向 AspNetCore Azure Authenticated Application 添加自定义声明

问题描述

我正在通过这行代码使用 AspNetCore 模板授权:

I am using the AspNetCore template authorization with this line of code:

       services.AddAuthentication(AzureADDefaults.AuthenticationScheme)
            .AddAzureAD(options => Configuration.Bind("AzureAd", options));

用户获得 Azure 授权后，如何添加我的自定义声明?

How can I add my custom Claims after the user is authorized by Azure?

推荐答案

您可以在OIDC事件的OnTokenValidated中添加自定义cliams:

You can add custom cliams in OnTokenValidated of OIDC event :

services.AddAuthentication(AzureADDefaults.AuthenticationScheme)
            .AddAzureAD(options => Configuration.Bind("AzureAd", options));


services.Configure<OpenIdConnectOptions>(AzureADDefaults.OpenIdScheme, options =>
{
    options.Events = new OpenIdConnectEvents
    {
        OnTokenValidated = ctx =>
        {


            // add claims
            var claims = new List<Claim>
            {
                new Claim(ClaimTypes.Role, "Admin")
            };
            var appIdentity = new ClaimsIdentity(claims);

            ctx.Principal.AddIdentity(appIdentity);

            return Task.CompletedTask;
        },
    };
});

然后在控制器中，您可以获得如下声明:

Then in controller , you can get the claim like :

var role = User.Claims.FirstOrDefault(c => c.Type == ClaimTypes.Role)?.Value;

这篇关于向 AspNetCore Azure Authenticated Application 添加自定义声明的文章就介绍到这了，希望我们推荐的答案对大家有所帮助，也希望大家多多支持跟版网！