Vol*_*der 8 azure-active-directory openid-connect asp.net-core
我在ASP.NET Core中遇到了一些身份验证管道问题.我的方案是我想向已经使用OpenID Connect和Azure AD进行身份验证的用户发出挑战.您可以在多种情况下执行此操作,例如在AAD v2端点方案中请求其他范围时.
这类似于ASP.NET MVC中的魅力,但在ASP.NET Core MVC中,用户被重定向到cookie身份验证中间件中配置的Access Denied页面.(当用户未登录时,发出挑战按预期工作.)
在网上搜索并为我的中间件选项尝试不同的参数几个小时后,我开始怀疑我要么缺少明显的东西,要么这种行为是设计的,我需要以其他方式解决我的要求.有人对此有任何想法吗?
编辑:我的Startup.cs的相关部分如下所示:
public void ConfigureServices(IServiceCollection services)
{
services.AddMvc();
services.AddAuthentication(
SharedOptions => SharedOptions.SignInScheme = CookieAuthenticationDefaults.AuthenticationScheme);
}
public void Configure(IApplicationBuilder app, IHostingEnvironment env, ILoggerFactory loggerFactory)
{
// <snip...>
app.UseCookieAuthentication(new CookieAuthenticationOptions { AuthenticationScheme = CookieAuthenticationDefaults.AuthenticationScheme });
var options = new OpenIdConnectOptions
{
AuthenticationScheme = OpenIdConnectDefaults.AuthenticationScheme,
ClientId = ClientId,
Authority = Authority,
CallbackPath = Configuration["Authentication:AzureAd:CallbackPath"],
ResponseType = OpenIdConnectResponseType.CodeIdToken,
PostLogoutRedirectUri = "https://localhost:44374/",
TokenValidationParameters = new Microsoft.IdentityModel.Tokens.TokenValidationParameters
{
ValidateIssuer = false
}
};
options.Scope.Add("email");
options.Scope.Add("offline_access");
app.UseOpenIdConnectAuthentication(options);
}
Action看起来像这样:
public void RefreshSession()
{
HttpContext.Authentication.ChallengeAsync(OpenIdConnectDefaults.AuthenticationScheme, new AuthenticationProperties { RedirectUri = "/" });
}
Try to sign out:
public void RefreshSession()
{
HttpContext.Authentication.SignOutAsync(CookieAuthenticationDefaults.AuthenticationScheme);
HttpContext.Authentication.SignOutAsync(OpenIdConnectDefaults.AuthenticationScheme);
HttpContext.Authentication.ChallengeAsync(OpenIdConnectDefaults.AuthenticationScheme, new AuthenticationProperties { RedirectUri = "/" });
}
| 归档时间: |
|
| 查看次数: |
1874 次 |
| 最近记录: |