從您的Web應用程序中,您將必須實現ClaimsAuthenticationManager和ClaimsAuthorisationManager。沿着這一行,但是你的要求的東西會從你的STS返回的令牌:
public class ClaimsTransformationModule : ClaimsAuthenticationManager
{
public override ClaimsPrincipal Authenticate(string resourceName, ClaimsPrincipal incomingPrincipal)
{
if (!incomingPrincipal.Identity.IsAuthenticated)
{
return base.Authenticate(resourceName, incomingPrincipal);
}
return CreateApplicationPrincipal(incomingPrincipal.Identity.Name);
}
private ClaimsPrincipal CreateApplicationPrincipal(string userName)
{
var claims = new List<Claim>();
claims.Add(new Claim(ClaimTypes.Name, userName));
claims.Add(new Claim(ClaimTypes.GivenName, userName));
// add roles
var roles = Roles.GetRolesForUser(userName).ToList();
roles.ForEach(
r => claims.Add(new Claim(ClaimTypes.Role, r)));
return new ClaimsPrincipal(new ClaimsIdentity(claims, "Custom"));
}
}
public class CustomAuthorisationManager : ClaimsAuthorizationManager
{
public override bool CheckAccess(AuthorizationContext context)
{
string resource = context.Resource.First().Value;
string action = context.Action.First().Value;
if (action == "Edit" && resource == "User")
{
bool isAdmin = context.Principal.HasClaim(ClaimTypes.Role, "Admin");
return isAdmin;
}
return false;
}
}
您必須配置設置添加到您的web.config的
<configuration>
<configSections>
..
<section name="system.identityModel" type="System.IdentityModel.Configuration.SystemIdentityModelSection, System.IdentityModel, Version=4.0.0.0, Culture=neutral, PublicKeyToken=B77A5C561934E089"/>
<section name="system.identityModel.services" type="System.IdentityModel.Services.Configuration.SystemIdentityModelServicesSection, System.IdentityModel.Services, Version=4.0.0.0, Culture=neutral, PublicKeyToken=B77A5C561934E089"/>
..
您可以使用聲明標記來存儲聲明以保存每次您的數據庫。
這篇文章是非常好的,可以解釋這一切從開始到結束:
http://dotnetcodr.com/2013/03/04/claims-based-authentication-in-mvc4-with-net4-5-c-part-3-claims-based-authorisation/
什麼需要ClaimsPrincipal對象呢?如何在沒有ClaimsPrincipal的情況下調用Authenticate?也許我只需要CreateApplicationPrincipal()方法,因爲Web應用程序只包含用戶名,部門,子部門的字符串集?只要有索賠,當前授權工作良好。我需要CustomAuthorizationManager嗎?會話變量和Cookie在什麼時候製作? – ildar