azure - Azure B2C 安全组授权
问题描述
我正在尝试使用能够更新此示例中提到的自定义策略并提到部署的 REST API 的示例。
using System;
using System.Collections.Generic;
using System.IO;
using System.Linq;
using System.Net;
using System.Text;
using System.Threading.Tasks;
using AADB2C.RBAC.Sample.Models;
using Microsoft.AspNetCore.Mvc;
using Microsoft.Extensions.Options;
using System.Net.Http;
namespace AADB2C.RBAC.Sample.Controllers
{
[Route("api/[controller]/[action]")]
public class IdentityController : Controller
{
private readonly AppSettingsModel AppSettings;
// Demo: Inject an instance of an AppSettingsModel class into the constructor of the consuming class,
// and let dependency injection handle the rest
public IdentityController(IOptions<AppSettingsModel> appSettings)
{
this.AppSettings = appSettings.Value;
}
[HttpPost(Name = "IsMemberOf")]
public async Task<ActionResult> IsMemberOf()
{
string input = null;
// If not data came in, then return
if (this.Request.Body == null)
{
return StatusCode((int)HttpStatusCode.Conflict, new B2CResponseModel("Request content is null", HttpStatusCode.Conflict));
}
//Read the input claims from the request body
using (StreamReader reader = new StreamReader(Request.Body, Encoding.UTF8))
{
input = await reader.ReadToEndAsync();
}
//string input = Request.Content.ReadAsStringAsync().Result;
//string content = "";
//System.Web.HttpContext.Current.Request.InputStream.Position = 0;
//using (var reader = new StreamReader(
// Request.InputStream, System.Text.Encoding.UTF8, true, 4096, true))
//{
// content = reader.ReadToEnd();
//}
////Rest
//System.Web.HttpContext.Current.Request.InputStream.Position = 0;
// Check input content value
if (string.IsNullOrEmpty(input))
{
return StatusCode((int)HttpStatusCode.Conflict, new B2CResponseModel("Request content is empty", HttpStatusCode.Conflict));
}
// Convert the input string into InputClaimsModel object
InputClaimsModel inputClaims = InputClaimsModel.Parse(input);
if (inputClaims == null)
{
return StatusCode((int)HttpStatusCode.Conflict, new B2CResponseModel("Can not deserialize input claims", HttpStatusCode.Conflict));
}
if (string.IsNullOrEmpty(inputClaims.objectId))
{
return StatusCode((int)HttpStatusCode.Conflict, new B2CResponseModel("User 'objectId' is null or empty", HttpStatusCode.Conflict));
}
try
{
AzureADGraphClient azureADGraphClient = new AzureADGraphClient(this.AppSettings.Tenant, this.AppSettings.ClientId, this.AppSettings.ClientSecret);
// Demo: Get user's groups
GraphGroupsModel groups = await azureADGraphClient.GetUserGroup(inputClaims.objectId);
// Demo: Add the groups to string collections
List<string> groupsList = new List<string>();
foreach (var item in groups.value)
{
groupsList.Add(item.displayName);
}
// Demo: Set the output claims
OutputClaimsModel output = new OutputClaimsModel() { groups = groupsList };
// Demo: Check if user needs to be a member of a security group
if (!string.IsNullOrEmpty(inputClaims.onlyMembersOf))
{
List<string> onlyMembersOf = inputClaims.onlyMembersOf.ToLower().Split(',').ToList<string>();
bool isMemberOf = false;
foreach (var item in output.groups)
{
if (onlyMembersOf.Contains(item.ToLower()))
{
isMemberOf = true;
break;
}
}
// Demo: Throw error if user is not member of one of the security groups
if (isMemberOf == false)
{
return StatusCode((int)HttpStatusCode.Conflict, new B2CResponseModel("You are not authorized to sign-in to this application.", HttpStatusCode.Conflict));
}
}
// Demo: Return the groups collection
return Ok(output);
}
catch (Exception ex)
{
if (ex.Message.Contains("Request_ResourceNotFound"))
{
return StatusCode((int)HttpStatusCode.Conflict, new B2CResponseModel("Can not read user groups, user not found", HttpStatusCode.Conflict));
}
return StatusCode((int)HttpStatusCode.Conflict, new B2CResponseModel("Can not read user groups", HttpStatusCode.Conflict));
}
}
}
}
所以我已经达到了自定义策略使用 REST POST 方法来获取组详细信息的地步,但是提到的这段代码没有提供组详细信息,因为它去 catch 语句并且抛出无法读取用户组。这里的问题是我不能使用 localhost运行 Rest API 并通过自定义策略访问 API,我尝试使用代理,但它给了我错误的请求。
return StatusCode((int)HttpStatusCode.Conflict, new B2CResponseModel("Can not read user groups", HttpStatusCode.Conflict));
任何帮助或示例都会非常有帮助
解决方案
Web 应用程序代码位于链接存储库的源代码文件夹中。
推荐阅读
- python - TypeError:“NoneType”对象不可下标(PYTHON)
- c# - 无法为 WSDL 文件创建 Web 引用
- javascript - Javascript HasOwnProperty Polyfill
- python - 如何为大型图像数据集使用更少的内存?(Python - Keras)
- php - 如何使用数组中的值重新格式化 JSON 响应
- javascript - 将课程内容更改为 href
- android - 从另一个应用程序启动绑定和启动的服务
- html - Textarea位置绝对推送父div
- c++ - 当单个线程获取相同互斥锁的 2 个 unique_lock 时,unique_lock 是什么意思?
- discord - 向第一个频道发送消息。不和谐.py