我正在我的 asp.net 核心MVC解决方案中试用Aws Cognito。
我在启动中注册了 Cookie-auth,并向 OnCreateatingTicket-event 添加一个侦听器来解析成功登录后获得的 JWT 令牌,如下所示:
services.AddAuthentication(options =>
{
options.DefaultAuthenticateScheme = CookieAuthenticationDefaults.AuthenticationScheme;
options.DefaultSignInScheme = CookieAuthenticationDefaults.AuthenticationScheme;
options.DefaultChallengeScheme = "Cognito";
})
.AddCookie()
.AddOAuth("Cognito", options =>
{
options.ClientId = Configuration["Authentication:Cognito:ClientId"];
options.ClientSecret = Configuration["Authentication:Cognito:Secret"];
options.CallbackPath = new PathString("/sign-in");
options.AuthorizationEndpoint = "https://xx.auth.eu-west-1.amazoncognito.com/oauth2/authorize";
options.TokenEndpoint = "https://xx.auth.eu-west-1.amazoncognito.com/oauth2/token";
options.SaveTokens = true;
options.ClaimsIssuer = "https://cognito-idp.eu-west-1.amazonaws.com/xxx";
options.Events = new OAuthEvents
{
OnCreatingTicket = OnCreatingTicket
};
});
但是,我只能找到Principal.AddIdentity方法,它允许我添加新的CLaimsIdentity,但我想要的是替换当前的Identity,因为这是 asp.net 核心的防伪系统所必需的。
解析 jwt 令牌:
private static Task OnCreatingTicket(OAuthCreatingTicketContext context)
{
var handler = new JwtSecurityTokenHandler();
var idToken = context.TokenResponse.Response["id_token"];
var jwtToken = handler.ReadJwtToken(idToken.ToString());
var appIdentity = new ClaimsIdentity(jwtToken.Claims);
//how to override context.Principal?
context.Principal.AddIdentity(appIdentity);
return Task.CompletedTask;
}
任何想法如何覆盖当前上下文。Principal.Identity 而不是添加新的?
上下文
中的Principal属性是可变的,因此请将其替换为新属性。
context.Principal = new ClaimsPrincipal(appIdentity);