在MVC Core App中使用AddAzureADB2C时将自定义声明添加到ClaimsPrincipal [英] Adding custom claims to ClaimsPrincipal when using AddAzureADB2C in MVC Core App

问题描述

使用天蓝色AzureADB2C进行身份验证时，我想将自定义声明添加到声明原则的门户中进行管理

When authentication using azure AzureADB2C I would like to add custom claims which are managed in the portal to the Claims Principle

current code in start up 
   services.AddAuthentication(AzureADB2CDefaults.AuthenticationScheme)
                .AddAzureADB2C(options => Configuration.Bind("AzureAdB2C", options));

我当时以为它应该像这样工作，但是在经过验证的令牌上永远不会被击中

I was thinking it should work something like this but on token validated is never hit

 services.AddAuthentication(AzureADB2CDefaults.AuthenticationScheme)
                .AddAzureADB2C(options => Configuration.Bind("AzureAdB2C", options))
                .AddJwtBearer(o =>
                    {
                        o.Events = new JwtBearerEvents
                                       {
                                           OnTokenValidated = async ctx =>
                                               {
                                                       var claims = new List<Claim> { new Claim("ConfidentialAccess", "true") };
                                                       var appIdentity = new ClaimsIdentity(claims);
                                                       ctx.Principal.AddIdentity(appIdentity);
                                               }
                                       };
                    });

推荐答案

通常，我们将使用OpenIdConnect中间件进行AAD身份验证.您可以使用以下代码行添加自定义声明.

In general, we would use OpenIdConnect middleware for AAD authentication. And you could use the following code lines for adding custom claim(s).

//OpenIdConnectOptions
options.Events = new OpenIdConnectEvents
{
    OnTokenValidated = context =>
    {   
        var claimsIdentity = (ClaimsIdentity)context.Principal.Identity;
        //add your custom claims here
        claimsIdentity.AddClaim(new Claim("test", "helloworld!!!"));

        return Task.FromResult(0);
    }
};

如果您使用的是 Microsoft.AspNetCore.Authentication来安装AzureADB2CAuthenticationBuilderExtensions.AddAzureADB2C .AzureADB2C.UI ，我认为您没有办法设置

If you are using AzureADB2CAuthenticationBuilderExtensions.AddAzureADB2C by installing package Microsoft.AspNetCore.Authentication.AzureADB2C.UI, I assumed that there is no approach for you to set OpenIdConnectEvents.OnTokenValidated.

来自 AzureB2. ，您可以在AddAzureADB2C方法下找到用于实例化OpenIdConnectOptions的代码行.

From AzureAdB2CAuthenticationBuilderExtensions.cs, you could find the code line under AddAzureADB2C method for instantiating OpenIdConnectOptions.

builder.Services.TryAddSingleton<IConfigureOptions<OpenIdConnectOptions>, OpenIdConnectOptionsConfiguration>();

对于 OpenIdConnectOptionsConfiguration.cs ，您可能发现没有机会设置OpenIdConnectOptions.Events.

For OpenIdConnectOptionsConfiguration.cs, you could find that you have no chance to set OpenIdConnectOptions.Events.

幸运的是，这是一个代码示例，分别定义了带有Azure AD B2C的ASP.NET Core Web应用.

Fortunately, here is a code sample which seperately defines AzureAdB2COptions.cs and OpenIdConnectOptionsSetup.cs. I assumed that you could follow my code snippet to modify the Configure method under OpenIdConnectOptionsSetup.cs to meet your requirement. Detailed tutorial you could follow An ASP.NET Core web app with Azure AD B2C.

这篇关于在MVC Core App中使用AddAzureADB2C时将自定义声明添加到ClaimsPrincipal的文章就介绍到这了，希望我们推荐的答案对大家有所帮助，也希望大家多多支持IT屋！