我有一个blazor页面,如果用户是GRP_FAST_ADMIN角色,它应该显示一个按钮。出于测试目的,如果他们不在这个角色中,我会打印出他们所扮演角色的列表。问题是,他们的声明确实表明他们拥有正确的角色,但他们仍然没有得到授权。
@page "/RestartApplication"
<AuthorizeView Roles="GRP_FAST_ADMIN">
<Authorized>
<button class="btn-default" @onclick="() => ViewModel.RestartApplication()">Restart Application</button>
</Authorized>
<NotAuthorized>
@if(Claims !=null)
{
@foreach(var claim in Claims)
{
<p>@(claim.Type.ToString() + ": " + claim.Value.ToString())</p>
}
}
</NotAuthorized>
</AuthorizeView>
该部分的输出:
http://schemas.microsoft.com/ws/2008/06/identity/claims/role: CM_GENERAL_USER
http://schemas.microsoft.com/ws/2008/06/identity/claims/role: ES_GENERAL_USER
http://schemas.microsoft.com/ws/2008/06/identity/claims/role: GRP-PEOPLESOFT-P-GL_GENERAL
http://schemas.microsoft.com/ws/2008/06/identity/claims/role: GRP_AWB_ADMIN
http://schemas.microsoft.com/ws/2008/06/identity/claims/role: GRP_FAST_ADMIN
http://schemas.microsoft.com/ws/2008/06/identity/claims/role: GRP_ILG_RO
http://schemas.microsoft.com/ws/2008/06/identity/claims/role: IB_PWR_USER
http://schemas.microsoft.com/ws/2008/06/identity/claims/role: IBP_POWER_USER
http://schemas.microsoft.com/ws/2008/06/identity/claims/role: MP_ADMIN_GRP
http://schemas.microsoft.com/ws/2008/06/identity/claims/role: OFB_GENERAL_USER
http://schemas.microsoft.com/ws/2008/06/identity/claims/role: PK_GENERAL_USER
http://schemas.microsoft.com/ws/2008/06/identity/claims/role: PT_GENERAL_USER
http://schemas.microsoft.com/ws/2008/06/identity/claims/role: PT_PWR_USER
http://schemas.microsoft.com/ws/2008/06/identity/claims/role: RESORT_OPS_UTILITY
基本身份验证有效。我可以成功地使用来确保某人已登录。授权是在启动WebAssembly时设置的,如下所示:
public static IServiceCollection AddPowerToolsWebServices(this IServiceCollection services)
{
services.AddDevExpressBlazor();
services.AddBlazoredLocalStorage();
services.AddAuthorizationCore();
services.AddScoped<TokenAuthenticationStateProvider>();
services.AddScoped<AuthenticationStateProvider, TokenAuthenticationStateProvider>(provider =>
provider.GetRequiredService<TokenAuthenticationStateProvider>());
return services;
}
我正在处理GetAuthenticationStateAsync((的覆盖
public override async Task<AuthenticationState> GetAuthenticationStateAsync()
{
var token = await GetTokenAsync();
if (string.IsNullOrWhiteSpace(token))
return _Anonymous;
_HttpClient.DefaultRequestHeaders.Authorization = new AuthenticationHeaderValue("bearer", token);
return new AuthenticationState(new ClaimsPrincipal(new ClaimsIdentity(ParseClaimsFromJwt(token), "jwt")));
}
这将解析所有声明并获取每个角色,并将它们单独添加为声明。不确定我错过了什么。
看起来您将不得不使用AccountClaimsPrincipalFactory转换角色声明。
Blazor期望的索赔类型只是";角色;而不是";http://schemas.microsoft.com/ws/2008/06/identity/claims/role"。工厂可以为您实现这一点,然后您将能够使用标准的blazor组件/机制来管理它们。
即使使用"个人用户帐户"选项,您也必须这样做,因为索赔以逗号分隔的字符串形式出现。
这是一个示例链接。这不是你的情况,但解决方案是一样的——你需要将你所拥有的索赔转化为blazor所期望的。