添加角色声明 - 我应该使用 IClaimsTransformer [英] Adding role claims - should i use the IClaimsTransformer

问题描述

我们想向当前主体添加很多角色声明(我们使用了Authorize(Roles) 属性)，并发现IClaimsTransformer 看起来像一个完美贴合.

We would like to add a lot of role claims to the current principal (we use the Authorize(Roles) attribute), and found the IClaimsTransformer that looks like a perfect fit.

我们是这样注册的

 app.UseClaimsTransformation(new ClaimsTransformationOptions
        {
            Transformer = new GetRolesFromDatabaseClaimsTransformer(new RoleManager2(Configuration.GetConnectionString("ourcoolapp")))
        });

转换是这样的:

public Task<ClaimsPrincipal> TransformAsync(ClaimsTransformationContext context)
{
        // A hacky way to not load on all requests. Better ideas?
        if (!context.Context.Request.Path.Value.Contains("api/"))
        {
            return Task.FromResult(context.Principal);
        }

        var roleClaims = RoleManager.GetRolesForUser(context.Principal.Identity.Name).Select(roleName => new Claim("role", roleName));

        var claims = new List<Claim> { };
        var identity = context.Principal.Identity as ClaimsIdentity;
        claims.AddRange(identity.Claims);
        claims.AddRange(roleClaims);

        var userIdentity = new ClaimsIdentity(claims, "local");
        var userPrinicpal = new ClaimsPrincipal(userIdentity);

        return Task.FromResult(userPrinicpal);
}

问题:是否有其他更明智的方法来添加角色声明?

Question: Are there alternative, or smarter ways of adding the role claims?

谢谢

拉西

推荐答案

另一个选项可以是 UserClaimsPrincipalFactory

它提供了为给定用户创建声明主体的方法，您可以像 ClaimsTransformer 一样对其进行自定义.

It provides methods to create claims principal for a given user and you can customize it just like ClaimsTransformer.

默认情况下，它添加 UserName 和 UserId 来声明集合.为了自定义它，您可以从 UserClaimsPrincipalFactory 驱动并覆盖 CreateAsync

By default It adds UserName and UserId to claim collection. In order to customize it you can driver from UserClaimsPrincipalFactory and override CreateAsync

public class AppClaimsPrincipalFactory : UserClaimsPrincipalFactory<User, Role>
{
    public AppClaimsPrincipalFactory(UserManager<User> userManager,
        RoleManager<Role> roleManager,
        IOptions<IdentityOptions> optionsAccessor, 
        ILogger<AppClaimsPrincipalFactory> logger) 
        : base(userManager, roleManager, optionsAccessor)
    {
        logger.LogInformation("AppClaimsPrincipalFactory ctor");
    }

    public override async Task<ClaimsPrincipal> CreateAsync(User user)
    {
        var principal = await base.CreateAsync(user);
        ((ClaimsIdentity)principal.Identity).AddClaims(new []
        {
            new Claim("Foo", "Bar"), 
        });

        return principal;
    }
}

并在 DI 中注册工厂:

And Register the Factory in DI:

services.AddScoped<IUserClaimsPrincipalFactory<User>,  AppClaimsPrincipalFactory>();  

每当用户请求声明时，它都会更改/覆盖声明.
有关更多信息，请查看 GitHub.

It will change/override the claim whenever the user's claims requested.
For more info take a look at source at GitHub.

这篇关于添加角色声明 - 我应该使用 IClaimsTransformer的文章就介绍到这了，希望我们推荐的答案对大家有所帮助，也希望大家多多支持IT屋！