个人中心
文章发布
退出
作者热门文章
- html - 出于某种原因,IE8 对我的 Sass 文件中继承的 html5 CSS 不友好?
- JMeter 在响应断言中使用 span 标签的问题
- html - 在 :hover and :active? 上具有不同效果的 CSS 动画
- html - 相对于居中的 html 内容固定的 CSS 重复背景?
24
4
Net Core 2.0 和 Azure AD (V2) 中的 AddOpenIdConnect 存在一些问题。在挑战之后,在 Azure AD 中输入凭据并返回到我的应用程序后,身份验证处理程序似乎将我重定向到发起挑战的原始方法,而不是定义的回调方法。
但是,httpcontext.user 填充了一个声明标识,其中包含正确的声明。
为了这篇文章的目的,代码被简化了。
启动看起来像:
services.AddAuthentication(o =>
{
o.DefaultChallengeScheme = "aad";
o.DefaultSignInScheme = CookieAuthenticationDefaults.AuthenticationScheme;
o.DefaultAuthenticateScheme = CookieAuthenticationDefaults.AuthenticationScheme;
})
.AddJwtBearer(JwtBearerDefaults.AuthenticationScheme, o =>
{
if (!Environment.IsProduction())
{
o.RequireHttpsMetadata = false;
}
o.Authority = Configuration.GetValue<string>("Authentication:Authority");
o.Audience = Constants.Audiences.Self;
o.TokenValidationParameters = new TokenValidationParameters
{
NameClaimType = OpenIdConnectConstants.Claims.Subject,
RoleClaimType = OpenIdConnectConstants.Claims.Role,
IssuerSigningKey =
new X509SecurityKey(
GetSigningCertificate(Configuration.GetValue<string>("Certificates:Signing")))
};
})
.AddCookie()
.AddOpenIdConnect("aad", o =>
{
if (!Environment.IsProduction())
{
o.RequireHttpsMetadata = false;
}
o.Authority = "https://login.microsoftonline.com/{tenantID}/v2.0";
o.AuthenticationMethod = OpenIdConnectRedirectBehavior.RedirectGet;
o.ClientId = "[clientid]";
o.ClientSecret = "[clientsecret]";
o.ResponseMode = "form_post";
o.ResponseType = "id_token";
o.CallbackPath = new PathString("/api/connect/microsoftcallback2");
o.TokenValidationParameters = new TokenValidationParameters
{
ValidIssuer = "https://login.microsoftonline.com/{tenantID}/v2.0"
};
});
[AllowAnonymous]
[HttpGet("authorize", Name = "authorize")]
public async Task<IActionResult> ChallengeTemp()
{
return Challenge("aad");
}
Microsoft.AspNetCore.Hosting.Internal.WebHost:Information: Request starting HTTP/1.1 POST https://localhost:44301/api/connect/microsoftcallback2 application/x-www-form-urlencoded 1771 Microsoft.AspNetCore.Hosting.Internal.WebHost:Information: Request starting HTTP/1.1 POST https://localhost:44301/api/connect/microsoftcallback2 application/x-www-form-urlencoded 1771 Microsoft.AspNetCore.Authentication.OpenIdConnect.OpenIdConnectHandler:Trace: Entering Microsoft.AspNetCore.Authentication.OpenIdConnect.OpenIdConnectHandler's HandleRemoteAuthenticateAsync. Microsoft.AspNetCore.Authentication.OpenIdConnect.OpenIdConnectHandler:Trace: Entering Microsoft.AspNetCore.Authentication.OpenIdConnect.OpenIdConnectHandler's HandleRemoteAuthenticateAsync. Microsoft.AspNetCore.Server.Kestrel:Debug: Connection id "0HLC9LOBLM019", Request id "0HLC9LOBLM019:00000004": started reading request body. Microsoft.AspNetCore.Server.Kestrel:Debug: Connection id "0HLC9LOBLM019", Request id "0HLC9LOBLM019:00000004": started reading request body. Microsoft.AspNetCore.Server.Kestrel:Debug: Connection id "0HLC9LOBLM019", Request id "0HLC9LOBLM019:00000004": done reading request body. Microsoft.AspNetCore.Server.Kestrel:Debug: Connection id "0HLC9LOBLM019", Request id "0HLC9LOBLM019:00000004": done reading request body. Microsoft.AspNetCore.DataProtection.KeyManagement.KeyRingBasedDataProtector:Trace: Performing unprotect operation to key {keyremoved} with purposes ('workspace', 'Microsoft.AspNetCore.Authentication.OpenIdConnect.OpenIdConnectHandler', 'aad', 'v1'). Microsoft.AspNetCore.DataProtection.KeyManagement.KeyRingBasedDataProtector:Trace: Performing unprotect operation to key {keyremoved} with purposes ('workspace', 'Microsoft.AspNetCore.Authentication.OpenIdConnect.OpenIdConnectHandler', 'aad', 'v1'). Microsoft.AspNetCore.Authentication.OpenIdConnect.OpenIdConnectHandler:Trace: MessageReceived: '?id_token={keyremoved}'. Microsoft.AspNetCore.Authentication.OpenIdConnect.OpenIdConnectHandler:Trace: MessageReceived: '?id_token={keyremoved}'. Microsoft.AspNetCore.Authentication.OpenIdConnect.OpenIdConnectHandler:Debug: Updating configuration Microsoft.AspNetCore.Authentication.OpenIdConnect.OpenIdConnectHandler:Debug: Updating configuration Microsoft.AspNetCore.Authentication.OpenIdConnect.OpenIdConnectHandler:Debug: Received 'id_token' Microsoft.AspNetCore.Authentication.OpenIdConnect.OpenIdConnectHandler:Debug: Received 'id_token' Microsoft.AspNetCore.DataProtection.KeyManagement.KeyRingBasedDataProtector:Trace: Performing unprotect operation to key {keyremoved} with purposes ('workspace', 'Microsoft.AspNetCore.Authentication.OpenIdConnect.OpenIdConnectHandler', 'System.String', 'aad', 'v1'). Microsoft.AspNetCore.DataProtection.KeyManagement.KeyRingBasedDataProtector:Trace: Performing unprotect operation to key {keyremoved} with purposes ('workspace', 'Microsoft.AspNetCore.Authentication.OpenIdConnect.OpenIdConnectHandler', 'System.String', 'aad', 'v1'). Microsoft.AspNetCore.DataProtection.KeyManagement.KeyRingBasedDataProtector:Trace: Performing protect operation to key {keyremoved} with purposes ('workspace', 'Microsoft.AspNetCore.Authentication.Cookies.CookieAuthenticationMiddleware', 'Cookies', 'v2'). Microsoft.AspNetCore.DataProtection.KeyManagement.KeyRingBasedDataProtector:Trace: Performing protect operation to key {keyremoved} with purposes ('workspace', 'Microsoft.AspNetCore.Authentication.Cookies.CookieAuthenticationMiddleware', 'Cookies', 'v2'). Microsoft.AspNetCore.Authentication.Cookies.CookieAuthenticationHandler:Information: AuthenticationScheme: Cookies signed in. Microsoft.AspNetCore.Authentication.Cookies.CookieAuthenticationHandler:Information: AuthenticationScheme: Cookies signed in. Microsoft.AspNetCore.Server.Kestrel:Debug: Connection id "0HLC9LOBLM019" completed keep alive response. Microsoft.AspNetCore.Server.Kestrel:Debug: Connection id "0HLC9LOBLM019" completed keep alive response. Microsoft.AspNetCore.Hosting.Internal.WebHost:Information: Request finished in 129.6921ms 302 Microsoft.AspNetCore.Hosting.Internal.WebHost:Information: Request finished in 129.6921ms 302 Microsoft.AspNetCore.Hosting.Internal.WebHost:Information: Request starting HTTP/1.1 GET https://localhost:44301/api/connect/authorize
Microsoft.AspNetCore.Hosting.Internal.WebHost:Information: Request starting HTTP/1.1 GET https://localhost:44301/api/connect/authorize
Microsoft.AspNetCore.DataProtection.KeyManagement.KeyRingBasedDataProtector:Trace: Performing unprotect operation to key {keyremoved} with purposes ('workspace', 'Microsoft.AspNetCore.Authentication.Cookies.CookieAuthenticationMiddleware', 'Cookies', 'v2'). Microsoft.AspNetCore.DataProtection.KeyManagement.KeyRingBasedDataProtector:Trace: Performing unprotect operation to key {keyremoved} with purposes ('workspace', 'Microsoft.AspNetCore.Authentication.Cookies.CookieAuthenticationMiddleware', 'Cookies', 'v2'). Microsoft.AspNetCore.Authentication.Cookies.CookieAuthenticationHandler:Information: AuthenticationScheme: Cookies was successfully authenticated. Microsoft.AspNetCore.Authentication.Cookies.CookieAuthenticationHandler:Information: AuthenticationScheme: Cookies was successfully authenticated. Microsoft.AspNetCore.Routing.Tree.TreeRouter:Debug: Request successfully matched the route with name 'authorize' and template 'api/connect/authorize'. Microsoft.AspNetCore.Routing.Tree.TreeRouter:Debug: Request successfully matched the route with name 'authorize' and template 'api/connect/authorize'.
最佳答案
如果你仔细查看你的日志,你会发现它是这样写的:
Request starting HTTP/1.1 POST https://localhost:44301/api/connect/microsoftcallback2
o.ResponseMode = "form_post";
return Challenge(new AuthenticationProperties
{
RedirectUri = "/"
}, "aad");
关于azure-active-directory - 使用 Azure AD V2 添加 OpenIdConnect,我们在Stack Overflow上找到一个类似的问题: https://stackoverflow.com/questions/49280348/
24
4
0
我正在 ASP.Net MVC C# 中开发一个依赖方,它应该在外部身份提供者中进行身份验证,我正在使用 Microsoft 的 owin 库。我遇到的问题是 Idp 没有公开元数据端点,即使我没有在
在过去的几天里,我一直在阅读有关 OAuth2 和 OpenIDConnect 的所有规范,并使用 Thinktecture Identity Server 实现了一个测试客户端。我还学习了几门复数类
在使用混合或授权代码流获取访问 token 以使其远离浏览器后,在(ASP.NET Core)OpenIdConnect 中间件中使用 SaveTokens = true 以便它们再次出现在浏览器中似
我已经使用 OpenIdConnect 通过 Azure AD 设置了一个 .NET Core 2.0 Web 应用(例如: https://github.com/Azure-Samples/acti
我已经使用 OpenIdConnect 通过 Azure AD 设置了一个 .NET Core 2.0 Web 应用(例如: https://github.com/Azure-Samples/acti
我在 ASP.NET Core 2.0 应用程序中使用 OpenIdConnectMiddleware,使用 Auth0 作为身份验证。 我关注了this guide通过Auth0实现认证,可以成功登
我有一个使用 Keycloak 注册的外部 openidconnect 身份提供商。当客户端应用程序尝试访问 protected 资源时,它会被重定向到 KeyCloak 登录页面。在登录页面上,我启
我正在尝试使用 couchbase DB 并使用授权代码流程为其设置身份验证。我按照此 link 中的步骤操作.我相应地准备了 ConfigJson。使用 Pods 我为 ios 安装了 Couchb
在 ASP.NET MVC 应用程序中,我正在尝试针对外部 OIDC 服务实现身份验证。对于我的测试,我使用 IdentityServer3 ( https://identityserver.gith
我在将 ASP.NET CORE 5.0 Web 应用程序与 OKTA 集成时遇到问题。我的公司需要将所有 Web 应用程序与 OKTA 集成。我写的这个应用程序作为 Linux 容器托管在 Farg
我试图实现 Multi-Tenancy 身份验证(我正在学习),到目前为止,我已经成功地在单租户中实现了我的应用程序的身份验证。 我用于单个租户的代码是 public void ConfigureA
我有一个 RP 没有明确要求您登录的情况。但是,我查看了 Open ID Connect 的 session 管理规范,更具体地说是 check_session_iframe端点规范草案here 我想
我想使用 对最终用户进行身份验证智威汤逊由 OpenId 提供连接提供程序,如 keycloak 或 auth0..etc 在 中istio 服务网格。但我可能无法成功集成它,因为我是 JWT aut
我们有多个租户,他们使用不同的权限(他们自己的,而不仅仅是标准提供商)。虽然我知道如何动态设置 clientId 和 secret,但我不知道如何设置权限。它在启动期间设置一次,之后无法更改(或者看起
目前,我在将 MVC 应用程序从 beta 3 迁移到 4 时遇到了多个问题 - 其中之一与 OpenIdConnect 到 Windows Azure 进行身份验证有关。当我转到具有授权属性的页面时
我有一个使用 ASP.NET Identity 运行的 IdentityServer4 应用程序。我想使用它,以便其他应用程序的用户可以通过我的远程身份服务器登录。 我已使用以下设置在身份服务器中配置
我正在尝试使用 OWIN Open ID Connect 中间件将我的 ASP.NET 应用程序的身份验证外包给 Azure Active Directory。应用程序在访问需要授权的页面时成功重定向
在 .Net 上,当我创建一个 Open ID 连接身份验证选项时,我有一个属性来设置 RedirectUri,这甚至按照文档中的建议定义,但 AspNetCore 上不存在这样的属性,它会自动设置为
普通 OpenIDConnect 服务器的工作方式如下: 你去 a.com/secure-resource 你从服务器得到一个302 您的浏览器处理它并将您发送到身份服务器 你在那里登录 它通过 PO
我不知道该使用哪个包: Microsoft.AspNet.Authentication.OpenIdConnect "1.0.0-beta4" Microsoft.AspNet.Security.Op
我是一名优秀的程序员,十分优秀!