Confusion over LOCAL AUTHORITY claims and External

2019-06-23 03:50发布

站内问答 / 后端开发
373 3 4

I am creating a simple WebApi which allows users to connect with Facebook. When I get the accessToken back from facebook, I am calling RegisterExternal to create an Asp.Net Identity record and store the Claims from the token. These claims also include the access token which I require to query the facebook graph later. All seems fine up to this point.

The issue I am having is reading the claims. I can see they are in my database I just cant figure out how to query this data. I have tried

var claimsIdentity = User.Identity as ClaimsIdentity;

But this returns me 2 claims for a) "http://schemas.xmlsoap.org/ws/2005/05/identity/claims/name" b) role

Both of these are of issuer LOCAL AUTHORITY (to be honest I am not sure when they are created as I am not explicitly adding these). So I believe their is either confusion on me saving the claims to the database agains the wrong type of issuer

await userManager.AddClaimAsync(user.Id, new Claim("urn:facebook:access_token", accessTokenClaim.Value, ClaimValueTypes.String, "LOCAL AUTHORITY"));

or my code for accessing the claims is incorrect.

Can anybody shed some light on this?

3条回答
混吃等死
2楼-- · 2019-06-23 04:29

LOCAL_AUTHORITY is the default value for Issuer if it is not specified at creation of the Claim. For example: var claim = new Claim("LastName", "Timberlake","string", "http:/contoso.com/someissuername"); The last parameter in the above example is the issuer.

查看更多
0人赞 添加讨论(0) 举报
对你真心纯属浪费
3楼-- · 2019-06-23 04:32

When it comes to adding the claims to your Identity:

// Get the claims identity
    ClaimsIdentity claimsIdentity =
        await AuthenticationManager.GetExternalIdentityAsync(DefaultAuthenticationTypes.ExternalCookie);

    if (claimsIdentity != null)
    {
        // Retrieve the existing claims
        var currentClaims = await UserManager.GetClaimsAsync(user.Id);

        // Get the list of access token related claims from the identity
        var tokenClaims = claimsIdentity.Claims
            .Where(c => c.Type.StartsWith("urn:tokens:"));

        // Save the access token related claims
        foreach (var tokenClaim in tokenClaims)
        {
            if (!currentClaims.Contains(tokenClaim))
            {
                await UserManager.AddClaimAsync(user.Id, tokenClaim);
            }
        }
    }

To persist these claims to the database, you must call SignIn for the user:

// Sign in and redirect the user
    await SignInAsync(user, isPersistent: false);

To retrieve the claims later you simply use:

var claimsIdentity = HttpContext.User.Identity as ClaimsIdentity;
if (claimsIdentity != null)
   var claims = claimsIdentity.Claims;

This code is comprised of snippets from this article: http://www.jerriepelser.com/blog/get-the-twitter-profile-image-using-the-asp-net-identity

I'd recommend reading through it if you would like to see a full example. I have used the code in this article myself and it worked great in my project for both Twitter and Facebook external claims.

查看更多
0人赞 添加讨论(0) 举报
闹够了就滚
4楼-- · 2019-06-23 04:37

I had the same issue when I renamed identity cookie. So I had 2 different users in 2 cookies. After I deleted the old one issue is gone.

查看更多
0人赞 添加讨论(0) 举报
登录 后发表回答
相关问题
查看全部
相关文章
查看全部
收藏的人(4)