英文:
Blazor WebAssembly + Identity Server - retrieving additional user permissions (claims?) after successful authentication
问题
-
我有两个独立的项目:
-
一个使用IdentityServer4和ASP.NET Identity的ASP.NET Core托管身份提供者
-
一个使用Duende BFF与身份提供者通信并登录用户的Blazor WebAssembly应用程序
两者都有各自独立的数据库。
到目前为止,我已经成功使这两个项目进行通信,以便在Blazor应用程序识别到没有用户登录时自动重定向到身份提供者。用户随后可以登录到身份提供者,然后被重定向回Blazor应用程序,其声明将被显示。
Blazor应用程序将需要大量与该应用程序相关的用户权限。我的打算是在Blazor数据库中有一个单独的用户详细信息表,然后在用户经过身份验证后引用该表以获取这些权限。
我现在不太明白的是:当身份提供者返回用户的相关声明(特别是电子邮件声明)返回Blazor时,我应该如何使用这些声明来查找我的Blazor用户详细信息数据库中的用户,以便获取他们的权限并将它们存储在会话中?还是应该将这些额外信息存储为附加声明?
英文:
I have two separate projects:
- an ASP.NET Core hosted identity provider that makes use of IdentityServer4 and ASP.NET Identity
- A Blazor WebAssembly app that uses Duende BFF to communicate with the identity provider and log users in
Both have their own separate databases.
So far I have been able to get the two to communicate so that the Blazor app automatically redirects to the identity provider upon regonising that nobody is logged in. The user can then sign in to the identity provider and they are redirected back to the Blazor app where their claims are displayed.
The Blazor app is going to require lots of user permissions that are relevant to this app only. What I intend to do is have a separate user details table in the Blazor database which I then reference for these permissions after the user has been authenticated.
What I'm struggling to figure out is this: when the identity provider returns the user to Blazor with their relevant claims, how do I then use these claims (specifically, the email address claim) to look up the user in my Blazor user details database so that I can get their permissions and store them in session? Ors should I be storing this extra information as additional claims?
答案1
得分: 1
"the AddOpenIDConnect handler in Blazor provides various event handlers that you can hook into, espcially the OnTokenValidated eventhanler.":
Blazor 中的 AddOpenIDConnect 处理程序提供了各种事件处理程序,您可以钩入其中,尤其是 OnTokenValidated 事件处理程序。
"This handler is a perfect opportunity to lookup the local user infomation based on for example the subject (sub) clain in the received ID-token.":
这个处理程序是查找本地用户信息的绝佳机会,例如基于接收到的 ID 令牌中的主题 (sub) 声明。
"I think this blog post here provides a good intoduction on how to do it.":
我认为这篇博文 这里 提供了一个很好的介绍如何做到这一点。
"To complement this answer, I wrote a blog post that goes into more detail
about this topic: Debugging OpenID Connect claim problems in ASP.NET Core":
为了补充这个答案,我写了一篇博文,更详细地讨论了这个主题:在 ASP.NET Core 中调试 OpenID 连接声明问题
英文:
the AddOpenIDConnect handler in Blazor provides various event handlers that you can hook into, espcially the OnTokenValidated eventhanler.
This handler is a perfect opportunity to lookup the local user infomation based on for example the subject (sub) clain in the received ID-token.
I think this blog post here provides a good intoduction on how to do it.
To complement this answer, I wrote a blog post that goes into more detail
about this topic: Debugging OpenID Connect claim problems in ASP.NET Core
通过集体智慧和协作来改善编程学习和解决问题的方式。致力于成为全球开发者共同参与的知识库,让每个人都能够通过互相帮助和分享经验来进步。
评论