我在Azure中创建了WebApp。我有基于AzureAD的认证...在Web应用程序中获取Azure角色
其实所有的用户都有相同的权利......我需要有一组管理员和世界其他地方。
我看到,在Azure的门户我的web应用程序有一些地方角色中列出的Acces control (IAM)
... 我可以在我的应用程序使用这些角色?
其实我在我看来,做的是:
如果我理解正确的是被命名为“基于声明”的认证,但我想尝试使用角色 Based验证...
我想也是这样做
var userIdentity = (System.Security.Claims.ClaimsIdentity)User.Identity;
var claims = userIdentity.Claims;
var roleClaimType = userIdentity.RoleClaimType;
var roles = claims.Where(c => c.Type == System.Security.Claims.ClaimTypes.Role).ToList();
但角色列表是空的...
这里是在public void Configure(IApplicationBuilder app,...
app.UseOpenIdConnectAuthentication(new OpenIdConnectOptions
{
ClientId = Configuration["Authentication:AzureAd:ClientId"],
Authority = Configuration["Authentication:AzureAd:AADInstance"] + Configuration["Authentication:AzureAd:TenantId"],
CallbackPath = Configuration["Authentication:AzureAd:CallbackPath"],
Events = new OpenIdConnectEvents
{
OnTicketReceived = async context =>
{
var user = (ClaimsIdentity)context.Ticket.Principal.Identity;
if (user.IsAuthenticated)
{
var firstName = user.FindFirst(ClaimTypes.GivenName).Value;
var lastName = user.FindFirst(ClaimTypes.Surname).Value;
var email = user.HasClaim(cl => cl.Type == ClaimTypes.Email) ? user.FindFirst(ClaimTypes.Email).Value : user.Name;
var connectedOn = DateTime.UtcNow;
var userId = user.Name;
var myUser = await repository.GetAsync<Connection>(userId);
if (myUser == null)
{
myUser = new Connection(userId)
{
FirstName = firstName,
LastName = lastName,
Email = email
};
}
myUser.LastConnectedOn = connectedOn;
List<Connection> myList = new List<Connection>() { myUser };
var results = await repository.InsertOrMergeAsync(myList);
Claim clm = new Claim("IsAdmin", myUser.IsAdmin.ToString(), ClaimValueTypes.Boolean);
user.AddClaim(clm);
}
return;
}
},
}
});
的我Startup.cs
Autentication代码,也是我appsettings.json
"Authentication": {
"AzureAd": {
"AADInstance": "https://login.microsoftonline.com/",
"CallbackPath": "/signin-oidc",
"ClientId": "xxxxxxxx-xxxx-xxxx-xxxxx-xxxxxxxxxxxx",
"Domain": "mysite.azurewebsites.net",
"TenantId": "xxxxxxxx-xxxx-xxxx-xxxxx-xxxxxxxxxxxx"
}
}
对我来说主要问题是如何创建角色...... $ approverRole = CreateAppRole的用法-Name “批准者” - 描述“批准者有能力改变任务的状态。”'有点模糊不清......上述示例中的 – Serge
正在谈论Manifest和web.config我在ASP.NET中没有这样的东西核心应用程序...如果我理解的很好,RoleManager已经实现了.Core框架...另外我使用的是AzureTable Storage而不是Sql/CoreFramework ...所以我不能采用IdentityUser ... – Serge
清单可以在Azure门户中找到。查找Azure Active Directory - >应用程序注册 - >您的应用程序 - >清单。 – juunas