Asp.Net Core google-signin oauth限制访问并获得g-suite角色 [英] Asp.Net Core google-signin oauth restrict access and get g-suite roles

问题描述

我正在制作一个具有Web视图的.NET Core应用程序，在这里我需要使用Google+登录对用户进行身份验证.我遵循了此步骤( https://docs.microsoft.com/zh-CN/aspnet/core/security/authentication/social/google-logins )教程，现在可以使用我的Google帐户登录用户.到目前为止一切顺利.

I am making a .NET Core application with web views where I need to authenticate users with Google+ sign-in. I followed this ( https://docs.microsoft.com/en-us/aspnet/core/security/authentication/social/google-logins ) tutorial, and can now sign in user my google account. So far so good.

如何将访问我的应用程序的权限限制为仅在特定域内的用户?

How do I restrict access to my application to only users within a certain domain?

如何检索在g-suite中定义的经过身份验证的用户角色?

How do I retrieve the authenticated users roles defined in g-suite?

我试图将范围添加到Startup.cs的身份验证选项中，但是我不知道如何提取/接收其中包含的信息.

I have tried to add scopes to the authentication options in Startup.cs, but I dont know how to extract/recieve the information contained in them.

        app.UseGoogleAuthentication(new GoogleOptions()
        {   Scope =
            {   "https://www.googleapis.com/auth/admin.directory.domain.readonly",
                "https://www.googleapis.com/auth/admin.directory.rolemanagement.readonly"
            }, 
            ClientId = Configuration["Authentication:Google:ClientId"],
            ClientSecret = Configuration["Authentication:Google:ClientSecret"]
        });

推荐答案

好吧，终于解决了我自己的问题...万一其他人遇到这个问题，就不要回答这个问题了.

Well, solved it my self in the end... Leaving this answer in case anyone else has this problem.

AccountController.ExternalLoginCallback()的代码段

Code snippet from AccountController.ExternalLoginCallback()

    var info = await _signInManager.GetExternalLoginInfoAsync();
    foreach (var claim in info.Principal.Claims)
    {
        System.Diagnostics.Debug.WriteLine("Type: " + claim.Type + " Value: " + claim.Value);
    }

这将打印声明的列表，其中定义了角色和域(hd).

This will print the list of claims, where the roles and domain (hd) are defined.

或者，您可以在中间件(Startup.configure())中检索声明:

Or, you can retrieve the claims in the middleware (Startup.configure()):

    app.UseGoogleAuthentication(new GoogleOptions()
    {
        Scope =
        {   "https://www.googleapis.com/auth/admin.directory.domain.readonly",
            "https://www.googleapis.com/auth/admin.directory.rolemanagement.readonly"
        },
        ClientId = Configuration["Authentication:Google:ClientId"],
        ClientSecret = Configuration["Authentication:Google:ClientSecret"],
        Events = new OAuthEvents()
        {
            OnTicketReceived = e =>
            {
                var claims = e.Principal.Claims;
                // Do something with claims
                return Task.CompletedTask;
            }
        }
    });

这篇关于Asp.Net Core google-signin oauth限制访问并获得g-suite角色的文章就介绍到这了，希望我们推荐的答案对大家有所帮助，也希望大家多多支持IT屋！