Jon*_*and 3 action-filter azure-active-directory asp.net-core-mvc openid-connect asp.net-core
我正在尝试将Azure AD身份验证添加到我的ASP.NET 5 MVC 6应用程序,并在GitHub上遵循此示例.如果我把推荐的代码放在一个动作方法中,一切正常:
Context.Response.Challenge(
new AuthenticationProperties { RedirectUri = "/" },
OpenIdConnectAuthenticationDefaults.AuthenticationType);
但是,如果我尝试使用该[Authorize]属性,我会得到一个立即空的401响应.
如何[Authorize]正确地重定向到Azure AD?
我的配置如下:
public void ConfigureServices(IServiceCollection services) {
...
services.Configure<ExternalAuthenticationOptions>(options => {
options.SignInScheme = CookieAuthenticationDefaults.AuthenticationScheme;
});
...
}
public void Configure(IApplicationBuilder app, IHostingEnvironment env, ILoggerFactory loggerFactory) {
...
app.UseCookieAuthentication(options => {
options.AutomaticAuthentication = true;
});
app.UseOpenIdConnectAuthentication(options => {
options.ClientId = Configuration.Get("AzureAd:ClientId");
options.Authority = String.Format(Configuration.Get("AzureAd:AadInstance"), Configuration.Get("AzureAd:Tenant"));
options.RedirectUri = "https://localhost:44300";
options.PostLogoutRedirectUri = Configuration.Get("AzureAd:PostLogoutRedirectUri");
options.Notifications = new OpenIdConnectAuthenticationNotifications {
AuthenticationFailed = OnAuthenticationFailed
};
});
...
}
要在遇到受保护资源时自动将用户重定向到AAD(即捕获401响应时),最好的选择是启用automatic模式:
app.UseOpenIdConnectAuthentication(options => {
options.AutomaticAuthentication = true;
options.ClientId = Configuration.Get("AzureAd:ClientId");
options.Authority = String.Format(Configuration.Get("AzureAd:AadInstance"), Configuration.Get("AzureAd:Tenant"));
options.RedirectUri = "https://localhost:44300";
options.PostLogoutRedirectUri = Configuration.Get("AzureAd:PostLogoutRedirectUri");
options.Notifications = new OpenIdConnectAuthenticationNotifications {
AuthenticationFailed = OnAuthenticationFailed
};
});
| 归档时间: |
|
| 查看次数: |
1420 次 |
| 最近记录: |