asp.net-core - ASP.NET Core 2.0.3 ClaimsTransformer 与 HttpContextAccessor 结合使用，正在清除声明

Question

在我的 Asp.Net Core 应用程序中，我想向我的 ClaimsIdentity 添加自定义声明，以便我可以在应用程序的不同层中访问这些声明。为此，我添加了以下代码

启动

services.AddSingleton<IHttpContextAccessor, HttpContextAccessor>();
        services.AddTransient<IPrincipal>(
            provider => provider.GetService<IHttpContextAccessor>().HttpContext.User);
        services.AddTransient<IClaimsTransformation, ClaimsTransformer>();

claim 变压器

public class ClaimsTransformer : IClaimsTransformation
{
    private readonly IUnitOfWork _unitOfWork;
    private readonly IPrincipal _principal;
    public ClaimsTransformer(IUnitOfWork unitOfWork, IPrincipal principal)
    {
        _unitOfWork = unitOfWork;
        _principal = principal;
    }
    public Task<ClaimsPrincipal> TransformAsync(ClaimsPrincipal principal)
    {
        var currentPrincipal  = (ClaimsIdentity)_principal.Identity;
        var identity = (ClaimsIdentity)principal.Identity;
        if (currentPrincipal.Claims.All(p => p.Type != "UserId"))
        {
            var person = _unitOfWork.PersonRepository.GetPersonBySubjectId(principal.Claims.First(p => p.Type == "sub").Value);
            person.Wait();
            if (person.Result != null)
            {
                currentPrincipal.AddClaim(new Claim("UserId", person.Result.Id.ToString()));
                currentPrincipal.AddClaim(new Claim("TenantId", person.Result.PersonTeams.FirstOrDefault(p => p.Team.TeamType == TeamType.OrganizationTeam)?.Team.OrganizationId.ToString()));
                if (principal.Claims.Any(p => p.Type == "Admin"))
                {
                    currentPrincipal.AddClaim(new Claim("Admin", "True"));
                }
            }
            foreach (var claim in identity.Claims)
            {
                currentPrincipal.AddClaim(claim);
            }
        }
        return Task.FromResult(principal);
    }
}

我不明白的是，当我运行 Claimstransformation 并逐步执行代码时，所有需要的声明都可用，但是当我将 IPrincipal 注入(inject)自定义类时，声明集合是空的，当我不使用时ClaimsTransformation，声明可通过注入(inject)的 IPrincipal 获得。

为了解决这个问题，我将我的 IPrincipal 添加到 ClaimsTransformer 并复制 TransformAsync 输入参数中的声明，并添加 UserId 和 TenantId。
这可行，但我遇到的问题是我不明白为什么在运行 ClaimsTransformer 时会删除声明以及为什么需要添加此 黑客

Answer 1

我在同一个地方。
我不得不删除 IPrincipal DI

启动

services.AddSingleton<IHttpContextAccessor, HttpContextAccessor>();
services.AddTransient<IClaimsTransformation, ClaimsTransformer>();

services.AddAuthentication(IISDefaults.AuthenticationScheme);

services.AddAuthorization(options =>
        {
            options.AddPolicy("SystemAdminOnly", policy => policy.RequireClaim(ClaimTypes.Role, "SystemAdmin"));
        });

claim 变压器

public ClaimsTransformer(IRepository repository, IHttpContextAccessor httpContextAccessor/*, IPrincipal principal*/, IMemoryCache cache)
    {
        _repository = repository;
        _httpContextAccessor = httpContextAccessor;
       // _principal = principal;
        _cache = cache;
    }

public async Task<ClaimsPrincipal> TransformAsync(ClaimsPrincipal principal)
   {
        if (principal.Identity.IsAuthenticated)
        {
            var currentPrincipal = (ClaimsIdentity)principal.Identity;//_principal.Identity;

            var ci = (ClaimsIdentity)principal.Identity;
            var cacheKey = ci.Name;

            if (_cache.TryGetValue(cacheKey, out List<Claim> claims))
            {
                currentPrincipal.AddClaims(claims);
            }
            else
            {
                claims = new List<Claim>();
                var isUserSystemAdmin = await _repository.IsUserAdmin(ci.Name);
                if (isUserSystemAdmin)
                {
                    var c = new Claim(ClaimTypes.Role, "SystemAdmin");
                    claims.Add(c);
                }

                _cache.Set(cacheKey, claims);
                currentPrincipal.AddClaims(claims);
            }

            //foreach (var claim in ci.Claims)
            //{
            //    currentPrincipal.AddClaim(claim);
            //}
        }

        return await Task.FromResult(principal);
    }

它有效!