The types of user information obtained by claims principal of different APIs in identityserver4 are inconsistent

Time:2021-1-8

Identityserver4 used in the microservice project, when adding authentication to each API, we can see the following two ways: one is the original way, the other is the encapsulated way of identityserver4, mainly because there are differences when obtaining user information according to the token.

The type of claim when getting user ID is http://schemas.xmlsoap.org/ws/2005/05/identity/claims/nameidentifier , corresponding System.Security.Claims Next ClaimTypes.NameIdentifier

Writing method 2: the type of claim when obtaining the user ID is sub, which corresponds to the type under identitymodel JwtClaimTypes.Subject

If your method of obtaining user information is not public in the project, you can write it separately, and each API writes its own method of obtaining user information; if your method of obtaining user information is public in the project, you need to unify the authentication writing method, otherwise there will be a problem, and I have a problem.

Because the authentication methods used are different, the corresponding parsing results are different, and then some APIs report errors.

 

string IdentityUrl= Configuration["IdentityUrl"];
       //Writing method 1
            //services.AddAuthentication("Bearer")
            //     .AddJwtBearer("Bearer", options =>
            //     {
            //         options.Authority = IdentityUrl;
            //         options.RequireHttpsMetadata = false;
            //         options.Audience = "orderapi";
            //     });
            //If the structure is consistent in the microservice, either multiple API services use the above structure or use the following structure in a unified way. If the structure is inconsistent, the resolution of claims principal will be inconsistent // writing method 2
            services.AddAuthentication(options =>
            {
                options.DefaultScheme = IdentityServerAuthenticationDefaults.AuthenticationScheme;
                options.DefaultAuthenticateScheme = IdentityServerAuthenticationDefaults.AuthenticationScheme;
                options.DefaultChallengeScheme = IdentityServerAuthenticationDefaults.AuthenticationScheme;
                options.DefaultSignInScheme = IdentityServerAuthenticationDefaults.AuthenticationScheme;
                options.DefaultForbidScheme = IdentityServerAuthenticationDefaults.AuthenticationScheme;
            })
            .AddIdentityServerAuthentication(options =>
            {
                options.Authority = IdentityUrl;
                options.ApiName = "orderapi";
                options.RequireHttpsMetadata = false;
            });

 

This is how I get the user ID

 

public static int GetUserId(ClaimsPrincipal User)
        {
            
            var claim = User.Claims.Where(a => a.Type == JwtClaimTypes.Subject).FirstOrDefault();
            return Convert.ToInt32(claim.Value);
        }

 

Recommended Today

Two methods of image compression and compression to specified size in IOS development

///Compressed picture + (NSData *)imageCompressToData:(UIImage *)image{ NSData *data=UIImageJPEGRepresentation(image, 1.0); if (data.length>300*1024) { if ( data.length >1024 * 1024) {// 1m and above data=UIImageJPEGRepresentation(image, 0.1); }else if (data.length>512*1024) {//0.5M-1M data=UIImageJPEGRepresentation(image, 0.5); }else if (data.length>300*1024) {//0.25M-0.5M data=UIImageJPEGRepresentation(image, 0.9); } } return data; } PS: let’s take a look at the image compression in IOS to the specified […]