2

感谢@leastprivilege,我离我想要实现的目标更近了。

我在声明中添加了一些自定义值(不是我自己的原创作品!!)

更新 Auth.Startup 文件后

  public partial class Startup
{
    static Startup()
    {
        PublicClientId = "self";

        UserManagerFactory = () => new UserManager<IdentityUser>(new UserStore<IdentityUser>());

        OAuthOptions = new OAuthAuthorizationServerOptions
        {
            TokenEndpointPath = new PathString("/Token"),
            Provider = new ApplicationOAuthProvider(PublicClientId, UserManagerFactory),
            AuthorizeEndpointPath = new PathString("/api/Account/ExternalLogin"),
            AccessTokenExpireTimeSpan = TimeSpan.FromDays(14),
            AllowInsecureHttp = true
        };
    }

    public static OAuthAuthorizationServerOptions OAuthOptions { get; private set; }

    public static Func<UserManager<IdentityUser>> UserManagerFactory { get; set; }

    public static string PublicClientId { get; private set; }

    // For more information on configuring authentication, please visit http://go.microsoft.com/fwlink/?LinkId=301864
    public void ConfigureAuth(IAppBuilder app)
    {
        // Enable the application to use a cookie to store information for the signed in user
        // and to use a cookie to temporarily store information about a user logging in with a third party login provider
        app.UseCookieAuthentication(new CookieAuthenticationOptions());
        app.UseExternalSignInCookie(DefaultAuthenticationTypes.ExternalCookie);

        // transform claims to application identity
        app.UseClaimsTransformation(TransformClaims);


        // Enable the application to use bearer tokens to authenticate users
        app.UseOAuthBearerTokens(OAuthOptions);



        // Uncomment the following lines to enable logging in with third party login providers
        //app.UseMicrosoftAccountAuthentication(
        //    clientId: "",
        //    clientSecret: "");

        //app.UseTwitterAuthentication(
        //    consumerKey: "",
        //    consumerSecret: "");

        //app.UseFacebookAuthentication(
        //    appId: "",
        //    appSecret: "");

        //app.UseGoogleAuthentication();
    }

    private Task<ClaimsPrincipal> TransformClaims(ClaimsPrincipal incoming)
    {
        if (!incoming.Identity.IsAuthenticated)
        {
            return Task.FromResult<ClaimsPrincipal>(incoming);
        }

        // parse incoming claims - create new principal with app claims
        var claims = new List<Claim>
        {
            new Claim(ClaimTypes.Role, "foo"),
            new Claim(ClaimTypes.Role, "bar")
        };

        var nameId = incoming.FindFirst(ClaimTypes.NameIdentifier);
        if (nameId != null)
        {
            claims.Add(nameId);
        }

        var thumbprint = incoming.FindFirst(ClaimTypes.Thumbprint);
        if (thumbprint != null)
        {
            claims.Add(thumbprint);
        }

        var id = new ClaimsIdentity("Application");
        id.AddClaims(claims);

        return Task.FromResult<ClaimsPrincipal>(new ClaimsPrincipal(id));
    }

}

我尝试通过以下方式访问声明类型角色

var cp = ClaimsPrincipal.Current.Identities;

但是,通过挖掘我似乎找不到任何对 ClaimTypes.Role 的引用。

我是否试图以错误的方式访问该角色?

4

1 回答 1

0

OWIN 中的订单很重要 - 将声明转换放在令牌中间件之后。

于 2014-02-11T12:13:14.823 回答