c# - MVC5 ADFS 未经过身份验证
问题描述
我在 ADFS UseOpenIdConnectAuthentication 中苦苦挣扎了一个多星期。这令人沮丧。
这是我的 Startup.Auth.cs 代码。变量“dero”为假 => 未通过身份验证。为什么?
using System;
using System.Configuration;
using System.Net.Http;
using System.Web;
using IdentityModel.Client;
using Microsoft.AspNet.Identity;
using Microsoft.IdentityModel.Clients.ActiveDirectory;
using Microsoft.Owin.Security;
using Microsoft.Owin.Security.OpenIdConnect;
using Owin;
namespace Intel.Web
{
public partial class Startup
{
private readonly string authority = ConfigurationManager.AppSettings["auth:Authority"];
private readonly string clientId = ConfigurationManager.AppSettings["auth:ClientId"];
private readonly string clientSecret = ConfigurationManager.AppSettings["auth:ClientSecret"];
private readonly string metadataAddress = ConfigurationManager.AppSettings["auth:MetadataAddress"];
private readonly string postLogoutRedirectUri = ConfigurationManager.AppSettings["auth:PostLogoutRedirectUri"];
private readonly string redirectUri = ConfigurationManager.AppSettings["auth:RedirectUri"];
private readonly string tokenEndpoint = ConfigurationManager.AppSettings["auth:TokenEndpoint"];
private readonly string userInfoEndpoint = ConfigurationManager.AppSettings["auth:UserInfoEndpoint"];
public void ConfigureAuth(IAppBuilder app)
{
app.SetDefaultSignInAsAuthenticationType(DefaultAuthenticationTypes.ApplicationCookie);
app.UseOpenIdConnectAuthentication(new OpenIdConnectAuthenticationOptions
{
ClientId = this.clientId,
Authority = this.authority,
MetadataAddress = this.metadataAddress,
ResponseType = "code id_token",
RedirectUri = this.redirectUri,
PostLogoutRedirectUri = this.postLogoutRedirectUri,
ClientSecret = this.clientSecret,
// AuthenticationMode = AuthenticationMode.Passive,
Notifications = new OpenIdConnectAuthenticationNotifications
{
AuthorizationCodeReceived = async n =>
{
var authContext = new AuthenticationContext("https://dev.adfs.myServer.com/adfs/", false);
var result = await authContext.AcquireTokenByAuthorizationCodeAsync(n.ProtocolMessage.Code,
new Uri(this.redirectUri), new ClientCredential(this.clientId, this.clientSecret));
var userInfoReq = new UserInfoRequest
{
Address = this.userInfoEndpoint,
Token = result.AccessToken
};
var client = new HttpClient();
var response = await client.GetUserInfoAsync(userInfoReq);
if (response.IsError) throw new Exception("Invalid access token");
n.AuthenticationTicket.Identity.AddClaims(response.Claims);
var dero = HttpContext.Current.User.Identity.IsAuthenticated;
//FormsAuthentication.SetAuthCookie("userName unic gen", false);
HttpContext.Current.GetOwinContext().Authentication.Challenge(new AuthenticationProperties { RedirectUri = "/FOGWeb" }, OpenIdConnectAuthenticationDefaults.AuthenticationType);
dero = HttpContext.Current.User.Identity.IsAuthenticated;
}
}
});
}
}
}
解决方案
推荐阅读
- javascript - 有没有办法用 Javascript 解构压缩多个条件语句?
- angular - 如何使用 angular observables 在重复的时间间隔内从 API 检索数据
- actions-on-google - 请求和存储用户的电话号码
- r - 无法在 R 中并行化具有多个参数的函数
- sql-server - 带有多个 SELECT 语句的 SSRS 报告非常慢
- postgresql - /var/lib/postgresql/data 尽管有明确的插入和更新行,但 docker 中时间刻度的盲挂载文件夹数据不会更新
- css - Bootstrap cols 比内容短
- php - npm run dev 的一些问题
- python - Python数据框连接选择不存在的地方
- c++ - 如何解决glm标签重新定义错误