如何强制更新自定义用户声明? [英] How to force update custom user claims?
问题描述
我向我的ApplicationUser类添加了一个自定义声明,如下所示:
I've got a custom claim added to my ApplicationUser class as follows:
public class ApplicationUser : IdentityUser
{
public async Task<ClaimsIdentity> GenerateUserIdentityAsync(UserManager<ApplicationUser> manager)
{
var userIdentity = await manager.CreateIdentityAsync(this, DefaultAuthenticationTypes.ApplicationCookie);
// Add custom user claims here
if(Theme != null)
userIdentity.AddClaim(new Claim("ThemeBundle", Theme.Bundle));
return userIdentity;
}
public int? ThemeId { get; set; }
[ForeignKey("ThemeId")]
public virtual Theme Theme { get; set; }
}
我这样扩展了身份:
public static class IdentityExtensions
{
public static string GetThemeBundle(this IIdentity identity)
{
var claim = ((ClaimsIdentity) identity).FindFirst("ThemeBundle");
// Test for null to avoid issues during testing
return (claim != null) ? claim.Value : string.Empty;
}
}
我通过以下操作方法更新了索赔背后的模型:
I update the model behind the claim from the following Action Method:
public ActionResult ChangeTheme(int id)
{
var theme = _db.Themes.Find(id);
if (theme == null)
return HttpNotFound();
var userId = User.Identity.GetUserId();
var user = _db.Users.Find(userId);
user.Theme = theme;
_db.SaveChanges();
return RedirectToAction("Index", "Home");
}
我在这样的视图(或其他位置)中访问它:
I access it in a view (or elsewhere) like this:
User.Identity.GetThemeBundle()
当用户通过"ChangeTheme"操作更新其"Theme"属性时,直到他们注销并重新登录后,一切都不会发生.
When the user updates their "Theme" property with the "ChangeTheme" action, nothing happens until they log off and log back in.
我整天都在考虑以下QA,但收效不佳:
I've spent all day mulling over more than the following QA's with no good result:
感谢@Brendan Green: ASP. NET身份-强制使用安全戳重新登录
And thanks to @Brendan Green: ASP.NET Identity - Forcing a re-login with security stamp
到目前为止,我得到的最好的结果是页面将刷新,并且声明返回一个空字符串而不是所需的结果,或者我将用户重定向到登录屏幕.至少那些东西比什么都没有的模棱两可.
So far the best I've got is that the page will refresh and the claim returns an empty string instead of the desired result, OR I redirect the user to the login screen. At least those are less ambiguous than nothing happening.
当用户更改其主题"属性后,如何才能在全球范围内进行更新?我希望找到一个很好的方法来完全注销用户,然后在需要时重新登录.使用AuthenticationManager.Signout和.Signin方法并不能解决问题.
How on earth can I get the claim to update globally as soon as the user changes their "Theme" property? I'd settle for a good way to fully log the user off and back on if needed. Using the AuthenticationManager.Signout and .Signin methods doesn't quite do the trick.
推荐答案
从 Asp.Net MVC 6 和 Asp.Identity 3.0.0-rc1-final 开始,可以使用Task SignInManager<TUser>.RefreshSignInAsync(TUser user);
来做到这一点.
As of Asp.Net MVC 6 and Asp.Identity 3.0.0-rc1-final you could use Task SignInManager<TUser>.RefreshSignInAsync(TUser user);
in order to do that.
这篇关于如何强制更新自定义用户声明?的文章就介绍到这了,希望我们推荐的答案对大家有所帮助,也希望大家多多支持IT屋!