Can#39;t access Roles in JWT Token .NET Core(无法访问 JWT 令牌 .NET Core 中的角色)
问题描述
我有一个使用 .NET Core API、Keycloak 和 JWT Token 制作的应用程序.
I have an application made with .NET Core API, Keycloak and JWT Token.
到目前为止,我一直在使用旧版本的 Keycloak,当它创建 JWT 令牌时,它在有效负载上写入了角色:
The older version of Keycloak that I've been using so far, when it created the JWT Token it wrote the roles here on payload:
{
"user_roles": [
"offline_access",
"uma_authorization",
"admin",
"create-realm"
]
}
但是现在我更新它之后,它在payload上写了角色:
But now after I updated it, it's writing the roles here on payload:
{
"realm_access": {
"roles": [
"create-realm",
"teacher",
"offline_access",
"admin",
"uma_authorization"
]
},
}
我需要知道如何将这个旧代码更改为新代码,告诉它不要查看 user_roles,而是查看 realm_access 然后角色.
And I need to know how to change this old code to the new one, to tell that don't look at user_roles, but do look at realm_access then to roles.
public void AddAuthorization(IServiceCollection services)
{
services.AddAuthorization(options =>
{
options.AddPolicy("Administrator", policy => policy.RequireClaim("user_roles", "admin"));
options.AddPolicy("Teacher", policy => policy.RequireClaim("user_roles", "teacher"));
options.AddPolicy("Pupil", policy => policy.RequireClaim("user_roles", "pupil"));
options.AddPolicy(
"AdminOrTeacher",
policyBuilder => policyBuilder.RequireAssertion(
context => context.User.HasClaim(claim =>
claim.Type == "user_roles" && (claim.Value == "admin" || claim.Value == "teacher")
))
);
});
}
推荐答案
以下代码会将 Keycloak (v4.7.0) 中的realm_access.roles"-claim (JWT Token) 转换为 Microsoft Identity Model 角色声明:
The following code will transform "realm_access.roles"-claim (JWT Token) from Keycloak (v4.7.0) into Microsoft Identity Model role-claims:
public void ConfigureServices(IServiceCollection services)
{
...
services.AddTransient<IClaimsTransformation, ClaimsTransformer>();
...
}
public class ClaimsTransformer : IClaimsTransformation
{
public Task<ClaimsPrincipal> TransformAsync(ClaimsPrincipal principal)
{
ClaimsIdentity claimsIdentity = (ClaimsIdentity)principal.Identity;
// flatten realm_access because Microsoft identity model doesn't support nested claims
// by map it to Microsoft identity model, because automatic JWT bearer token mapping already processed here
if (claimsIdentity.IsAuthenticated && claimsIdentity.HasClaim((claim) => claim.Type == "realm_access"))
{
var realmAccessClaim = claimsIdentity.FindFirst((claim) => claim.Type == "realm_access");
var realmAccessAsDict = JsonConvert.DeserializeObject<Dictionary<string, string[]>>(realmAccessClaim.Value);
if (realmAccessAsDict["roles"] != null)
{
foreach (var role in realmAccessAsDict["roles"])
{
claimsIdentity.AddClaim(new Claim(ClaimTypes.Role, role));
}
}
}
return Task.FromResult(principal);
}
}
这篇关于无法访问 JWT 令牌 .NET Core 中的角色的文章就介绍到这了,希望我们推荐的答案对大家有所帮助,也希望大家多多支持编程学习网!
本文标题为:无法访问 JWT 令牌 .NET Core 中的角色
- C#MongoDB使用Builders查找派生对象 2022-09-04
- 如何用自己压缩一个 IEnumerable 2022-01-01
- WebMatrix WebSecurity PasswordSalt 2022-01-01
- 带有服务/守护程序应用程序的 Microsoft Graph CSharp SDK 和 OneDrive for Business - 配额方面返回 null 2022-01-01
- MoreLinq maxBy vs LINQ max + where 2022-01-01
- Web Api 中的 Swagger .netcore 3.1,使用 swagger UI 设置日期时间格式 2022-01-01
- 在哪里可以找到使用中的C#/XML文档注释的好例子? 2022-01-01
- C# 中多线程网络服务器的模式 2022-01-01
- 良好实践:如何重用 .csproj 和 .sln 文件来为 CI 创建 2022-01-01
- 输入按键事件处理程序 2022-01-01
