转自大佬Blazor与IdentityServer4的集成(六)_blazorserver microsoft.aspnetcore.identity.core_65号腕的博客-CSDN博客
services.AddAuthentication(options => { options.DefaultScheme = "Cookies"; options.DefaultChallengeScheme = "oidc"; }) .AddCookie("Cookies") .AddOpenIdConnect("oidc", options => { //... //添加以下代码 //指定从Identity Server的UserInfo地址来取Claim options.GetClaimsFromUserInfoEndpoint = true; //指定要取哪些资料(除Profile之外,Profile是默认包含的) options.Scope.Add("role"); options.Scope.Add("permission"); //这里是个ClaimType的转换,Identity Server的ClaimType和Blazor中间件使用的名称有区别,需要统一。 options.TokenValidationParameters.RoleClaimType = "role"; options.TokenValidationParameters.NameClaimType = "name"; options.Events.OnUserInformationReceived = (context) => { //回顾之前关于WebAssembly的例子,涉及到数组的转换,这里也一样要处理 ClaimsIdentity claimsId = context.Principal.Identity as ClaimsIdentity; var roleElement = context.User.RootElement.GetProperty("role"); if (roleElement.ValueKind == System.Text.Json.JsonValueKind.Array) { var roles = context.User.RootElement.GetProperty("role").EnumerateArray().Select(e => { return e.ToString(); }); claimsId.AddClaims(roles.Select(r => new Claim("role", r))); } else { claimsId.AddClaim(new Claim("role", roleElement.ToString())); } var permissionElement = context.User.RootElement.GetProperty("permission"); if (permissionElement.ValueKind == System.Text.Json.JsonValueKind.Array) { var permissions = permissionElement.EnumerateArray().Select(e => { return e.ToString(); }); claimsId.AddClaims(permissions.Select(p => new Claim("permission", p))); } else { claimsId.AddClaim(new Claim("permission", permissionElement.ToString())); } return Task.CompletedTask; }; }); // 这里是基于决策的授权操作,WebAssembly的例子中有相关的说明,Blazor Server的使用方式也一样 services.AddAuthorizationCore(option => { string[] permissions = new string[] { "create", "retrieve", "update", "delete" }; foreach (var p in permissions) { option.AddPolicy(p, policy => { policy.RequireClaim("permission", new string[] { p }); }); } });
- IdentityServer4 IdentityServer 角色 Blazoridentityserver4 identityserver角色blazor identityserver4 identityserver4 identityserver tokenrequestvalidator identityserver4 identityserver identityserver4 identityserver ocelot net6 identityserver4 identityserver net v4 identityserver4 identityserver密码 模式 identityserver4 identityserver证书 问题 identityserver4 identityserver客户端 模式 identityserver4 identityserver客户端 客户