asp.net - 是否可以将 webform 站点设置为同时使用 windows 身份验证和 azure ad 身份验证
问题描述
是否可以设置一个 webform 站点同时使用 windows 身份验证和 azure ad 身份验证?我们有一个旧的 asp.net 网站。我们在上面使用了 Windows 身份验证。我们添加了通过 Azure AD 对用户进行身份验证的可能性(我们使用了 OWIN)。问题是我们只能设置一种身份验证类型:windows 或 OWIN(azure ad),但我们都需要。在 web.config 我添加:
<authentication mode="Forms">
<forms name="ccs_auth" loginUrl="sso.aspx" protection="All" path="/" timeout="45" cookieless="UseCookies"/>
</authentication>
<location path="sso.aspx">
<system.web>
<authorization>
<allow users="?,*" />
</authorization>
</system.web>
</location>
在 IIS 中,我允许 sso.aspx 页面的“Windows 身份验证”和“表单身份验证”。我的想法是:当用户重定向到 sso.aspx 我从System.Web.HttpContext.Current.Request.ServerVariables["LOGON_USER"]获得登录名,然后在活动目录中检查该名称,然后尝试在我们的数据库。如果未找到用户,则启动 Azure Active Directory 身份验证,如果通过身份验证,我们尝试通过 Azure AD 声明在数据库中查找用户。我在 Startup.cs 中的代码:
public void Configuration(IAppBuilder app)
{
if (useAzureAd)
{
app.SetDefaultSignInAsAuthenticationType("ApplicationCookie");
//app.SetDefaultSignInAsAuthenticationType(CookieAuthenticationDefaults.AuthenticationType);
app.UseCookieAuthentication(new CookieAuthenticationOptions()
{
AuthenticationType = "ApplicationCookie",
LoginPath = new PathString("/sso.aspx"),
CookieSecure = CookieSecureOption.SameAsRequest
});
app.UseOpenIdConnectAuthentication(
new OpenIdConnectAuthenticationOptions
{
// Sets the ClientId, authority, RedirectUri as obtained from web.config
ClientId = clientId,
Authority = authority,
RedirectUri = redirectUri,
// PostLogoutRedirectUri is the page that users will be redirected to after sign-out. In this case, it is using the home page
PostLogoutRedirectUri = redirectUri,
Scope = OpenIdConnectScope.OpenIdProfile,
// ResponseType is set to request the id_token - which contains basic information about the signed-in user
ResponseType = OpenIdConnectResponseType.IdToken,
// ValidateIssuer set to false to allow personal and work accounts from any organization to sign in to your application
// To only allow users from a single organizations, set ValidateIssuer to true and 'tenant' setting in web.config to the tenant name
// To allow users from only a list of specific organizations, set ValidateIssuer to true and use ValidIssuers parameter
TokenValidationParameters = new TokenValidationParameters()
{
ValidateIssuer = false
},
// OpenIdConnectAuthenticationNotifications configures OWIN to send notification of failed authentications to OnAuthenticationFailed method
Notifications = new OpenIdConnectAuthenticationNotifications
{
AuthenticationFailed = OnAuthenticationFailed
}
});
}
}
结果我得到一个例外:
HTTP Error 404.15 - Not Found
The request filtering module is configured to deny a request where the query string is too long.
看起来我的请求是无限重定向到 sso.aspx:
Requested URL
http://localhost:80/AzureAdWebForm/SSO.aspx?ReturnUrl=%2FAzureAdWebForm%2FSSO.aspx%3FReturnUrl%3D%252FAzureAdWebForm%252FSSO.aspx%253FReturnUrl%253D%25252FAzureAdWebForm%25252FSSO.aspx%25253FReturnUrl%25253D%2525252FAzureAdWebForm%2525252FSSO.aspx%2525253FReturnUrl%2525253D%252525252FAzureAdWebForm%252525252FSSO.aspx%252525253FReturnUrl%252525253D%25252525252FAzureAdWebForm%25252525252FSSO.aspx%25252525253FReturnUrl%25252525253D%2525252525252FAzureAdWebForm%2525252525252FSSO.aspx........................
如果我设置 useAzureAd = false,Windows 身份验证工作正常。如果我设置 useAzureAd = true 并 <authentication mode="Forms">从配置中删除 - Azure AD 工作正常
我的错误在哪里?是否可以在 webform 网站中同时使用 Windows 身份验证和 Azure Ad?
解决方案
推荐阅读
- node.js - MongoDB 聚合管道查询
- sql - 如何在 sql 中使用唯一列名过滤结果时获取最新的日期列记录?
- java - 从 url 读取和输入 srt 文件的内容
- python - AttributeError:“元组”对象在 Django 中没有属性“get”
- git - 无法在 ubuntu 14.04 上升级 git
- selenium - RPA Express (WorkFussion) 在第二次迭代中“当前没有打开模式对话框”,在“确定”后单击模式对话框
- java - rabbitmq 消息中添加的额外字符
- javascript - 单击时如何添加/删除属性
- php - 检测 v-pay 和 bancontanct 的信用类型
- python - LSTM 对数值数据给出相同的预测