The logical place to do this would be right after the user has successfully signed in. This would occur in the AccountController
login action:
public async Task<ActionResult> Login(LoginViewModel model, string returnUrl)
{
if (!ModelState.IsValid) { return View(model); }
var result = await SignInManager.PasswordSignInAsync(model.Email, model.Password, model.RememberMe, shouldLockout: false);
switch (result)
{
case SignInStatus.Success:
// Transform here
var freshClaims = new List<Claim>
{
new Claim(ClaimTypes.Email, model.Email),
new Claim(ClaimTypes.Locality, "Earth (Milky Way)"),
new Claim(ClaimTypes.Role, "Trooper"),
new Claim(ClaimTypes.SerialNumber, "555666777")
};
AuthenticationManager.AuthenticationResponseGrant.Identity.AddClaims(freshClaims);
return RedirectToLocal(returnUrl);
I use DI to inject AuthenticationManager
into AccountControllers
constructor and set it up as a property of AccountController
. If you don't do this then you can just get it off the OWIN
context:
var authManager = HttpContext.Current.GetOwinContext().Authentication;
authManager.AuthenticationResponseGrant.Identity.AddClaims(freshClaims);
与恶龙缠斗过久,自身亦成为恶龙;凝视深渊过久,深渊将回以凝视…