Asp.Net Core google-signin oauth限制访问并获得g-suite角色 [英] Asp.Net Core google-signin oauth restrict access and get g-suite roles
问题描述
我正在制作一个具有Web视图的.NET Core应用程序,在这里我需要使用Google+登录对用户进行身份验证.我遵循了此步骤( https://docs.microsoft.com/zh-CN/aspnet/core/security/authentication/social/google-logins )教程,现在可以使用我的Google帐户登录用户.到目前为止一切顺利.
I am making a .NET Core application with web views where I need to authenticate users with Google+ sign-in. I followed this ( https://docs.microsoft.com/en-us/aspnet/core/security/authentication/social/google-logins ) tutorial, and can now sign in user my google account. So far so good.
如何将访问我的应用程序的权限限制为仅在特定域内的用户?
How do I restrict access to my application to only users within a certain domain?
如何检索在g-suite中定义的经过身份验证的用户角色?
How do I retrieve the authenticated users roles defined in g-suite?
我试图将范围添加到Startup.cs的身份验证选项中,但是我不知道如何提取/接收其中包含的信息.
I have tried to add scopes to the authentication options in Startup.cs, but I dont know how to extract/recieve the information contained in them.
app.UseGoogleAuthentication(new GoogleOptions()
{ Scope =
{ "https://www.googleapis.com/auth/admin.directory.domain.readonly",
"https://www.googleapis.com/auth/admin.directory.rolemanagement.readonly"
},
ClientId = Configuration["Authentication:Google:ClientId"],
ClientSecret = Configuration["Authentication:Google:ClientSecret"]
});
推荐答案
好吧,终于解决了我自己的问题...万一其他人遇到这个问题,就不要回答这个问题了.
Well, solved it my self in the end... Leaving this answer in case anyone else has this problem.
AccountController.ExternalLoginCallback()的代码段
Code snippet from AccountController.ExternalLoginCallback()
var info = await _signInManager.GetExternalLoginInfoAsync();
foreach (var claim in info.Principal.Claims)
{
System.Diagnostics.Debug.WriteLine("Type: " + claim.Type + " Value: " + claim.Value);
}
这将打印声明的列表,其中定义了角色和域(hd).
This will print the list of claims, where the roles and domain (hd) are defined.
或者,您可以在中间件(Startup.configure())中检索声明:
Or, you can retrieve the claims in the middleware (Startup.configure()):
app.UseGoogleAuthentication(new GoogleOptions()
{
Scope =
{ "https://www.googleapis.com/auth/admin.directory.domain.readonly",
"https://www.googleapis.com/auth/admin.directory.rolemanagement.readonly"
},
ClientId = Configuration["Authentication:Google:ClientId"],
ClientSecret = Configuration["Authentication:Google:ClientSecret"],
Events = new OAuthEvents()
{
OnTicketReceived = e =>
{
var claims = e.Principal.Claims;
// Do something with claims
return Task.CompletedTask;
}
}
});
这篇关于Asp.Net Core google-signin oauth限制访问并获得g-suite角色的文章就介绍到这了,希望我们推荐的答案对大家有所帮助,也希望大家多多支持IT屋!