ASP.NET Core Identity Role, Claim and User

2019-02-21 19:00发布

站内问答 / 移动开发
648 2 4

I am an ASP.NET Core beginner. I'm stuck in role, claim and user relationship.

I have a user Ben, user belongs to Admin role. Admin role has claims view-page and edit-page in database.

But I can't get claims and roles to be belonging to that user:

(Please see comment in code)

var user = await _userManager.FindByNameAsync(applicationUser.UserName);
if(user != null) {
    var userClaims = await _userManager.GetClaimsAsync(user); // empty, WHY ?
    var userRoles = await _userManager.GetRolesAsync(user); // ['admin']
    var adminRole = DbContext.Roles.FirstOrDefault(x => x.Name == "Admin");
    IList<Claim> adminClaims;
    if(adminRole != null)
    {
        adminClaims = await _roleManager.GetClaimsAsync(adminRole);
        // correct => ['view-page', 'edit-page']
    }
    }
}

In my mind, I understand when a user is a member of a role, he inherit that role's claims.

Default ASP.NET Identity have 5 tables:

  • Users.
  • Roles.
  • UserRoles - A user can have many roles.
  • RoleClaims - A role can have many claims.
  • UserClaims - A user can have many claims.

Do i think correct ? Why userManager.GetClaimsAsync(user) returns empty claims ?

Any suggestion?

2条回答
爷的心禁止访问
2楼-- · 2019-02-21 19:11

I have had to deal with this issue recently and to solve the problem of locating Users by a particular Claim that came from a Role is to create a new Claim object with the values from the Role Claim:

var role = await roleManager.FindByNameAsync(yourRoleName);
if(role != null)
{
    var roleClaims = await roleManager.GetClaimsAsync(role);
    if(roleClaims != null && roleClaims.Count() > 0)
    {
        foreach(var claim in roleClaims.ToList())
        {
            var users = await userManager.GetUsersForClaimAsync(new Claim(claim.Type, claim.Value));
            if(users != null && users.Count() > 0)
            {
                foreach(var user in users.ToList())
                {
                   //This is an example of only removing a claim, but this is the
                   //area where you could remove/add the updated claim
                   await userManager.RemoveClaimAsync(user, new Claim(claim.Type, claim.Value));
                }
            }
        }
    }
}

This allowed me to Update/Delete a role with claims and pass those changes to the Users to be Re-Issued/Removed that were assigned the roles and claims. However, I am still looking for something more elegant/easier with less code.

查看更多
0人赞 添加讨论(0) 举报
霸刀☆藐视天下
3楼-- · 2019-02-21 19:23

Why userManager.GetClaimsAsync(user) returns empty claims ?

Because UserManager.GetClaimsAsync(user) queries the UserClaims table. Same for RoleManager.GetClaimsAsync(role) queries the RoleClaims table.

But by design in ASP.NET Identity Core when a user is a member of a role, they automatically inherit the role's claims. You can check the ClaimsPrincipal, for example inside a controller action:

var claims = User.Claims.ToList();

You can see the code in UserClaimsPrincipalFactory.cs that creates a ClaimsPrincipal from an user.

查看更多
0人赞 添加讨论(0) 举报
登录 后发表回答
相关问题
查看全部
相关文章
查看全部
收藏的人(4)