6

我使用下面的代码在 OpenIdConnectServerProvider.AuthorizationProvider 中创建 ClaimIdentity。但是 identity.Name 没有被封印。如何允许 OpenIdConnectServer serarlize 名称?谢谢。

上一个问题在这里How to create a ClaimIdentity in asp.net 5

var user = await userManager.FindByNameAsync(context.UserName);
var factory = context.HttpContext.RequestServices.GetRequiredService<IUserClaimsPrincipalFactory<ApplicationUser>>();
var identity = await factory.CreateAsync(user);                
context.Validated(new ClaimsPrincipal(identity));
4

1 回答 1

11

为避免泄露机密数据,AspNet.Security.OpenIdConnect.Server拒绝序列化未明确指定目的地的声明。

要序列化名称(或任何其他声明),您可以使用.SetDestinations扩展名:

var principal = await factory.CreateAsync(user);

var name = principal.FindFirst(ClaimTypes.Name);
if (name != null) {
    // Use "id_token" to serialize the claim in the identity token or "access_token"
    // to serialize it in the access token. You can also specify both destinations.
    name.SetDestinations(OpenIdConnectConstants.Destinations.AccessToken,
                         OpenIdConnectConstants.Destinations.IdentityToken);
}

context.Validate(principal);

添加声明时,您还可以使用AddClaim带参数的扩展destinations

identity.AddClaim(ClaimTypes.Name, "Pinpoint",
     OpenIdConnectConstants.Destinations.AccessToken,
     OpenIdConnectConstants.Destinations.IdentityToken);
于 2015-11-19T14:34:40.623 回答