问题
I'm using Azure AD B2C authentication for my MVC web application. I have developed the sign-in part of the project. Now I want to get the user's details when a user logs into the web app. I have seen some of the articles which explain how to edit user details. But I couldn't find anything related to get user profile data. Please Help.
This is my SignIn action.
public ActionResult SignIn()
{
if (!Request.IsAuthenticated)
{
var authenticationManager = HttpContext.GetOwinContext().Authentication;
authenticationManager.Challenge(new AuthenticationProperties() { RedirectUri = "/" }, Startup.SignInPolicyId);
return Content("");
}
else
{
return Redirect("~/Home/Login");
}
}
回答1:
You have two options:
OPTION 1, PREFERRED - Use Azure AD B2C's Edit Profile functionality
Create an Edit Profile Policy
Add logic on the RedirectToIdentityProvider handler to override the policy when calling out to Azure AD B2C
/*
* On each call to Azure AD B2C, check if a policy (e.g. the profile edit or password reset policy) has been specified in the OWIN context.
* If so, use that policy when making the call. Also, don't request a code (since it won't be needed).
*/
private Task OnRedirectToIdentityProvider(RedirectToIdentityProviderNotification<OpenIdConnectMessage, OpenIdConnectAuthenticationOptions> notification)
{
var policy = notification.OwinContext.Get<string>("Policy");
if (!string.IsNullOrEmpty(policy) && !policy.Equals(DefaultPolicy))
{
notification.ProtocolMessage.Scope = OpenIdConnectScopes.OpenId;
notification.ProtocolMessage.ResponseType = OpenIdConnectResponseTypes.IdToken;
notification.ProtocolMessage.IssuerAddress = notification.ProtocolMessage.IssuerAddress.Replace(DefaultPolicy, policy);
}
return Task.FromResult(0);
}
- Create your EditProfile controller action ensuring it indicates that the EditProfilePolicy should be used:
public void EditProfile()
{
if (Request.IsAuthenticated)
{
// Let the middleware know you are trying to use the edit profile policy (see OnRedirectToIdentityProvider in Startup.Auth.cs)
HttpContext.GetOwinContext().Set("Policy", Startup.EditProfilePolicyId);
// Set the page to redirect to after editing the profile
var authenticationProperties = new AuthenticationProperties { RedirectUri = "/" }; HttpContext.GetOwinContext().Authentication.Challenge(authenticationProperties);
return;
}
Response.Redirect("/");
}
OPTION 2 - Implement your own Edit Profile screen and experience I won't go into the details of this option as this is quite lengthy but at a high level you would need to:
- Implement your own screen
- Implement your own API secured by Azure AD B2C (meaning that it requires and Azure AD B2C access token) and have this API use Client Credentials to update the user in question.
回答2:
Within the B2C policy you need to add claims.
Select the policy -> Edit -> Application Claims -> Select the ones you want -> save.
When a use signs in, these will be added to their token. You can then enumerate them within your code after they have logged in.:
var claimsIdentity = (System.Security.Claims.ClaimsIdentity)User.Identity;
foreach (var claim in claimsIdentity.Claims)
{
// do stuff with claim.Type & claim.Value
}
来源:https://stackoverflow.com/questions/43863044/how-to-get-user-profile-details-in-azure-ad-b2c