如何解决Microsoft.Identity.Web:未触发OnTokenValidated事件
我要执行的操作是在身份验证后添加声明。
以下注册OnTokenValidation
事件的示例无法解决问题。该事件永远不会触发。
我正在使用Microsoft.Identity.Web
在Azure AD B2C上进行身份验证。那部分有效!
如何使用AddMicrosoftIdentityWebAppAuthentication
注册事件?
services.AddMicrosoftIdentityWebAppAuthentication(Configuration,"AzureAdB2C")
.EnabletokenAcquisitionToCallDownstreamApi(new string[] {Configuration["DemoApi:ServiceScope"]})
.AddInMemoryTokenCaches();
services.Configure<OpenIdConnectOptions>(AzureADB2CDefaults.OpenIdScheme,options =>
{
options.Events = new OpenIdConnectEvents
{
OnTokenValidated = ctx =>
{
//query groups with graph api to get the role
// add claims
var claims = new List<Claim>
{
new Claim(ClaimTypes.Role,"superadmin")
};
var appIdentity = new ClaimsIdentity(claims);
ctx.Principal.AddIdentity(appIdentity);
return Task.CompletedTask;
},};
});
解决方法
使用MicrosoftIdentityOptions:
services.Configure<MicrosoftIdentityOptions>(options =>
{
options.Events = new OpenIdConnectEvents
{
OnTokenValidated = async ctx =>
{
//add claims
var scopes = Configuration.GetValue<string>("DownstreamApi:Scopes")?.Split(' ');
var clientApp = ConfidentialClientApplicationBuilder
.Create(Configuration["AzureAD:ClientId"])
.WithTenantId(Configuration["AzureAD:TenantId"])
.WithClientSecret(Configuration["AzureAD:ClientSecret"])
.Build();
var authResult = await clientApp
.AcquireTokenOnBehalfOf(scopes,new UserAssertion(ctx.SecurityToken.RawData))
.ExecuteAsync().ConfigureAwait(false);
var graphClient = new GraphServiceClient(Configuration["DownstreamApi:BaseUrl"],new DelegateAuthenticationProvider(
requestMessage =>
{
requestMessage.Headers.Authorization = new AuthenticationHeaderValue("bearer",authResult.AccessToken);
return Task.CompletedTask;
}));
var identity = new ClaimsIdentity();
//https://graph.microsoft.com/1.0/me/transitiveMemberOf/microsoft.graph.group?$count=true&$select=displayName
var groups = await graphClient.Me.TransitiveMemberOf.Request().Select("displayName").GetAsync().ConfigureAwait(false);
while (groups != null && groups.Count > 0)
{
foreach (var g in groups)
{
if (!(g is Group groupItem)) continue;
identity.AddClaim(new Claim(ClaimTypes.Role,groupItem.DisplayName));
}
if (groups.NextPageRequest != null)
groups = await groups.NextPageRequest.GetAsync().ConfigureAwait(false);
else
break;
}
ctx.Principal.AddIdentity(identity);
}
};
});
services.AddMicrosoftIdentityWebAppAuthentication(Configuration);
版权声明:本文内容由互联网用户自发贡献,该文观点与技术仅代表作者本人。本站仅提供信息存储空间服务,不拥有所有权,不承担相关法律责任。如发现本站有涉嫌侵权/违法违规的内容, 请发送邮件至 dio@foxmail.com 举报,一经查实,本站将立刻删除。