vb.net 如何从本地 ADFS 声明中获取用户组
声明:本页面是StackOverFlow热门问题的中英对照翻译,遵循CC BY-SA 4.0协议,如果您需要使用它,必须同样遵循CC BY-SA许可,注明原文地址和作者信息,同时你必须将它归于原作者(不是我):StackOverFlow
原文地址: http://stackoverflow.com/questions/24610956/
Warning: these are provided under cc-by-sa 4.0 license. You are free to use/share it, But you must attribute it to the original authors (not me):
StackOverFlow
How to get user groups from on-premise ADFS claims
提问by CodAri
I have followed this article to build demo app with on-premise ADFS federation.
我已经按照本文使用本地 ADFS 联合构建演示应用程序。
I am able to get needed information for user using simple code
我能够使用简单的代码为用户获取所需的信息
Dim UserEmail = System.Security.Claims.ClaimsPrincipal.Current.FindFirst(System.IdentityModel.Claims.ClaimTypes.Email).Value
But how I can get user groups where the username belongs and check if user account is member of Windows group in Active Directory?
但是如何获取用户名所属的用户组并检查用户帐户是否是 Active Directory 中 Windows 组的成员?
I have tried to use System.Security.Claims.ClaimsPrincipal.Current.IsInRoleto check if user is in group, but it won't work
我试图用来System.Security.Claims.ClaimsPrincipal.Current.IsInRole检查用户是否在组中,但它不起作用
回答by nzpcmad
In ADFS claims rules, you need to configure a rule "Send LDAP Attributes as Claims" / "Token Groups - Unqualified Names" and map to "Role" as the "Outgoing Claim Type".
在 ADFS 声明规则中,您需要配置规则“将 LDAP 属性作为声明发送”/“令牌组 - 不合格名称”并映射到“角色”作为“传出声明类型”。
ADFS then provides all the security groups the user is memberOf in Role format and WIF maps them to the IsInRole construct.
ADFS 然后以 Role 格式提供用户所属的所有安全组,WIF 将它们映射到 IsInRole 结构。
回答by tchusami
With this is enough.
有了这个就够了。
ClaimsPrincipal.Current.AddIdentity(new ClaimsIdentity());
ViewBag.Name = ClaimsPrincipal.Current.FindFirst(ClaimTypes.Email).Value;
:)
:)
