Azure B2C如何检索内置用户声明/属性 [英] Azure B2C How to retrieve Built-In User Claims/Attributes

问题描述

我正在尝试使用内置用户属性和声明从Azure B2C检索一些非常基本的信息.

I am attempting to retrieve some very basic information from Azure B2C, using the Built-In User Attributes and Claims.

我只想回来

1. 给定名字
2. 姓氏
3. UserId
4. 电子邮件

(对我而言)B2C如何存储此内容尚不完全清楚... 登录/注销策略(用户属性)将电子邮件地址显示为字符串

Its not totally obvious (to me) how B2C is storing this content... The SignIn/SignOut Policy (User Attirubtes) displays Email Address as a string

，但登录/注销策略(应用程序声明)"将电子邮件地址显示为stringCollection

but the SignIn/SignOut Policy (Application Claims) displays Email Addresses as a stringCollection

使用以下代码，我尝试返回上述4个声明，但仅返回

Using the below code, I am attempting to return the 4 above Claims but only the

• UserId
• 列表项 通过.

• UserId
• List item are coming through.

我已经使用JWT.IO测试了返回令牌，并且我正在寻找索赔.

I have used the JWT.IO to test the return Token and the Claims I'm looking for are there.

最后，只是为了使事情变得更加陌生，MS似乎将我的电子邮件存储在UserName字段中，但没有显示我的Email字段?

Lastly, just to make things even stranger, MS seems to store my Email in a UserName field but doesn't show me an Email Field(s)?

我希望不必单独调用Graph API即可获得我想要的这2-3个字段.

I'm hoping to NOT have to make a seperate call to the Graph API in order to get these 2-3 fields I want.

我只是希望有人可以帮助我弄清楚我的代码出了什么问题.

I'm just hoping someone can help me clarify where my code is going wrong.

    var claimsIdentity = (ClaimsIdentity)HttpContext.User.Identity;
    var userIdClaim = claimsIdentity.Claims.SingleOrDefault(c => c.Type == ClaimTypes.NameIdentifier);
    if (userIdClaim != null)
    {
        userId = userIdClaim.Value;
        ViewData["userId"] = userId;
    }
    var GivenNameClaim = claimsIdentity.Claims.SingleOrDefault(c => c.Type == ClaimTypes.GivenName);
    if (GivenNameClaim != null)
    {
        GivenName = GivenNameClaim.Value;
        ViewData["GivenName"] = GivenName;
    }
    var SurNameClaim = claimsIdentity.Claims.SingleOrDefault(c => c.Type == ClaimTypes.Surname);
    if (SurName != null)
    {
        SurName = SurNameClaim.Value;
        ViewData["Surname"] = SurName;
    }
    var EmailClaim = claimsIdentity.Claims.SingleOrDefault(c => c.Type == ClaimTypes.Email);
    if (Email != null)
    {
        Email = EmailClaim.Value;
        ViewData["Email"] = Email;
    }

编辑

将以下内容添加到我的视图中很有帮助.

Adding the below to my view helped..

  @foreach (Claim claim in User.Claims)
    {
     <tr>
     <td>@claim.Type @claim.Subject</td>
     <td>@claim.Value</td>
     </tr>
    }

返回

• http://schemas.xmlsoap.org/ws/2005/05/identity/claims/nameidentifier 6902e027-e475-447c-8f7d-75f4451f85a4
• http://schemas.xmlsoap.org/ws/2005/05/identity/claims/givenname Tim
• http://schemas.xmlsoap.org/ws/2005/05/identity/claims/surname Cadieux
• 通过电子邮件发送给me@email.com

• http://schemas.xmlsoap.org/ws/2005/05/identity/claims/nameidentifier 6902e027-e475-447c-8f7d-75f4451f85a4
• http://schemas.xmlsoap.org/ws/2005/05/identity/claims/givenname Tim
• http://schemas.xmlsoap.org/ws/2005/05/identity/claims/surname Cadieux
• emails me@email.com

因此，我已将我的电子邮件更新为belwo，该电子邮件现在可用于3/4文件，它不返回电子邮件集合.

So I have updated me email to the belwo, which now works for 3/4 files, it does not return the collection of emails.

var Claims = User.Claims;
var SurNameClaim = Claims.SingleOrDefault(c => c.Type == ClaimTypes.Surname);
ViewData["Surname"] = SurNameClaim.Value;

var GivenNameClaim = Claims.SingleOrDefault(c => c.Type == ClaimTypes.GivenName);
ViewData["GivenName"] = GivenNameClaim.Value;

var ClientIdClaim = Claims.SingleOrDefault(c => c.Type == ClaimTypes.NameIdentifier);
ViewData["ClientId"] = ClientIdClaim.Value;

var EmailClaim = Claims.SingleOrDefault(c => c.Type == ClaimTypes.Email);
if (EmailClaim != null)
{
    ViewData["Email"] = EmailClaim.Value;
}
else
{
    ViewData["Email"] = "Is Null";
}

推荐答案

用户属性是aad B2C从用户那里收集的信息.因此，B2C仅收集一封电子邮件，电子邮件地址"是一个字符串. 索赔是B2C返回到依赖方应用程序的信息.既然这里可以有一封以上的电子邮件(来自多种资源，例如联合IDp，所以这是一个集合.

The user attributes is the information which aad B2C collects from user. So B2C collects only a single email, the 'email address' is a string. Claims is the information which B2C returns to the relying party app. since there can be more than one email here(coming from multiple resources, such as federated Idp, this is a collection.

您可以看到示例应用程序，以了解如何解析声明

you can see the sample app to see how to parse claims https://github.com/Azure-Samples/active-directory-b2c-dotnet-webapp-and-webapi/blob/master/TaskService/Controllers/TasksController.cs

如何读取值为数组的声明

How to read a claim whose value is array

List<string> emails = new List<string>();
  IEnumerable<Claim> emailClaims =  Claims.Where(c => c.Type == ClaimTypes.Email);

                if (emailClaims.Any())
                {
                    // get the roles' actual value
                    foreach (Claim claim in emailClaims)
                    {
                        emails.Add(claim.Value);
                    }                   
                }

这篇关于Azure B2C如何检索内置用户声明/属性的文章就介绍到这了，希望我们推荐的答案对大家有所帮助，也希望大家多多支持IT屋！