我有以下ApplicationUser
类,是否可以通过执行以下操作来添加索赔或扩展身份,以便我可以检查用户是否在项目组中:User.Identity.IsInProjectGroup(1)
。
目前,我必须继续进入数据库才能获取用户,然后调用IsInProjectGroup
方法。
public class ApplicationUser : IdentityUser
{
public ApplicationUser()
{
Id = Guid.NewGuid().ToString();
Groups = new Collection<Group>();
}
public string FirstName { get; set; }
public ICollection<Group> Groups { get; set; }
public bool IsInProjectGroup(int projectId)
{
return Groups.Any(g => g.Projects.Select(x => x.Id).Contains(projectId));
}
public async Task<ClaimsIdentity> GenerateUserIdentityAsync(UserManager<ApplicationUser> manager)
{
var userIdentity = await manager.CreateIdentityAsync(this, DefaultAuthenticationTypes.ApplicationCookie);
// how do you add claim???
userIdentity.AddClaim(new Claim("Group", ???));
return userIdentity;
}
}
有没有办法添加索赔来调用方法,或者有其他方法可以实现这一目标?
我正在考虑以下扩展名,但不确定我如何在ApplicationUser
类中添加这样的主张以及如何在下面的扩展方法中检查索赔:
namespace App.Extensions
{
public static class IdentityExtensions
{
public static bool IsInProjectGroup(this IIdentity identity, int projectId)
{
// how would i do the check here???
}
}
}
这是一个简单的示例。
首先创建一个常数,以用作主张
的键public class Constants {
public class Security {
public class ClaimTypes
public const string ProjectGroups = "ProjectGroups";
}
}
}
然后,您可以在创建身份时创建索赔
public async Task<ClaimsIdentity> GenerateUserIdentityAsync(UserManager<ApplicationUser> manager) {
var userIdentity = await manager.CreateIdentityAsync(this, DefaultAuthenticationTypes.ApplicationCookie);
// how do you add claim???
if(Groups.Any()) { //assuming this is a navigation property
//create a claim type/name/key
//replace with you desired key. Store in a constant for later use
var claimName = Constants.Security.ClaimTypes.ProjectGroup;
//create claims from current groups.
var claims = Groups.SelectMany(g => g.Projects.Select(x => x.Id))
.Select(id => new System.Security.Claims.Claim(claimName, id.ToString()));
userIdentity.AddClaims(claims);
}
return userIdentity;
}
对于检索,您可以创建自己的扩展方法来检查索赔本身中的组,而不是点击数据库。
public static class IdentityExtensions {
public static bool IsInProjectGroup(this IIdentity identity, int projectId) {
// how would i do the check here???
if(identity != null) {
var claimsIdentity = identity as ClaimsIdentity;
if (claimsIdentity != null) {
return claimsIdentity
.FindAll(Constants.Security.ClaimTypes.ProjectGroups)
.Any(claim => claim.Value == projectId.ToString());
}
}
return false;
}
}