1
目前,我正在使用角色4 &網絡核心1.1進行SPA。我的系統使用JWT來檢查用戶身份。每次用戶訪問我的系統,我想檢查他/她的身份(狀態,角色)在數據庫中並更新到HttpContext.Identity。將更多聲明插入到身份驗證的OnTokenValidated事件中JWT持票人
這裏是我的代碼:
OnTokenValidated = async context =>
{
// Find unit of work.
var unitOfWork = context.HttpContext.RequestServices.GetService<IUnitOfWork>();
var identityService = context.HttpContext.RequestServices.GetService<IIdentityService>();
// Find claim identity attached to principal.
var claimIdentity = (ClaimsIdentity)context.Ticket.Principal.Identity;
// Find email from claims list.
var email =
claimIdentity.Claims.Where(x => x.Type.Equals(ClaimTypes.Email))
.Select(x => x.Value)
.FirstOrDefault();
// Email is invalid.
if (string.IsNullOrEmpty(email))
return;
// Find account information.
var condition = new SearchAccountViewModel();
condition.Email = new TextSearch();
condition.Email.Value = email;
condition.Email.Mode = TextComparision.Equal;
// Find accounts based on conditions.
var accounts = unitOfWork.RepositoryAccounts.Search();
accounts = unitOfWork.RepositoryAccounts.Search(accounts, condition);
// Find the first matched account in the system.
var account = await accounts.FirstOrDefaultAsync();
// Account is not found.
if (account == null)
return;
var identity = (ClaimsIdentity) identityService.InitiateIdentity(account);
identity.AddClaim(new Claim(ClaimTypes.Role, Enum.GetName(typeof(Roles), account.Role)));
identity.AddClaim(new Claim(ClaimTypes.Authentication, Enum.GetName(typeof(Statuses), account.Status)));
context.HttpContext.User = new ClaimsPrincipal(identity);
}
在我AccountController.cs我有一個函數:
/// <summary>
/// Find personal profile.
/// </summary>
/// <returns></returns>
[HttpGet("personal-profile")]
public IActionResult FindProfile()
{
var identity = (ClaimsIdentity) Request.HttpContext.User.Identity;
var claims = identity.Claims.ToDictionary(x => x.Type, x => x.Value);
return Ok(claims);
}
下面是結果我:
{
"http://schemas.xmlsoap.org/ws/2005/05/identity/claims/emailaddress": "[email protected]",
"http://schemas.xmlsoap.org/ws/2005/05/identity/claims/name": "Goldarina Wharrier",
"auth_time": "1494072536661.38",
"nbf": "1494043736",
"exp": "1494047336",
"iss": "iConfess Ordinary",
"aud": "http://localhost:5001"
}
無角色或地位已被納入身份。 我的問題是: - 在驗證令牌並在數據庫中搜索用戶信息後,如何將更多聲明添加到請求標識中。
任何人都可以幫助我嗎?
謝謝
所以,如果我理解正確的..你是調用API返回的權利要求?爲什麼你沒有從客戶端的jwt獲取索賠? – Mardoxx
如果用戶不再允許系統運行,會發生什麼情況。例如,昨天我向您提供了一個令牌以訪問我的系統,但今天,我將您的帳戶狀態更改爲「禁用」以阻止您的訪問。我的目的是驗證令牌並用來自數據庫的更多聲明更新它。 – Redplane
縮短您的令牌壽命! – Mardoxx