource
            };
            return resources;
        }
    }

The MvcClient is both allowed the api1 scope, and requests it.

(MvcClient既可以使用api1范围,也可以请求它。)

  ask by user888734 translate from so

与恶龙缠斗过久,自身亦成为恶龙;凝视深渊过久,深渊将回以凝视…
Welcome To Ask or Share your Answers For Others

1 Answer

0 votes
by (71.8m points)
等待大神答复

与恶龙缠斗过久,自身亦成为恶龙;凝视深渊过久,深渊将回以凝视…
Welcome to OStack Knowledge Sharing Community for programmer and developer-Open, Learning and Share
Click Here to Ask a Question

...