在 ASP.NET Core Web 应用程序中使用身份登录期间向用户添加声明

aspnetcore

github 存储库中提出问题解决了这个问题。 https://github.com/dotnet/aspnetcore/issues/46558 非常感谢@Piotr Stola 和@Jason Pan 的帮助！

第1步：

在

OnPostAsync

中的

Login.cshtml.cs

方法中，使用

_signInManager.SignInWithClaimsAsync

代替

_signInManager.PasswordSignInAsync

。

public async Task<IActionResult> OnPostAsync(string returnUrl = null) { returnUrl ??= Url.Content("~/"); if (ModelState.IsValid) { // Step 1: Check if this user exists in our AD // If YES: Grab the Employee Id and go to next step // If NO: Terminate the process var adLookupResult = // Call Active Directory and get EmployeeId of this user here if (adLookupResult == null || string.IsNullOrEmpty(adLookupResult.EmployeeId)) { ModelState.AddModelError(string.Empty, "User doesn't exist."); return Page(); } // Step 2: Check if the user exists in our Identity database (AspNetUsers table) var user = await _signInManager.UserManager.FindByNameAsync(Input.Email); if (user == null) { ModelState.AddModelError(string.Empty, "User doesn't exist."); return Page(); } // Step 3: Check the credentials of this user. var result = await _signInManager.CheckPasswordSignInAsync(user, Input.Password, lockoutOnFailure: false); if (result.Succeeded) { // Access 'EmployeeId' from Areas/Identity/Components/TakeABreak.razor // For eg: Emp123 is adLookupResult.EmployeeId that I retrieved from Active Directory in Step 1. var customClaims = new[] { new Claim("EmployeeId", "Emp123") }; await _signInManager.SignInWithClaimsAsync(user, Input.RememberMe, customClaims); _logger.LogInformation("User logged in."); return LocalRedirect(returnUrl); } else { ModelState.AddModelError(string.Empty, "Invalid login attempt."); return Page(); } } // If we got this far, something failed, redisplay form return Page(); }

第2步：

从任何 Razor 组件访问它。例如：我从

TakeABreak.razor

组件访问它（附图中的第 15 行）。

完整源代码

https://github.com/akhanalcs/blazor-server-auth/tree/feature/AddClaimsDuringLogin

如果放入中间件，之前的解决方案可能是一种解决方法。那太可怕了。

我们应该使用 CustomClaimsPrincipalFactory 来解决这个问题。

CustomClaimsPrincipalFactory.cs

using HMT.Web.Server.Areas.Identity; using Microsoft.AspNetCore.Identity; using Microsoft.Extensions.Options; using System.Security.Claims; namespace HMT.Web.Server { public class CustomClaimsPrincipalFactory : UserClaimsPrincipalFactory<HMTUser> { public CustomClaimsPrincipalFactory( UserManager<HMTUser> userManager, IOptions<IdentityOptions> optionsAccessor) : base(userManager, optionsAccessor) { } // This method is called only when login. It means that "the drawback // of calling the database with each HTTP request" never happen. public async override Task<ClaimsPrincipal> CreateAsync(HMTUser user) { var principal = await base.CreateAsync(user); if (principal.Identity != null) { //((ClaimsIdentity)principal.Identity).AddClaims( // new[] { new Claim("EmpId", user.EmpId) }); ((ClaimsIdentity)principal.Identity).AddClaims( new[] { new Claim("EmpId", "EmpId123") }); } return principal; } } }

Program.cs 或 Startup.cs

// Learned the hard way that this needs to be added after setting up Blazor (i.e. AddRazorPages, AddServerSideBlazor) - AshishK builder.Services.AddScoped<AuthenticationStateProvider, RevalidatingIdentityAuthenticationStateProvider<HMTUser>>(); builder.Services.AddScoped<IUserClaimsPrincipalFactory<HMTUser>, CustomClaimsPrincipalFactory>();

欲了解更多详情，您可以查看

链接

。

成功登录后，可以使用

---

HttpContext.User.AddIdentity

来实现。示例如下：

// Step 3: Add the EmployeeId to ClaimsPrincipal if (result.Succeeded) { HttpContext.User.AddIdentity(new ClaimsIdentity(new List<Claim> { new Claim(ClaimTypes.NameIdentifier, adLookupResult.EmployeeId) })); _logger.LogInformation("User logged in."); return LocalRedirect(returnUrl); }