问题
I am creating a simple WebApi which allows users to connect with Facebook. When I get the accessToken back from facebook, I am calling RegisterExternal to create an Asp.Net Identity record and store the Claims from the token. These claims also include the access token which I require to query the facebook graph later. All seems fine up to this point.
The issue I am having is reading the claims. I can see they are in my database I just cant figure out how to query this data. I have tried
var claimsIdentity = User.Identity as ClaimsIdentity;
But this returns me 2 claims for a) "http://schemas.xmlsoap.org/ws/2005/05/identity/claims/name" b) role
Both of these are of issuer LOCAL AUTHORITY (to be honest I am not sure when they are created as I am not explicitly adding these). So I believe their is either confusion on me saving the claims to the database agains the wrong type of issuer
await userManager.AddClaimAsync(user.Id, new Claim("urn:facebook:access_token", accessTokenClaim.Value, ClaimValueTypes.String, "LOCAL AUTHORITY"));
or my code for accessing the claims is incorrect.
Can anybody shed some light on this?
回答1:
When it comes to adding the claims to your Identity:
// Get the claims identity
ClaimsIdentity claimsIdentity =
await AuthenticationManager.GetExternalIdentityAsync(DefaultAuthenticationTypes.ExternalCookie);
if (claimsIdentity != null)
{
// Retrieve the existing claims
var currentClaims = await UserManager.GetClaimsAsync(user.Id);
// Get the list of access token related claims from the identity
var tokenClaims = claimsIdentity.Claims
.Where(c => c.Type.StartsWith("urn:tokens:"));
// Save the access token related claims
foreach (var tokenClaim in tokenClaims)
{
if (!currentClaims.Contains(tokenClaim))
{
await UserManager.AddClaimAsync(user.Id, tokenClaim);
}
}
}
To persist these claims to the database, you must call SignIn for the user:
// Sign in and redirect the user
await SignInAsync(user, isPersistent: false);
To retrieve the claims later you simply use:
var claimsIdentity = HttpContext.User.Identity as ClaimsIdentity;
if (claimsIdentity != null)
var claims = claimsIdentity.Claims;
This code is comprised of snippets from this article: http://www.jerriepelser.com/blog/get-the-twitter-profile-image-using-the-asp-net-identity
I'd recommend reading through it if you would like to see a full example. I have used the code in this article myself and it worked great in my project for both Twitter and Facebook external claims.
回答2:
I had the same issue when I renamed identity cookie. So I had 2 different users in 2 cookies. After I deleted the old one issue is gone.
回答3:
LOCAL_AUTHORITY is the default value for Issuer if it is not specified at creation of the Claim. For example: var claim = new Claim("LastName", "Timberlake","string", "http:/contoso.com/someissuername"); The last parameter in the above example is the issuer.
来源:https://stackoverflow.com/questions/28748000/confusion-over-local-authority-claims-and-external-provider-claims