karatejb: [ASP.NET Core] Identity Server 4 - Get authorized user claims

 public class UserProfileFilter : Attribute, IAsyncActionFilter
 {
    public async Task OnActionExecutionAsync(ActionExecutingContext context, ActionExecutionDelegate next)
    {
        string uid = string.Empty;
        string email = string.Empty;
        StringValues authHeaderVal = default(StringValues);

        // Method 1. Use System.IdentityModel.Tokens.Jwt.JwtSecurityTokenHandler to decode the JWT.
        if (context.HttpContext.Request.Headers.TryGetValue("Authorization", out authHeaderVal))
        {
            string bearerTokenPrefix = "Bearer";
            string accessToken = string.Empty;
            string authHeaderStr = authHeaderVal.ToString();
            if (!string.IsNullOrEmpty(authHeaderStr) && authHeaderStr.StartsWith(bearerTokenPrefix, StringComparison.OrdinalIgnoreCase))
            {
                accessToken = authHeaderStr.Replace(bearerTokenPrefix, string.Empty, StringComparison.OrdinalIgnoreCase).Trim();
            }

            var handler = new System.IdentityModel.Tokens.Jwt.JwtSecurityTokenHandler();
            var token = handler.ReadJwtToken(accessToken);
            uid = token.Claims.FirstOrDefault(c => c.Type.Equals("sub", StringComparison.OrdinalIgnoreCase))?.Value;
            email = token.Claims.FirstOrDefault(c => c.Type.Equals(JwtClaimTypes.Email))?.Value;
        }

        // 2. Use the System.Security.ClaimsPrinciple from HttpContext.
        var user = context.HttpContext.User;
        if (user.Identity.IsAuthenticated)
        {
            uid = user.Claims.FirstOrDefault(c => c.Type.Equals("sub", StringComparison.OrdinalIgnoreCase))?.Value;
            email = user.Claims.FirstOrDefault(c => c.Type.Equals(JwtClaimTypes.Email))?.Value;
        }
        
        await next();
    }
 }

The above sample code shows how to get user’s sub and email claims.

▋Use it in Controller/Action

 [HttpGet("UserProfile")]
 [Authorize]
 [TypeFilter(typeof(UserProfileFilter))]
 public async Task<IActionResult> UserProfile()
 {
     return this.Ok();
 }

▋Also: Get request’s payload and modify it

We can use ActionArguments to get the payload object of a Http request and modify it before the payload get into the Controller’s Action.

▋UserProfileFilter

 public class UserProfileFilter : Attribute, IAsyncActionFilter
 {
    public async Task OnActionExecutionAsync(ActionExecutingContext context, ActionExecutionDelegate next)
    {
            // ...skip

            MyPayload payload = (MyPayload)context.ActionArguments?.Values.FirstOrDefault(v => v is RequestDto);
            payload.Uid = uid;
            
            await next();
    }
 }

▋Also: Save custom items to HttpContext

Once we what to keep some information on the current request, we can easily save them as HttpContext items and get them later inside Controller’s Action.

▋UserProfileFilter

 public class UserProfileFilter : Attribute, IAsyncActionFilter    
 {
    public async Task OnActionExecutionAsync(ActionExecutingContext context, ActionExecutionDelegate next)
    {
        // ...skip
        string itemName = "UserProfile";
        context.HttpContext.Items.Add(itemName, new { Id = uid, Email = email });
            
        await next();
    }
 }

Now we can get the items as following,

▋Controller

 [HttpGet("UserProfile")]
 [TypeFilter(typeof(UserProfileFilter))]
 public async Task<IActionResult> UserProfile()
 {
     if (this.HttpContext.Items.TryGetValue("UserProfile", out object userProfile))
     {
         this.logger.LogInformation(JsonConvert.SerializeObject(userProfile));
     }
     
     return this.Ok();
 }

▋Source Code

Github: KarateJB/AspNetCore.IdentityServer4.Sample

▌Reference

▋Overwrite request object in ASP .NET Core

karatejb

文章分類

2021年1月23日星期六

[ASP.NET Core] Identity Server 4 - Get authorized user claims

沒有留言:

張貼留言

文章分類

2021年1月23日 星期六

[ASP.NET Core] Identity Server 4 - Get authorized user claims

沒有留言:

張貼留言

2021年1月23日星期六