如何从 /signin-oidc 重定向回我的控制器/操作？

Question

回调地址为 https://localhost:44338/signin-oidc

可以说我在控制器/动作中，用 [Authorize] 装饰

如何从 https://localhost:44338/signin-oidc 重定向回我的控制器/操作？

注意：我正在关注 wiki： 快速入门：将 Microsoft 登录添加到 ASP.NET Core Web 应用程序

Answer 1

您可以将 url 存储在服务器端。例如，基于代码示例：

快速入门：将 Microsoft 登录添加到 ASP.NET Core Web 应用

修改您的 OIDC 配置，例如：

services.AddAuthentication(AzureADDefaults.AuthenticationScheme)
    .AddAzureAD(options => Configuration.Bind("AzureAd", options));

services.Configure<OpenIdConnectOptions>(AzureADDefaults.OpenIdScheme, options =>
{
    options.Authority = options.Authority + "/v2.0/";
    options.Events = new OpenIdConnectEvents
    {
        OnRedirectToIdentityProvider = async n =>
        {
            //save url to state
            n.ProtocolMessage.State = n.HttpContext.Request.Path.Value.ToString();
        },

        OnTokenValidated =  ctx =>
        {
            var url = ctx.ProtocolMessage.GetParameter("state");
            var claims = new List<Claim>
            {
                new Claim("myurl", url)
            };
            var appIdentity = new ClaimsIdentity(claims);

            //add url to claims
            ctx.Principal.AddIdentity(appIdentity);

            return Task.CompletedTask;
        },

        OnTicketReceived = ctx =>
        {
            var url = ctx.Principal.FindFirst("myurl").Value;
            ctx.ReturnUri = url;
            return Task.CompletedTask;
        }



    };
    // Per the code below, this application signs in users in any Work and School
    // accounts and any Microsoft Personal Accounts.
    // If you want to direct Azure AD to restrict the users that can sign-in, change 
    // the tenant value of the appsettings.json file in the following way:
    // - only Work and School accounts => 'organizations'
    // - only Microsoft Personal accounts => 'consumers'
    // - Work and School and Personal accounts => 'common'

    // If you want to restrict the users that can sign-in to only one tenant
    // set the tenant value in the appsettings.json file to the tenant ID of this
    // organization, and set ValidateIssuer below to true.

    // If you want to restrict the users that can sign-in to several organizations
    // Set the tenant value in the appsettings.json file to 'organizations', set
    // ValidateIssuer, above to 'true', and add the issuers you want to accept to the
    // options.TokenValidationParameters.ValidIssuers collection
    options.TokenValidationParameters.ValidateIssuer = false;
});