How to use Windows Active Directory Authentication and Identity Based Claims?
Problem
We want to use Windows Active Directory to authenticate a user into the application. However, we do not want to use Active Directory groups to manage autho
-
You could use ClaimTransformation, I just got it working this afternoon using the article and code below. I am accessing an application with Window Authentication and then adding claims based on permissions stored in a SQL Database. This is a good article that should help you.
https://github.com/aspnet/Security/issues/863
In summary ...
services.AddScoped(); return await transformer.TransformAsync(context); }); public class ClaimsTransformer : IClaimsTransformer { private readonly DbContext _context; public ClaimsTransformer(DbContext dbContext) { _context = dbContext; } public async Task TransformAsync(ClaimsTransformationContext context) { System.Security.Principal.WindowsIdentity windowsIdentity = null; foreach (var i in context.Principal.Identities) { //windows token if (i.GetType() == typeof(System.Security.Principal.WindowsIdentity)) { windowsIdentity = (System.Security.Principal.WindowsIdentity)i; } } if (windowsIdentity != null) { //find user in database by username var username = windowsIdentity.Name.Remove(0, 6); var appUser = _context.User.FirstOrDefault(m => m.Username == username); if (appUser != null) { ((ClaimsIdentity)context.Principal.Identity).AddClaim(new Claim("Id", Convert.ToString(appUser.Id))); /*//add all claims from security profile foreach (var p in appUser.Id) { ((ClaimsIdentity)context.Principal.Identity).AddClaim(new Claim(p.Permission, "true")); }*/ } } return await System.Threading.Tasks.Task.FromResult(context.Principal); } }
加载中...
- 热议问题