时间戳

首页 > 解决方案 > Owin OpenId 回调地址

asp.net-mvc - Owin OpenId 回调地址

问题描述

我正在.NET MVC 应用程序中实现 OpenId。我曾使用:https ://docs.microsoft.com/en-us/azure/active-directory/develop/quickstart-v1-aspnet-webapp 作为入门指南。它正在工作,但我有 1 个关于 RedirectUri 和 CallbackPath 的问题。

如果我只使用 RedirectUri,我的应用程序中的回调页面会获得 302 重定向。

如果我使用 CallbackPath 回调页面实际上被击中。

从示例中并不清楚发生了什么?这是来自MS:

“用于处理身份验证回调的可选约束路径。如果未提供且 RedirectUri 可用,则将从 RedirectUri 生成此值。”

我在我的控制器上使用 [Authorize] 属性。

代码 Startup.cs:

    public void Configuration(IAppBuilder app)
    {
        app.SetDefaultSignInAsAuthenticationType(CookieAuthenticationDefaults.AuthenticationType);
        app.UseCookieAuthentication(new CookieAuthenticationOptions());

        var openIdOptions = new OpenIdConnectAuthenticationOptions
        {
            // Sets the ClientId, authority, RedirectUri as obtained from web.config
            ClientId = ApplicationIdentifier,
            Authority = FederationGateway,
            RedirectUri = RedirectUrl,
            ClientSecret = AppToken,
            AuthenticationMode = AuthenticationMode.Active,
            //CallbackPath = new PathString("/callback/"),

            // PostLogoutRedirectUri is the page that users will be redirected to after sign-out. In this case, it is using the home page
            PostLogoutRedirectUri = "~/home/loggedout/",

            //Scope is the requested scope: OpenIdConnectScopes.OpenIdProfileis equivalent to the string 'openid profile': in the consent screen, this will result in 'Sign you in and read your profile'
            Scope = OpenIdConnectScope.OpenIdProfile,

            // ResponseType is set to request the id_token - which contains basic information about the signed-in user
            ////ResponseType = OpenIdConnectResponseType.IdToken,
            ResponseType = OpenIdConnectResponseType.IdTokenToken,
            // ValidateIssuer set to false to allow work accounts from any organization to sign in to your application
            // To only allow users from a single organizations, set ValidateIssuer to true and 'tenant' setting in web.config to the tenant name or Id (example: contoso.onmicrosoft.com)
            // To allow users from only a list of specific organizations, set ValidateIssuer to true and use ValidIssuers parameter
            TokenValidationParameters = new TokenValidationParameters()
            {
                ValidateIssuer = false
            },

            // OpenIdConnectAuthenticationNotifications configures OWIN to send notification of failed authentications to OnAuthenticationFailed method
            Notifications = new OpenIdConnectAuthenticationNotifications
            {
                AuthenticationFailed = OnAuthenticationFailed,
                SecurityTokenValidated = OnSecurityTokenValidated
            }
        };

        app.UseOpenIdConnectAuthentication(openIdOptions);

        AntiForgeryConfig.UniqueClaimTypeIdentifier = IdentityNameIdentifier;
    }

标签: asp.net-mvcowinopenid

解决方案

推荐阅读