ASP.NET Core-向用户添加角色声明 [英] ASP.NET Core - Add role claim to User

问题描述

我有一个使用Windows身份验证的ASP.NET Core(基于.NET Framework).关键是，我需要对该用户添加角色声明，并且该角色存储在远程数据库中.

I've an ASP.NET Core (based on .NET Framework) using Windows Authentication. Point is, I need to add a role claim on that user and this role is stored in a distant database.

我已经阅读了很多有关OWIN/Cookie/UserManager/UserStore/Identity的内容，以至于我迷路了.

I've read so much thing about OWIN/Cookie/UserManager/UserStore/Identity and so on that I'm lost.

问题:如何以最简单的方式为整个应用程序中已登录(windows)的当前用户添加角色声明?

Question : How do I add a role claim for current user logged in (windows) for the whole application in the easiest way?

我需要的是轻松使用[Authorize(Role= "MyAddedRole")]或bool res = User.IsInRole("MyAddedRole")

What I need is to easily use [Authorize(Role= "MyAddedRole")] or bool res = User.IsInRole("MyAddedRole")

谢谢

推荐答案

回答自己，所以我做了什么:

Answering myself, so what I did :

创建我自己的UserClaimStore(我仅需要此商店，而无需其他商店):

Create my own UserClaimStore (I only need this store, not the others):

public class MyIdentityStore :
    IUserClaimStore<IdentityUser>
{
    private MyDbContext _myDbContext;
    private bool _disposed = false; 

    public MyIdentityStore(MyDbContext myDbContext)
    {
        _myDbContext = myDbContext;
    }

    #region IUserClaimStore
    public Task<IList<Claim>> GetClaimsAsync(IdentityUser user, CancellationToken cancellationToken)
    {
        // logic here to retrieve claims from my own database using _myDbContext
    }

    // All other methods from interface throwing System.NotSupportedException.
    #endregion

    #region IDisposable Support

    protected virtual void Dispose(bool disposing)
    { /* do cleanup */ }
    #endregion
}

然后创建了我自己的ClaimTransformer:

Then created my own ClaimTransformer :

public class MyClaimsTransformer : IClaimsTransformer
{
    private UserManager<IdentityUser> _userManager;

    public MyClaimsTransformer(UserManager<IdentityUser> userManager)
    {
        _userManager = userManager;
    }

    public async Task<ClaimsPrincipal> TransformAsync(ClaimsTransformationContext context)
    {
        var identity = ((ClaimsIdentity)context.Principal.Identity);

        // Accessing the UserClaimStore described above
        var claims = await _userManager.GetClaimsAsync(new IdentityUser(identity.Name));
        identity.AddClaims(claims);

        return await Task.FromResult(context.Principal);
    }
}

最后，在Startup.cs中:

Endly, in Startup.cs :

    public void ConfigureServices(IServiceCollection services)
    {
        /* All other stuff here */ 

        // Adding Database connection
        services.AddDbContext<MyDbContext>(o => /* my options */);

        // Associates our database and store to identity
        services.AddIdentity<IdentityUser, IdentityRole>()
            .AddEntityFrameworkStores<MyDbContext>()
            .AddUserStore<MyIdentityStore>();

        // Claims transformation from database to claims
        services.AddTransient<IClaimsTransformer, MyClaimsTransformer>();
    }


    public void Configure(IApplicationBuilder app, IHostingEnvironment env, ILoggerFactory loggerFactory)
    {
        /* All other stuff here */ 

        app.UseIdentity();

        app.UseClaimsTransformation(async (context) =>
        { // Retrieve user claims from database
            IClaimsTransformer transformer = context.Context.RequestServices.GetRequiredService<IClaimsTransformer>();
            return await transformer.TransformAsync(context);
        });
    }

现在我可以自由使用[Authorize(Roles = "MyRole")]或User.IsInRole("MyRole")甚至User.HasClaim(/* */)了！

And now I can freely use [Authorize(Roles = "MyRole")] or User.IsInRole("MyRole") or even User.HasClaim(/* */) !

这篇关于ASP.NET Core-向用户添加角色声明的文章就介绍到这了，希望我们推荐的答案对大家有所帮助，也希望大家多多支持IT屋！