您必須GrantResourceOwnerCredentials添加方法:
identity.AddClaim(new Claim(ClaimTypes.Role, "admins"));
一步
在StartUp.cs類步驟,你應該有一個自定義提供,欲行
Provider = new CustomAuthorizationServerProvider()
例如:
public void ConfigureOAuth(IAppBuilder app)
{
OAuthAuthorizationServerOptions oAuthServerOptions = new OAuthAuthorizationServerOptions
{
AllowInsecureHttp = true,
TokenEndpointPath = new PathString("/token"),
AccessTokenExpireTimeSpan = TimeSpan.FromMinutes(30),
Provider = new CustomAuthorizationServerProvider()
};
// Token Generation
app.UseOAuthAuthorizationServer(oAuthServerOptions);
app.UseOAuthBearerAuthentication(new OAuthBearerAuthenticationOptions());
}
然後,你CustomAuthorizationServerProvider從OAuthAuthorizationServerProvider類繼承將覆蓋GrantResourceOwnerCredentials(OAuthGrantResourceOwnerCredentialsContext上下文)。
然後,檢查用戶是否具有正確的用戶名和密碼後,您必須添加
var identity = new ClaimsIdentity(context.Options.AuthenticationType);
...
// other claims
...
identity.AddClaim(new Claim(ClaimTypes.Role, "admins"));
...
var ticket = new AuthenticationTicket(identity, properties);
context.Validated(ticket);
編輯
你可以得到用戶角色從DB,而不是使用「管理員」 harcoded串這樣做的:
var roles = await userManager.GetRolesAsync(userId);
所以,你可以在你的倉庫中添加下面的方法:
public async Task<IList<string>> UserRoles(string userId)
{
IList<string> roles = await userManager.GetRolesAsync(userId);
return roles;
}
,然後從overrided GrantResourceOwnerCredentials加入叫它:
using (AuthRepository repository = new AuthRepository())
{
IdentityUser user = await repository.FindUser(context.UserName, context.Password);
if (user == null)
{
context.SetError("invalid_grant", "The user name or password is incorrect");
return;
}
var roles = repository.UserRoles(user.Id);
}
非常感謝你,它幾乎工作,但我如何從用戶registred角色採取的不是「管理員」固定廣告宣稱串? – user2100125 2014-09-07 20:34:03
@ user2100125我編輯了我的答案以從Db中檢索用戶角色。 – 2014-09-08 07:07:55
非常感謝:) – user2100125 2014-09-08 14:41:17