我正在使用带有 IdentityServer 的 ASP.NET Core 3.1 开发 Blazor webassembly 应用程序。
由于 IdentityServer 处理所有登录、注销、注册……事件,我试图捕捉这些事件以获取有关用户的一些信息。
为了清楚起见,我试图记住登录日期,并捕捉新用户注册以自动赋予他们一些角色。
这是我在启动类(class)中使用的所有服务:
services.AddDefaultIdentity<ApplicationUser>(options => options.SignIn.RequireConfirmedAccount = true)
.AddRoles<IdentityRole>()
.AddEntityFrameworkStores<ApplicationDbContext>();
services.Configure<IdentityOptions>(options =>
options.ClaimsIdentity.UserIdClaimType = ClaimTypes.NameIdentifier);
services.AddIdentityServer()
.AddApiAuthorization<ApplicationUser, ApplicationDbContext>(options => {
options.IdentityResources["openid"].UserClaims.Add("name");
options.ApiResources.Single().UserClaims.Add("name");
options.IdentityResources["openid"].UserClaims.Add("role");
options.ApiResources.Single().UserClaims.Add("role");
});
// Need to do this as it maps "role" to ClaimTypes.Role and causes issues
JwtSecurityTokenHandler.DefaultInboundClaimTypeMap.Remove("role");
services.AddAuthentication()
.AddIdentityServerJwt();
我已经实现了 IEventSink 模式(http://docs.identityserver.io/en/stable/topics/events.html):
public class IdentityServerEventSink : IEventSink
{
private readonly UserManager<ApplicationUser> userManager;
private readonly IHttpContextAccessor httpContextAccessor;
public IdentityServerEventSink(UserManager<ApplicationUser> userManager, IHttpContextAccessor httpContextAccessor)
{
this.userManager = userManager;
this.httpContextAccessor = httpContextAccessor;
}
public async Task PersistAsync(Event @event)
{
if (@event.Id.Equals(EventIds.ClientAuthenticationSuccess))
{
var identity = httpContextAccessor.HttpContext.User;
var id = httpContextAccessor.HttpContext.User.FindFirstValue(ClaimTypes.NameIdentifier);
var user = await userManager.Users.FirstOrDefaultAsync(u => u.Id == id);
}
}
}
在 startup.cs 中:
services.AddHttpContextAccessor();
services.AddTransient<IEventSink, IdentityServerEventSink>();
但是当我进入 ClientAuthenticationSuccess 事件时,身份始终是匿名的。
我也在中间件中尝试过,但我有同样的问题:
app.Use(async (context, next) =>
{
await next.Invoke();
//handle response
//you may also need to check the request path to check whether it requests image
if (context.User.Identity.IsAuthenticated)
{
var userName = context.User.Identity.Name;
//retrieve uer by userName
using (var dbContext = context.RequestServices.GetRequiredService<ApplicationDbContext>())
{
var user = dbContext.Users.Where(u => u.UserName == userName).FirstOrDefault();
user.LastLogon = System.DateTime.Now;
dbContext.Update(user);
dbContext.SaveChanges();
}
}
});
你有什么想法 ?
我听说 HttpContextAccessor 在 Blazor 中是个坏东西。
最佳答案
好的,所以在更新后中间件委托(delegate)工作!
app.Use(async (context, next) =>
{
await next.Invoke();
if (context.User.Identity.IsAuthenticated)
{
var userName = context.User.Identity.Name;
using (var dbContext = context.RequestServices.GetRequiredService<ApplicationDbContext>())
{
var user = dbContext.Users.Where(u => u.UserName == userName).FirstOrDefault();
if (user != null)
{
user.LastLogon = System.DateTime.Now;
user.LastIpAddress = context.Connection?.RemoteIpAddress?.ToString();
dbContext.Update(user);
dbContext.SaveChanges();
}
}
}
});
app.UseIdentityServer(); app.UseAuthentication(); app.UseAuthorization();但是很糟糕,来自 IdentityServer 的 EventSink 仍然不起作用,httpContextAccessor.HttpContext.User.Identity总是匿名的。
关于authentication - Blazor webassembly - IdentityServer EventSink 和 HttpContext,我们在Stack Overflow上找到一个类似的问题: https://stackoverflow.com/questions/62434400/