个人中心
gpt4 book ai didi

asp.net-mvc - Azure 身份验证与 OAuth 身份验证结合使用

转载 作者:行者123 更新时间:2023-12-02 04:52:02 26 4
gpt4 key购买 nike

我必须找到问题的解决方案。所以我正在开发网站,并且我被身份验证困住了。首先,我们使用 Azure Active Directory 进行用户存储。所以我找到了WebApp-WebAPI-OpenIDConnect-DotNet ,并使其满足我的需求。到目前为止效果很好。但现在我还必须实现外部登录(facebook、twitter 等),所以我在处理此任务时注释掉了所有以前的工作。我必须重写一些 UserManager 和 UserStore 类,但让它可以工作。我可以用 Facebook 登录。但现在,当我需要将这两个登录名连接在一起时,它们不起作用。看来,他们是在框架内制造冲突。 Facebook 登录需要 app.UseExternalSignInCookie(DefaultAuthenticationTypes.ExternalCookie);,但当我打开此功能时,azure 登录就停止工作。如果我注释掉这一点,azure 登录可以工作,而 facebook 则不行。有人能给我一些帮助来解决这个问题吗?我将提供我的 Startup.Auth.cs

using System;
using Owin;
using Microsoft.Owin.Security;
using Microsoft.Owin.Security.Cookies;
using Microsoft.Owin.Security.OpenIdConnect;
using System.Configuration;
using System.Globalization;
using Microsoft.AspNet.Identity;
using Microsoft.Owin;
using Microsoft.AspNet.Identity.Owin;
using ClearRoadmapWeb.LoginProviderHelpers;
using Microsoft.Owin.Security.Facebook;
using System.Collections.Generic;

namespace ClearRoadmapWeb
{
    public partial class Startup
    {
        private static string clientId = ConfigurationManager.AppSettings["ida:ClientId"];
        private static string aadInstance = ConfigurationManager.AppSettings["ida:AADInstance"];
        private static string tenant = ConfigurationManager.AppSettings["ida:Tenant"];
        private static string postLogoutRedirectUri = ConfigurationManager.AppSettings["ida:PostLogoutRedirectUri"];

        string authority = String.Format(CultureInfo.InvariantCulture, aadInstance, tenant);

        public void ConfigureAuth(IAppBuilder app)
        {
            app.SetDefaultSignInAsAuthenticationType(DefaultAuthenticationTypes.ExternalCookie);
            app.UseCookieAuthentication(new CookieAuthenticationOptions());

            app.SetDefaultSignInAsAuthenticationType(CookieAuthenticationDefaults.AuthenticationType);

            app.UseCookieAuthentication(new CookieAuthenticationOptions());

            app.UseOpenIdConnectAuthentication(
                new OpenIdConnectAuthenticationOptions
                {
                    ClientId = clientId,
                    Authority = authority,
                    PostLogoutRedirectUri = postLogoutRedirectUri
                }
            );

            app.CreatePerOwinContext<AzureIdentityUserManager>(AzureIdentityUserManager.Create); //For Faceook
            app.CreatePerOwinContext<AzureIdentitySignInManager>(AzureIdentitySignInManager.Create); //For Facebook

            #region FacebookOptions
            //app.UseExternalSignInCookie(DefaultAuthenticationTypes.ExternalCookie);

            FacebookAuthenticationOptions facebookOptions = new FacebookAuthenticationOptions()
            {
                AppId = "fb appId",
                AppSecret = "fb appSecret"
            };
            facebookOptions.Scope.Add("email");
            facebookOptions.Provider = new FacebookAuthenticationProvider()
            {
                OnAuthenticated = async context =>
                {
                    foreach (var x in context.User)
                    {
                        context.Identity.AddClaim(new System.Security.Claims.Claim(x.Key, x.Value.ToString()));
                    }
                    //Get the access token from FB and store it in the database and use FacebookC# SDK to get more information about the user
                    context.Identity.AddClaim(new System.Security.Claims.Claim("FacebookAccessToken", context.AccessToken));
                }
            };

            #endregion
            app.UseFacebookAuthentication(facebookOptions);
        }
    }
}

最佳答案

默认情况下,OpenIdConnect 身份验证模式处于事件状态。这意味着 oidc 将始终尝试并处理授权。对我有用的是在 Controller 方法内部发出直接挑战,如下所示:

HttpContext.GetOwinContext().Authentication.Challenge("FaceBook");

这是在将 Startup_Auth 编码为:

之后 
    public void Configure(IAppBuilder app)
    {
        CookieAuthenticationExtensions.UseCookieAuthentication(
            app,
            new CookieAuthenticationOptions
            {
                AuthenticationType = "FaceBook",
            });

        FacebookAuthenticationExtensions.UseFacebookAuthentication(
            app,
            new Microsoft.Owin.Security.Facebook.FacebookAuthenticationOptions
            {
                AppId = "...",
                AppSecret = "...",
                AuthenticationType = "FaceBook",
                SignInAsAuthenticationType = "FaceBook",
            });

        CookieAuthenticationExtensions.UseCookieAuthentication(
        app,
        new CookieAuthenticationOptions
        {
            AuthenticationType = "OpenIdConnect",
        });

        OpenIdConnectAuthenticationExtensions.UseOpenIdConnectAuthentication(
            app,
            new Microsoft.Owin.Security.OpenIdConnect.OpenIdConnectAuthenticationOptions
            {
                AuthenticationType = "OpenIdConnect",
                AuthenticationMode = Microsoft.Owin.Security.AuthenticationMode.Passive,
                ClientId = "...",
                Authority = "...",
                SignInAsAuthenticationType = "OpenIdConnect"
            });

您需要确保当您想要在 AAD 和 FB 之间“切换”身份时,您可以通过注销或清除当前 Cookie 来清除现有身份。

关于asp.net-mvc - Azure 身份验证与 OAuth 身份验证结合使用,我们在Stack Overflow上找到一个类似的问题: https://stackoverflow.com/questions/27290747/

26 4 0
文章推荐: verilog - 将字符串或注释插入 vcd 转储文件
文章推荐: mobile - 带有 Windows Azure 移动服务的 Flighting/Versioning 客户端应用程序
文章推荐: flash - 将 adobe media server 视频直播到 HTML 5
文章推荐: emacs - 组织模式 icalendar 导出 : how to avoid timestamp in description or summary
行者123
个人简介

我是一名优秀的程序员,十分优秀!

滴滴打车优惠券免费领取
滴滴打车优惠券
全站热门文章
Copyright 2021 - 2024 cfsdn All Rights Reserved 蜀ICP备2022000587号
广告合作:1813099741@qq.com 6ren.com