526互联

Blazor与IdentityServer4的集成的角色获取(转)

发布时间 2023-09-12 15:00:44作者: ccqin

转自大佬Blazor与IdentityServer4的集成(六)_blazorserver microsoft.aspnetcore.identity.core_65号腕的博客-CSDN博客

services.AddAuthentication(options =>
{
    options.DefaultScheme = "Cookies";
    options.DefaultChallengeScheme = "oidc";
})
    .AddCookie("Cookies")
    .AddOpenIdConnect("oidc", options =>
    {
        //...
        //添加以下代码
        //指定从Identity Server的UserInfo地址来取Claim
        options.GetClaimsFromUserInfoEndpoint = true;
        //指定要取哪些资料(除Profile之外,Profile是默认包含的)
        options.Scope.Add("role");
        options.Scope.Add("permission");
        //这里是个ClaimType的转换,Identity Server的ClaimType和Blazor中间件使用的名称有区别,需要统一。
        options.TokenValidationParameters.RoleClaimType = "role";
        options.TokenValidationParameters.NameClaimType = "name";
        options.Events.OnUserInformationReceived = (context) =>
            {
                //回顾之前关于WebAssembly的例子,涉及到数组的转换,这里也一样要处理

                ClaimsIdentity claimsId = context.Principal.Identity as ClaimsIdentity;

                var roleElement = context.User.RootElement.GetProperty("role");
                if (roleElement.ValueKind == System.Text.Json.JsonValueKind.Array)
                {
                    var roles = context.User.RootElement.GetProperty("role").EnumerateArray().Select(e =>
                    {
                        return e.ToString();
                    });
                    claimsId.AddClaims(roles.Select(r => new Claim("role", r)));
                }
                else
                {
                    claimsId.AddClaim(new Claim("role", roleElement.ToString()));
                }

                var permissionElement = context.User.RootElement.GetProperty("permission");
                if (permissionElement.ValueKind == System.Text.Json.JsonValueKind.Array)
                {
                    var permissions = permissionElement.EnumerateArray().Select(e =>
                    {
                        return e.ToString();
                    });
                    claimsId.AddClaims(permissions.Select(p => new Claim("permission", p)));
                }
                else
                {
                    claimsId.AddClaim(new Claim("permission", permissionElement.ToString()));
                }


                return Task.CompletedTask;
            };
    });

// 这里是基于决策的授权操作,WebAssembly的例子中有相关的说明,Blazor Server的使用方式也一样
services.AddAuthorizationCore(option =>
{
    string[] permissions = new string[]
    {
        "create",
        "retrieve",
        "update",
        "delete"
    };
    foreach (var p in permissions)
    {
        option.AddPolicy(p, policy =>
        {
            policy.RequireClaim("permission", new string[] { p });
        });
    }
});