.NET Core 的 Azure 应用 EasyAuth 声明 [英] Azure Apps EasyAuth claims with .NET Core

问题描述

我想编写一些 ASP .NET Core 中间件来将 Azure Apps EasyAuth HTTP 标头转换为声明.我找到了两种方法:

I want to write some ASP .NET Core middleware to turn the Azure Apps EasyAuth HTTP headers into claims. I've found two ways to do it:

1. 解析 EasyAuth 在 HTTP 标头中提供的令牌.这似乎不是一个通用的解决方案，因为我必须编写代码来解析每个身份提供者的令牌.

1. Parse the token that EasyAuth provides in the HTTP header. This doesn't seem like a generic solution as I'd have to write code to parse tokens for every identity provider.

向/.auth/me 发出服务器端请求.这将返回一些我想转换为声明的 JSON，但我不确定是否必须手动执行此操作，或者是否有框架支持.

Make a server-side request to /.auth/me. This returns some JSON which I'd like to convert to claims but I'm not sure if I have to do this manually or there is framework support for it.

#2 是否是最好的方法，是否有任何框架支持?

Is #2 the best approach, and is there any framework support for it?

推荐答案

根据你的描述，我发现了一个类似的问题.据我所知，目前没有任何框架可以让您实现它.根据我的理解，如果您希望在使用 Azure 应用服务 EasyAuth 时检索所有声明，我认为您最好向内置端点 /.auth/me 发出服务器端请求检索声明如下:

According to your description, I found a similar issue. As I known, there is no any framework for you to achieve it currently. Based on my understanding, if you prefer to retrieve all claims when using Azure App Service EasyAuth, I assumed that you'd better make a server-side request to the in-build endpoint /.auth/me to retrieve the claims as follows:

Startup.cs > 配置

app.Use(async (context, next) =>
{
    // Create a user on current thread from provided header
    if (context.Request.Headers.ContainsKey("X-MS-CLIENT-PRINCIPAL-ID"))
    {
        // Read headers from Azure
        var azureAppServicePrincipalIdHeader = context.Request.Headers["X-MS-CLIENT-PRINCIPAL-ID"][0];
        var azureAppServicePrincipalNameHeader = context.Request.Headers["X-MS-CLIENT-PRINCIPAL-NAME"][0];

        #region extract claims via call /.auth/me
        //invoke /.auth/me
        var cookieContainer = new CookieContainer();
        HttpClientHandler handler = new HttpClientHandler()
        {
            CookieContainer = cookieContainer
        };
        string uriString = $"{context.Request.Scheme}://{context.Request.Host}";
        foreach (var c in context.Request.Cookies)
        {
            cookieContainer.Add(new Uri(uriString), new Cookie(c.Key, c.Value));
        }
        string jsonResult = string.Empty;
        using (HttpClient client = new HttpClient(handler))
        {
            var res = await client.GetAsync($"{uriString}/.auth/me");
            jsonResult = await res.Content.ReadAsStringAsync();
        }

        //parse json
        var obj = JArray.Parse(jsonResult);
        string user_id = obj[0]["user_id"].Value<string>(); //user_id

        // Create claims id
        List<Claim> claims = new List<Claim>();
        foreach (var claim in obj[0]["user_claims"])
        {
            claims.Add(new Claim(claim["typ"].ToString(), claim["val"].ToString()));
        }

        // Set user in current context as claims principal
        var identity = new GenericIdentity(azureAppServicePrincipalIdHeader);
        identity.AddClaims(claims); 
        #endregion

        // Set current thread user to identity
        context.User = new GenericPrincipal(identity, null);
    };

    await next.Invoke();
});

这篇关于.NET Core 的 Azure 应用 EasyAuth 声明的文章就介绍到这了，希望我们推荐的答案对大家有所帮助，也希望大家多多支持IT屋！