asp.net-mvc - Owin OpenId 回调地址
问题描述
我正在.NET MVC 应用程序中实现 OpenId。我曾使用:https ://docs.microsoft.com/en-us/azure/active-directory/develop/quickstart-v1-aspnet-webapp 作为入门指南。它正在工作,但我有 1 个关于 RedirectUri 和 CallbackPath 的问题。
如果我只使用 RedirectUri,我的应用程序中的回调页面会获得 302 重定向。
如果我使用 CallbackPath 回调页面实际上被击中。
从示例中并不清楚发生了什么?这是来自MS:
“用于处理身份验证回调的可选约束路径。如果未提供且 RedirectUri 可用,则将从 RedirectUri 生成此值。”
我在我的控制器上使用 [Authorize] 属性。
代码 Startup.cs:
public void Configuration(IAppBuilder app)
{
app.SetDefaultSignInAsAuthenticationType(CookieAuthenticationDefaults.AuthenticationType);
app.UseCookieAuthentication(new CookieAuthenticationOptions());
var openIdOptions = new OpenIdConnectAuthenticationOptions
{
// Sets the ClientId, authority, RedirectUri as obtained from web.config
ClientId = ApplicationIdentifier,
Authority = FederationGateway,
RedirectUri = RedirectUrl,
ClientSecret = AppToken,
AuthenticationMode = AuthenticationMode.Active,
//CallbackPath = new PathString("/callback/"),
// PostLogoutRedirectUri is the page that users will be redirected to after sign-out. In this case, it is using the home page
PostLogoutRedirectUri = "~/home/loggedout/",
//Scope is the requested scope: OpenIdConnectScopes.OpenIdProfileis equivalent to the string 'openid profile': in the consent screen, this will result in 'Sign you in and read your profile'
Scope = OpenIdConnectScope.OpenIdProfile,
// ResponseType is set to request the id_token - which contains basic information about the signed-in user
////ResponseType = OpenIdConnectResponseType.IdToken,
ResponseType = OpenIdConnectResponseType.IdTokenToken,
// ValidateIssuer set to false to allow work accounts from any organization to sign in to your application
// To only allow users from a single organizations, set ValidateIssuer to true and 'tenant' setting in web.config to the tenant name or Id (example: contoso.onmicrosoft.com)
// To allow users from only a list of specific organizations, set ValidateIssuer to true and use ValidIssuers parameter
TokenValidationParameters = new TokenValidationParameters()
{
ValidateIssuer = false
},
// OpenIdConnectAuthenticationNotifications configures OWIN to send notification of failed authentications to OnAuthenticationFailed method
Notifications = new OpenIdConnectAuthenticationNotifications
{
AuthenticationFailed = OnAuthenticationFailed,
SecurityTokenValidated = OnSecurityTokenValidated
}
};
app.UseOpenIdConnectAuthentication(openIdOptions);
AntiForgeryConfig.UniqueClaimTypeIdentifier = IdentityNameIdentifier;
}
解决方案
推荐阅读
- python - 如何使用新的 discord.py 版本获取不和谐服务器中所有成员的列表?
- sql - 如何动态创建表?
- c# - 微服务架构如何使用identityserver4进行基于角色的授权?
- python - 为什么我在信息最丰富的功能上全都错了
- python - 如何在scrapy运行之前手动进行身份验证?
- hbase - 数据驻留在 HDFS(HFile) 上时的 HBase 读取性能如何
- react-native - React -native ScrollView 水平滚动冲突
- android - 应用程序关闭时,带有广播接收器的工作管理器不起作用
- c# - 如何修复 RpcException:项目 new-project 不存在或不包含活动的 Cloud Datastore 或 Cloud Firestore 数据库
- kubernetes - 如何定义一些具有特定端口的 Kubernetes Ingress 路由