在发送请求时,确保将所需的声明作为子声明发送到ADFS服务器。可以使用以下代码示例创建ADFS令牌,并为其添加所需的子声明。
private static string GetToken()
{
var authority = "https://adfs.server.com/adfs";
var clientId = "{client-id}";
var clientSecret = "{client-secret}";
var clientCredential = new ClientCredential(clientId, clientSecret);
var authenticationContext = new AuthenticationContext(authority);
var userAssertion = new UserAssertion(token, "urn:ietf:params:oauth:grant-type:jwt-bearer");
var result = await authenticationContext.AcquireTokenAsync("https://resource.server.com", clientCredential, userAssertion);
var handler = new JwtSecurityTokenHandler();
var token = handler.ReadJwtToken(result.AccessToken);
var header = token.Header;
var payload = token.Payload;
var subClaim = payload.First(x => x.Key.Equals("sub")).Value.ToString();
// Add custom claims
var claims = new List
{
new Claim("custom_claim_1", "value_1"),
new Claim("custom_claim_2", "value_2")
};
// Add sub claim
claims.Add(new Claim("sub", subClaim));
var tokenDescriptor = new SecurityTokenDescriptor
{
Subject = new ClaimsIdentity(claims),
SigningCredentials = new SigningCredentials(new SymmetricSecurityKey(Encoding.UTF8.GetBytes(clientSecret)), SecurityAlgorithms.HmacSha256Signature)
};
var securityTokenHandler = new JwtSecurityTokenHandler();
var stoken = securityTokenHandler.CreateToken(tokenDescriptor);
return securityTokenHandler.WriteToken(stoken);
}
下一篇:adfs配置服务器设置