<bdo id='R7tuM'></bdo><ul id='R7tuM'></ul>
    1. <tfoot id='R7tuM'></tfoot>

      <small id='R7tuM'></small><noframes id='R7tuM'>

      <i id='R7tuM'><tr id='R7tuM'><dt id='R7tuM'><q id='R7tuM'><span id='R7tuM'><b id='R7tuM'><form id='R7tuM'><ins id='R7tuM'></ins><ul id='R7tuM'></ul><sub id='R7tuM'></sub></form><legend id='R7tuM'></legend><bdo id='R7tuM'><pre id='R7tuM'><center id='R7tuM'></center></pre></bdo></b><th id='R7tuM'></th></span></q></dt></tr></i><div id='R7tuM'><tfoot id='R7tuM'></tfoot><dl id='R7tuM'><fieldset id='R7tuM'></fieldset></dl></div>
    2. <legend id='R7tuM'><style id='R7tuM'><dir id='R7tuM'><q id='R7tuM'></q></dir></style></legend>

        无法访问 JWT 令牌 .NET Core 中的角色

        Can#39;t access Roles in JWT Token .NET Core(无法访问 JWT 令牌 .NET Core 中的角色)

            <tfoot id='NCM6u'></tfoot>
            • <bdo id='NCM6u'></bdo><ul id='NCM6u'></ul>
            • <i id='NCM6u'><tr id='NCM6u'><dt id='NCM6u'><q id='NCM6u'><span id='NCM6u'><b id='NCM6u'><form id='NCM6u'><ins id='NCM6u'></ins><ul id='NCM6u'></ul><sub id='NCM6u'></sub></form><legend id='NCM6u'></legend><bdo id='NCM6u'><pre id='NCM6u'><center id='NCM6u'></center></pre></bdo></b><th id='NCM6u'></th></span></q></dt></tr></i><div id='NCM6u'><tfoot id='NCM6u'></tfoot><dl id='NCM6u'><fieldset id='NCM6u'></fieldset></dl></div>

              • <legend id='NCM6u'><style id='NCM6u'><dir id='NCM6u'><q id='NCM6u'></q></dir></style></legend>

                <small id='NCM6u'></small><noframes id='NCM6u'>

                  <tbody id='NCM6u'></tbody>

                  本文介绍了无法访问 JWT 令牌 .NET Core 中的角色的处理方法,对大家解决问题具有一定的参考价值,需要的朋友们下面随着小编来一起学习吧!

                  问题描述

                  限时送ChatGPT账号..

                  我有一个使用 .NET Core API、Keycloak 和 JWT Token 制作的应用程序.

                  I have an application made with .NET Core API, Keycloak and JWT Token.

                  到目前为止,我一直在使用旧版本的 Keycloak,当它创建 JWT 令牌时,它在有效负载上写入了角色:

                  The older version of Keycloak that I've been using so far, when it created the JWT Token it wrote the roles here on payload:

                  {
                      "user_roles": [
                          "offline_access",
                          "uma_authorization",
                          "admin",
                          "create-realm"
                    ]
                  }
                  

                  但是现在我更新它之后,它在payload上写了角色:

                  But now after I updated it, it's writing the roles here on payload:

                  {
                    "realm_access": {
                      "roles": [
                        "create-realm",
                        "teacher",
                        "offline_access",
                        "admin",
                        "uma_authorization"
                      ]
                    },
                  }
                  

                  我需要知道如何将这个旧代码更改为新代码,告诉它不要查看 user_roles,而是查看 realm_access 然后角色.

                  And I need to know how to change this old code to the new one, to tell that don't look at user_roles, but do look at realm_access then to roles.

                  public void AddAuthorization(IServiceCollection services)
                  {
                      services.AddAuthorization(options =>
                      {
                          options.AddPolicy("Administrator", policy => policy.RequireClaim("user_roles", "admin"));
                          options.AddPolicy("Teacher", policy => policy.RequireClaim("user_roles", "teacher"));
                          options.AddPolicy("Pupil", policy => policy.RequireClaim("user_roles", "pupil"));
                          options.AddPolicy(
                              "AdminOrTeacher",
                              policyBuilder => policyBuilder.RequireAssertion(
                                  context => context.User.HasClaim(claim =>
                                                 claim.Type == "user_roles" && (claim.Value == "admin" || claim.Value == "teacher")
                                            ))
                          );
                      });
                  }
                  

                  推荐答案

                  以下代码会将 Keycloak (v4.7.0) 中的realm_access.roles"-claim (JWT Token) 转换为 Microsoft Identity Model 角色声明:

                  The following code will transform "realm_access.roles"-claim (JWT Token) from Keycloak (v4.7.0) into Microsoft Identity Model role-claims:

                  public void ConfigureServices(IServiceCollection services)
                  {
                      ...
                      services.AddTransient<IClaimsTransformation, ClaimsTransformer>();
                      ...
                  }
                  
                  public class ClaimsTransformer : IClaimsTransformation
                  {
                      public Task<ClaimsPrincipal> TransformAsync(ClaimsPrincipal principal)
                      {
                          ClaimsIdentity claimsIdentity = (ClaimsIdentity)principal.Identity;
                  
                          // flatten realm_access because Microsoft identity model doesn't support nested claims
                          // by map it to Microsoft identity model, because automatic JWT bearer token mapping already processed here
                          if (claimsIdentity.IsAuthenticated && claimsIdentity.HasClaim((claim) => claim.Type == "realm_access"))
                          {
                              var realmAccessClaim = claimsIdentity.FindFirst((claim) => claim.Type == "realm_access");
                              var realmAccessAsDict = JsonConvert.DeserializeObject<Dictionary<string, string[]>>(realmAccessClaim.Value);
                              if (realmAccessAsDict["roles"] != null)
                              {
                                  foreach (var role in realmAccessAsDict["roles"])
                                  {
                                      claimsIdentity.AddClaim(new Claim(ClaimTypes.Role, role));
                                  }
                              }
                          }
                  
                          return Task.FromResult(principal);
                      }
                  }
                  

                  这篇关于无法访问 JWT 令牌 .NET Core 中的角色的文章就介绍到这了,希望我们推荐的答案对大家有所帮助,也希望大家多多支持html5模板网!

                  【网站声明】本站部分内容来源于互联网,旨在帮助大家更快的解决问题,如果有图片或者内容侵犯了您的权益,请联系我们删除处理,感谢您的支持!

                  相关文档推荐

                  What are good algorithms for vehicle license plate detection?(车牌检测有哪些好的算法?)
                  onClick event for Image in Unity(Unity中图像的onClick事件)
                  Running Total C#(运行总 C#)
                  Deleting a directory when clicked on a hyperlink with JAvascript.ASP.NET C#(单击带有 JAvascript.ASP.NET C# 的超链接时删除目录)
                  asp.net listview highlight row on click(asp.net listview 在单击时突出显示行)
                  Calling A Button OnClick from a function(从函数调用按钮 OnClick)
                        <legend id='BYEOj'><style id='BYEOj'><dir id='BYEOj'><q id='BYEOj'></q></dir></style></legend>

                        <small id='BYEOj'></small><noframes id='BYEOj'>

                          <tbody id='BYEOj'></tbody>
                        <i id='BYEOj'><tr id='BYEOj'><dt id='BYEOj'><q id='BYEOj'><span id='BYEOj'><b id='BYEOj'><form id='BYEOj'><ins id='BYEOj'></ins><ul id='BYEOj'></ul><sub id='BYEOj'></sub></form><legend id='BYEOj'></legend><bdo id='BYEOj'><pre id='BYEOj'><center id='BYEOj'></center></pre></bdo></b><th id='BYEOj'></th></span></q></dt></tr></i><div id='BYEOj'><tfoot id='BYEOj'></tfoot><dl id='BYEOj'><fieldset id='BYEOj'></fieldset></dl></div>

                        • <bdo id='BYEOj'></bdo><ul id='BYEOj'></ul>
                        • <tfoot id='BYEOj'></tfoot>