0
我试图在SecurityTokenValidated事件中获取访问令牌,并且在获取访问令牌后,我将其保存在声明中。问题是,当我尝试访问该声明时,它不再存在。SecurityTokenValidated身份迷路了
的SecurityTokenValidated代码是这样的:
public static async Task<Task> SecurityTokenValidated(SecurityTokenValidatedNotification<OpenIdConnectMessage, OpenIdConnectAuthenticationOptions> context)
{
string aadInstance = ConfigurationManager.AppSettings["ida:AADInstance"];
string clientId = ConfigurationManager.AppSettings["ida:ClientId"];
string clientSecret = ConfigurationManager.AppSettings["ida:ClientSecret"];
string source = ConfigurationManager.AppSettings["ExchangeOnlineId"];
var authContext = new AuthenticationContext(aadInstance, false);
var credentials = new ClientCredential(clientId, clientSecret);
var appRedirectUrl = context.Request.Scheme + "://" + context.Request.Host + context.Request.PathBase + "/";
var authResult = await authContext.AcquireTokenByAuthorizationCodeAsync(context.ProtocolMessage.Code, new Uri(appRedirectUrl), credentials, source);
var accessToken = authResult.AccessToken;
var applicationUserIdentity = new ClaimsIdentity(context.OwinContext.Authentication.User.Identity);
applicationUserIdentity.AddClaim(new Claim("AccessToken", accessToken));
context.OwinContext.Authentication.User.AddIdentity(applicationUserIdentity);
return Task.FromResult(0);
}
,我尝试访问它是这样的:
var accessToken =((ClaimsPrincipal)HttpContext.Current.User).FindFirst("AccessToken").Value;
更新: 事实证明,我们有一些代码,重写HttpContext.Current。用户。我对此代码做了如下更改:
var claims = ((ClaimsPrincipal)HttpContext.Current.User).Claims;
var newPrincipal = new GenericPrincipal(new GenericIdentity(domainUserName), null);
((ClaimsIdentity)newPrincipal.Identity).AddClaims(claims);
HttpContext.Current.User = newPrincipal;
但是没有运气。我可以得到的声明很好,但我不能看到他们在newPrincipal ...