gpt4 book ai didi

具有 OpenId 身份验证的 ASP.NET : redirect to url if not authorized

转载 作者:行者123 更新时间:2023-12-01 21:26:38 24 4
gpt4 key购买 nike

我正在尝试编写一个使用混合身份验证方案的 ASP.NET 应用程序。用户可以将其用户名和密码哈希存储在 UserStore 中,也可以通过 Azure Active Directory 进行身份验证。

我已经创建了如图所示的登录表单。它具有标准的用户名密码输入,而且还有一个“通过Active Directory登录”按钮。

enter image description here

这很有效。

现在解决问题:应用程序的主页具有 [Authorize] 属性。

public class DefaultController : Controller
{
[Authorize]
public ViewResult Index()
{
// Implementation
}
}

如果用户未登录,我希望它重定向到页面帐户/登录,允许用户选择身份验证方法。

IAppBuilder.UseOpenIdConnectAuthentication 添加到管道设置后,它不再重定向到该页面。相反,它会直接进入 Microsoft 登录页面。

如何配置它,以便 OpenID 身份验证成为系统的一部分,但允许我指定在用户未经身份验证时如何执行重定向?

这是我设置管道的代码:

appBuilder.SetDefaultSignInAsAuthticationType(CookieAuthenticationDefaults.AuthenticationType_;
var cookieAuthenticationOptions = new CookieAuthenticationOptions
{
AuthenticationType = DefaultAuthenticationType.ApplicationCookie,
LoginPath = new Microsoft.Owin.PathString("/Account/Login"),
Provider = new Security.CookieAuthenticationProvider()
};
appBuilder.UseCookieAuthentication(cookieAuthenticationOptions);
// Now the OpenId authentication
var notificationHandlers = new OpenIdConnectAuthenticationNotificationHandlers
{
AuthorizationCodeReceived = async(context) => {
var jwtSecurityToken = context.JwtSecurityToken;
// I've written a static method to convert the claims
// to a user
var user = await GetOrCreateUser(context.OwinContext, jwtSecurityToken.Claims);
var signInManager = context.OwinContext.Get<SignInManager>();
await signInManager.SignInAsync(user, true, false);
}
}
var openIdOptions = new OpenIdConnectAuthenticationOptions
{
ClientId = "xxxxxxxx-xxxx-xxxx-xxxx-xxxxxxxx",
Authority = "https://login.microsoftonline.com/xxxxx.onmicrosoft.com",
PostLogoutRedirectUri = "https://localhost:52538/Account/Login",
Notifications = notifcationHandlers
}
appBuilder.UseOpenIdConnectAuthentication(openIdOptions);

当您点击“Active Directory 登录”时,它会发布到“Account/SignInWithOpenId”

public ActionResult SignInWithOpenId()
{
// Send an OpenID Connect sign-in request.
if (!Request.IsAuthenticated)
{
var authenticationProperties = new AuthenticationProperties
{
RedirectUri = "/"
};
HttpContext.GetOwinContext().Authentication.Challenge
(
authenticationProperties,
OpenIdConnectAuthenticationDefaults.AuthenticationType
);
return new EmptyResult();
}
else
{
return RedirectToAction("Index", "Default");
}
}

最佳答案

IAppBuilder.UseOpenIdConnectAuthentication(...) 的调用会将 Owin 中间件组件放入管道中。当 ASP.NET MVC 返回 401(未经授权)的 HttpResponse 时,Owin Middleware 组件会检测到此情况并将其更改为 Http Redirect(代码 302),并且重定向路径指向 Open Id 提供程序。

但是有一种方法可以解决这个问题:在中间件组件执行重定向之前,它会调用回调RedirectToIdentityProvider。从这里,您可以覆盖此重定向。

这是我的代码,它会覆盖重定向,除非它来自请求路径 Account/SignInWithOpenId

var notificationHandlers = new OpenIdConnectAuthenticationNotifications
{
AuthorizationCodeReceived = async(context) => {
// Sign in the user here
},
RedirectToIdentityProvider = (context) => {
if(context.OwinContext.Request.Path.Value != "/Account/SignInWithOpenId")
{
context.OwinContext.Response.Redirect("/Account/Login");
context.HandleResponse();
}
return Task.FromResult(0);
}
}
var openIdOptions = new OpenIdConnectAuthenticationOptions
{
ClientId = "xxxxxxxx-xxxx-xxxx-xxxx-xxxxxxxx",
Authority = "https://login.microsoftonline.com/xxxxx.onmicrosoft.com",
PostLogoutRedirectUri = "https://localhost:52538/Account/Login",
Notifications = notifcationHandlers
}
appBuilder.UseOpenIdConnectAuthentication(openIdOptions);

关于具有 OpenId 身份验证的 ASP.NET : redirect to url if not authorized,我们在Stack Overflow上找到一个类似的问题: https://stackoverflow.com/questions/43599918/

24 4 0
Copyright 2021 - 2024 cfsdn All Rights Reserved 蜀ICP备2022000587号
广告合作:1813099741@qq.com 6ren.com