gpt4 book ai didi

azure - 用户 AD 身份验证失败时如何导航到自定义访问被拒绝页面(具有 OpenIDConnect Azure AD 身份验证的 .net 3.1 core)

转载 作者:行者123 更新时间:2023-12-02 07:01:16 26 4
gpt4 key购买 nike

我有一个 .Net core 3.1 Web 应用程序,我通过在 Azure 中设置应用服务注册并分配用户来实现 AD 身份验证。现在,当未经授权的用户尝试访问应用程序时,AD 身份验证会失败并转到 OPENIDConnect 异常页面。但我需要的只是将用户导航到我的应用程序中的自定义页面 AccessDenied 页面。

预期:当用户未经过身份验证时。他应该导航到/Home/AccessDeined 页面。

实际:异常页面: Signin-Oidc Exception Page

启动.cs

    public void ConfigureServices(IServiceCollection services)
{
services.Configure<CookiePolicyOptions>(options =>
{
// This lambda determines whether user consent for non-essential cookies is needed for a given request.
options.CheckConsentNeeded = context => true;
options.MinimumSameSitePolicy = SameSiteMode.None;
});



services.AddAuthentication(AzureADDefaults.AuthenticationScheme)
.AddAzureAD(options => Configuration.Bind("AzureAd", options));

services.Configure<OpenIdConnectOptions>(AzureADDefaults.OpenIdScheme, options =>
{
options.Authority = options.Authority + "/v2.0/";
options.TokenValidationParameters.ValidateIssuer = false;
//options.AccessDeniedPath = new PathString("/Home/AccessDenied");
options.ResponseType = "id_token code";
options.Events.OnAuthenticationFailed = context =>
{

context.Response.Redirect("/Home/AccessDenied");
context.HandleResponse();

return Task.FromResult(0);
};
});

services.AddControllersWithViews();
services.AddHttpClient();


services.AddSession();
//services.Configure<CookieTempDataProviderOptions>(options =>
//{
// options.Cookie.IsEssential = true;
//});

services.AddMvc(options =>
{
var policy = new AuthorizationPolicyBuilder()
.RequireAuthenticatedUser()
.Build();
options.Filters.Add(new AuthorizeFilter(policy));
});

services.AddLogging();
services.AddProgressiveWebApp();
}

// This method gets called by the runtime. Use this method to configure the HTTP request pipeline.
public void Configure(IApplicationBuilder app, IWebHostEnvironment env, ILoggerFactory loggerFactory)
{
if (env.IsDevelopment())
{
app.UseDeveloperExceptionPage();
}
else
{
app.UseExceptionHandler("/Home/Error");
// The default HSTS value is 30 days. You may want to change this for production scenarios, see https://aka.ms/aspnetcore-hsts.
app.UseHsts();
}
app.UseHttpsRedirection();
app.UseStaticFiles();
app.UseCookiePolicy();
app.UseRouting();

app.UseAuthentication();
app.UseAuthorization();
app.UseSession();
app.UseEndpoints(endpoints =>
{
endpoints.MapRazorPages();
endpoints.MapControllers();


endpoints.MapControllerRoute(
name: "default",
pattern: "{controller=Home}/{action=Index}/{id?}");
});
}

Appsettings.Json

"AzureAd": {
"Instance": "https://login.microsoftonline.com/",
"Domain": "XXXXXXXXX",
"TenantId": "XXXXXXXXXXXXXXXXXXXXX",
"ClientId": "XXXXXXXXXXXXXXXXXXXXXX",
"ClientSecret": "XXXXXXXXXXXXXXXXXXXXXXXXXXXX",
"CallbackPath": "/signin-oidc"

},

HomeController.cs

[AllowAnonymous]
public IActionResult AccessDenied()
{
return View();
}

最佳答案

Startups.cs 中指定 CookieAuthenticationOptions 的路径即可。请使用以下代码并在 PathString 中定义您的路径

services.Configure<CookieAuthenticationOptions>(CookieAuthenticationDefaults.AuthenticationScheme, options => {
options.AccessDeniedPath = new PathString("/Home/CustomAccessDenied");
});

关于azure - 用户 AD 身份验证失败时如何导航到自定义访问被拒绝页面(具有 OpenIDConnect Azure AD 身份验证的 .net 3.1 core),我们在Stack Overflow上找到一个类似的问题: https://stackoverflow.com/questions/63730182/

26 4 0
Copyright 2021 - 2024 cfsdn All Rights Reserved 蜀ICP备2022000587号
广告合作:1813099741@qq.com 6ren.com