.NET Core的Azure Apps EasyAuth声明 [英] Azure Apps EasyAuth claims with .NET Core
问题描述
我想编写一些ASP .NET Core中间件,以将Azure Apps EasyAuth HTTP标头转换为声明.我发现了两种实现方法:
-
解析EasyAuth在HTTP标头中提供的令牌.这似乎不是通用的解决方案,因为我必须编写代码来解析每个身份提供者的令牌.
-
向/.auth/me发出服务器端请求.这将返回一些JSON,我希望将其转换为声明,但是我不确定是否必须手动执行此操作,或者是否有对其的框架支持.
#2是最好的方法吗,它是否有任何框架支持?
根据您的描述,我发现了类似的 I want to write some ASP .NET Core middleware to turn the Azure Apps EasyAuth HTTP headers into claims. I've found two ways to do it: Parse the token that EasyAuth provides in the HTTP header. This doesn't seem like a generic solution as I'd have to write code to parse tokens for every identity provider. Make a server-side request to /.auth/me. This returns some JSON which I'd like to convert to claims but I'm not sure if I have to do this manually or there is framework support for it. Is #2 the best approach, and is there any framework support for it? According to your description, I found a similar issue. As I known, there is no any framework for you to achieve it currently. Based on my understanding, if you prefer to retrieve all claims when using Azure App Service EasyAuth, I assumed that you'd better make a server-side request to the in-build endpoint Startup.cs > Configure
这篇关于.NET Core的Azure Apps EasyAuth声明的文章就介绍到这了,希望我们推荐的答案对大家有所帮助,也希望大家多多支持IT屋!app.Use(async (context, next) =>
{
// Create a user on current thread from provided header
if (context.Request.Headers.ContainsKey("X-MS-CLIENT-PRINCIPAL-ID"))
{
// Read headers from Azure
var azureAppServicePrincipalIdHeader = context.Request.Headers["X-MS-CLIENT-PRINCIPAL-ID"][0];
var azureAppServicePrincipalNameHeader = context.Request.Headers["X-MS-CLIENT-PRINCIPAL-NAME"][0];
#region extract claims via call /.auth/me
//invoke /.auth/me
var cookieContainer = new CookieContainer();
HttpClientHandler handler = new HttpClientHandler()
{
CookieContainer = cookieContainer
};
string uriString = $"{context.Request.Scheme}://{context.Request.Host}";
foreach (var c in context.Request.Cookies)
{
cookieContainer.Add(new Uri(uriString), new Cookie(c.Key, c.Value));
}
string jsonResult = string.Empty;
using (HttpClient client = new HttpClient(handler))
{
var res = await client.GetAsync($"{uriString}/.auth/me");
jsonResult = await res.Content.ReadAsStringAsync();
}
//parse json
var obj = JArray.Parse(jsonResult);
string user_id = obj[0]["user_id"].Value<string>(); //user_id
// Create claims id
List<Claim> claims = new List<Claim>();
foreach (var claim in obj[0]["user_claims"])
{
claims.Add(new Claim(claim["typ"].ToString(), claim["val"].ToString()));
}
// Set user in current context as claims principal
var identity = new GenericIdentity(azureAppServicePrincipalIdHeader);
identity.AddClaims(claims);
#endregion
// Set current thread user to identity
context.User = new GenericPrincipal(identity, null);
};
await next.Invoke();
});
/.auth/me
to retrieve the claims as follows:app.Use(async (context, next) =>
{
// Create a user on current thread from provided header
if (context.Request.Headers.ContainsKey("X-MS-CLIENT-PRINCIPAL-ID"))
{
// Read headers from Azure
var azureAppServicePrincipalIdHeader = context.Request.Headers["X-MS-CLIENT-PRINCIPAL-ID"][0];
var azureAppServicePrincipalNameHeader = context.Request.Headers["X-MS-CLIENT-PRINCIPAL-NAME"][0];
#region extract claims via call /.auth/me
//invoke /.auth/me
var cookieContainer = new CookieContainer();
HttpClientHandler handler = new HttpClientHandler()
{
CookieContainer = cookieContainer
};
string uriString = $"{context.Request.Scheme}://{context.Request.Host}";
foreach (var c in context.Request.Cookies)
{
cookieContainer.Add(new Uri(uriString), new Cookie(c.Key, c.Value));
}
string jsonResult = string.Empty;
using (HttpClient client = new HttpClient(handler))
{
var res = await client.GetAsync($"{uriString}/.auth/me");
jsonResult = await res.Content.ReadAsStringAsync();
}
//parse json
var obj = JArray.Parse(jsonResult);
string user_id = obj[0]["user_id"].Value<string>(); //user_id
// Create claims id
List<Claim> claims = new List<Claim>();
foreach (var claim in obj[0]["user_claims"])
{
claims.Add(new Claim(claim["typ"].ToString(), claim["val"].ToString()));
}
// Set user in current context as claims principal
var identity = new GenericIdentity(azureAppServicePrincipalIdHeader);
identity.AddClaims(claims);
#endregion
// Set current thread user to identity
context.User = new GenericPrincipal(identity, null);
};
await next.Invoke();
});