我正在使用带有JWTBearerAuthentication的Owin来授权用户并验证他们的令牌。我是这样做的:
public class Startup
{
public void Configuration(IAppBuilder app)
{
HttpConfiguration config = new HttpConfiguration();
config.MapHttpAttributeRoutes();
config.Routes.MapHttpRoute(
name: "DefaultApi",
routeTemplate: "api/{controller}/{id}",
defaults: new { id = RouteParameter.Optional }
);
ConfigureOAuth(app);
app.UseWebApi(config);
}
private void ConfigureOAuth(IAppBuilder app)
{
string issuer = ConfigurationManager.AppSettings.Get("auth_issuer");
string audience = ConfigurationManager.AppSettings.Get("auth_clientId");
byte[] secret = TextEncodings.Base64Url.Decode(ConfigurationManager.AppSettings.Get("auth_secret"));
app.UseJwtBearerAuthentication(new JwtBearerAuthenticationOptions
{
AuthenticationMode = AuthenticationMode.Active,
AllowedAudiences = new [] { audience },
IssuerSecurityTokenProviders = new IIssuerSecurityTokenProvider[]
{
new SymmetricKeyIssuerSecurityTokenProvider(issuer, secret)
}
});
}
}
但是,我的令牌中有一些自定义声明,并希望在我的 ApiController 中使用它们的值,如下所示:
[RoutePrefix("endpoint")]
public class MyApiController : ApiController
{
[Route("action")]
[Authorize]
public IHttpActionResult Post(string someValue)
{
bool res = DoSomeAction.withTheString(someValue);
if (res)
{
return Ok<string>(someValue);
}
return InternalServerError();
}
}
有没有像 User.Claims["myCustomClaim"].Value 这样的东西,它提供了所有索赔的值?
谢谢卢卡斯
这样的事情可能会有所帮助:
var identity = User.Identity as ClaimsIdentity;
return identity.Claims.Select(c => new
{
Type = c.Type,
Value = c.Value
});