获得STS和AngularJS索赔 [英] Get Claims from STS and AngularJS

问题描述

我目前使用ADFS作为STS和依赖方与ASP.NET MVC，其配置与身份访问工具来实现。依赖方是使用.NET WSFederationAuthenticationModule，所以我可以从登录的用户索赔与

I currently use ADFS as a STS and the relying parties are implemented with ASP.NET MVC which are configured with the Identity Access Tool. The relying party is using the .NET WSFederationAuthenticationModule so I can get the claims from the logged in user with

((System.Security.Claims.ClaimsPrincipal)User).Claims

现在我想要切换到angularjs，我问我自己如何才能实现这一目标？
首先我想在服务器端建立angularjs HTML页面，所以我仍然可以使用身份验证机制从WSFederationAuthenticationModule。

Now I want to switch to angularjs and I ask my self how can this be achieved? First of all I would like to create the angularjs html page on the server side so I can still use the authentication mechanism from the WSFederationAuthenticationModule.

但我不知道如何让用户要求到我angularjs的应用程序以安全的方式。一个其他的问题我已经是，我怎么能保证的WebAPI与登录用户当前的呼叫。根据用户的要求，他被允许做具体的WebAPI调用。

But I don't know how to get the user claims into my angularjs app in a secure way. An other question I have is, how I can secure webapi calls with the current logged in user. Based on user claims he is allowed to do specific webapi calls.

我读了angularjs和的WebAPI正在使用类似的安全令牌交换。
已经有人这样做过，或者你可以给我一些建议如何实现这一点？

I read that the angularjs and webapi are using something like secure token exchange. Has someone done this before or can you give me some advice how to realize this?

感谢

推荐答案

您可以尝试渲染包含托管AngularJS APP与Asp.NET MVC页面，并尝试这样的事：

You can try render the Page which contains the hosted AngularJS APP with Asp.NET MVC and try something like this:

<script>
    @{var last = ((System.Security.Claims.ClaimsPrincipal)User).Claims.Last();}
    var user = {
    @foreach (var claim in ((System.Security.Claims.ClaimsPrincipal)User).Claims)
    {
        @claim.Type<text>:</text>@claim.Value if(claim!=last){<text>,</text>} @Environment.NewLine;
    }
    };
</script>

这code是仅用于演示。你应该密文的索赔。对于固定的WebAPI，你可以使用Web API令牌认证与加密的要求。

This code is only for demonstration. You should cipher the claims. For securing the webapi you can use web api token authentication with the encrypted claims.

这是不是最好的解决办法，但一个可能的方式来实现你的目的。

It's not the best solution, but one possible way to realise your purpose.

这篇关于获得STS和AngularJS索赔的文章就介绍到这了，希望我们推荐的答案对大家有所帮助，也希望大家多多支持IT屋！