BlazorWASM-IdentityServer4-RoleClaim未被填充
在Identity Server 4配置中,需要将RoleClaimType设置为正确的角色声明类型。但是,仅此还不足,还需要为AuthenticatonStateProvider注册自定义AuthorizeAttribute,以按需添加Role Claim。
这里是一个添加Role Claim的完整示例:
在Identity Server 4配置中添加以下代码:
services.AddIdentityServer()
.AddApiAuthorization
var builder = services.AddAuthentication(); builder.AddIdentityServerJwt();
services.AddAuthorization(options => { options.AddPolicy("Admin", policy => policy.RequireClaim("role", "Admin")); });
在ProfileService类中添加以下代码:
public class ProfileService : IProfileService
{
public Task GetProfileDataAsync(ProfileDataRequestContext context)
{
var user = context.Subject;
var claims = new List
if (user.IsInRole("Admin"))
{
claims.Add(new Claim("role", "Admin"));
}
context.IssuedClaims.AddRange(claims);
return Task.CompletedTask;
}
public Task IsActiveAsync(IsActiveContext context)
{
return Task.CompletedTask;
}
}
然后,为AuthenticatonStateProvider注册自定义AuthorizeAttribute:
services.AddScoped
添加一个CustomAuthorizeAttribute类,将Role Claim添加到要求的策略中:
public class CustomAuthorizeAttribute : AuthorizeAttribute { public CustomAuthorizeAttribute(string policy) : base(policy) { Policy = policy; }
protected override async Task HandleRequirementAsync(AuthorizationHandlerContext context, IAuthorizationRequirement requirement)
{
var user = context.User;
if (user == null || !user.Identity.IsAuthenticated)
{
return;
}
if (user.IsInRole("Admin"))
{
context.Succeed(requirement); // Add the Role Claim to the required policy
return;
}
await base.HandleRequirementAsync(context, requirement);
}
}