NET Core 2.0和Azure AD(V2)中的AddOpenIdConnect存在一些问题。质询之后,在Azure AD中输入凭据并返回到我的应用程序,身份验证处理程序似乎将我重定向到发起质询的原始方法,而不是已定义的回调方法。但是,httpcontext.user中填充了具有正确声明的声明标识。
出于这篇文章的目的,代码已简化。
启动看起来像:
services.AddAuthentication(o =>
{
o.DefaultChallengeScheme = "aad";
o.DefaultSignInScheme = CookieAuthenticationDefaults.AuthenticationScheme;
o.DefaultAuthenticateScheme = CookieAuthenticationDefaults.AuthenticationScheme;
})
.AddJwtBearer(JwtBearerDefaults.AuthenticationScheme, o =>
{
if (!Environment.IsProduction())
{
o.RequireHttpsMetadata = false;
}
o.Authority = Configuration.GetValue<string>("Authentication:Authority");
o.Audience = Constants.Audiences.Self;
o.TokenValidationParameters = new TokenValidationParameters
{
NameClaimType = OpenIdConnectConstants.Claims.Subject,
RoleClaimType = OpenIdConnectConstants.Claims.Role,
IssuerSigningKey =
new X509SecurityKey(
GetSigningCertificate(Configuration.GetValue<string>("Certificates:Signing")))
};
})
.AddCookie()
.AddOpenIdConnect("aad", o =>
{
if (!Environment.IsProduction())
{
o.RequireHttpsMetadata = false;
}
o.Authority = "https://login.microsoftonline.com/{tenantID}/v2.0";
o.AuthenticationMethod = OpenIdConnectRedirectBehavior.RedirectGet;
o.ClientId = "[clientid]";
o.ClientSecret = "[clientsecret]";
o.ResponseMode = "form_post";
o.ResponseType = "id_token";
o.CallbackPath = new PathString("/api/connect/microsoftcallback2");
o.TokenValidationParameters = new TokenValidationParameters
{
ValidIssuer = "https://login.microsoftonline.com/{tenantID}/v2.0"
};
});
挑战:
[AllowAnonymous]
[HttpGet("authorize", Name = "authorize")]
public async Task<IActionResult> ChallengeTemp()
{
return Challenge("aad");
}
跟踪日志:
Microsoft.AspNetCore.Hosting.Internal.WebHost:信息:请求启动HTTP / 1.1 POST https:// localhost:44301 / api / connect / microsoftcallback2 application / x-www-form-urlencoded 1771 Microsoft.AspNetCore.Hosting.Internal.WebHost :信息:请求启动HTTP / 1.1 POST https:// localhost:44301 / api / connect / microsoftcallback2application / x-www-form-urlencoded 1771 Microsoft.AspNetCore.Authentication.OpenIdConnect.OpenIdConnectHandler:Trace:输入Microsoft.AspNetCore.Authentication.OpenIdConnect.OpenIdConnectHandler的HandleRemoteAuthenticateAsync。Microsoft.AspNetCore.Authentication.OpenIdConnect.OpenIdConnectHandler:跟踪:输入Microsoft.AspNetCore.Authentication.OpenIdConnect.OpenIdConnectHandler的HandleRemoteAuthenticateAsync。Microsoft.AspNetCore.Server.Kestrel:Debug:连接ID为“ 0HLC9LOBLM019”,请求ID为“ 0HLC9LOBLM019:00000004”:开始读取请求正文。Microsoft.AspNetCore.Server.Kestrel:Debug:连接ID为“ 0HLC9LOBLM019”,请求ID为“ 0HLC9LOBLM019:00000004”:开始读取请求正文。Microsoft.AspNetCore.Server.Kestrel:Debug:连接ID为“ 0HLC9LOBLM019”,请求ID为“ MessageReceived:'?id_token = {keyremoved}'。Microsoft.AspNetCore.Authentication.OpenIdConnect.OpenIdConnectHandler:Trace:MessageReceived:'?id_token = {keyremoved}'。Microsoft.AspNetCore.Authentication.OpenIdConnect.OpenIdConnectHandler:Debug:更新配置Microsoft.AspNetCore.Authentication.OpenIdConnect.OpenIdConnectHandler:Debug:更新配置Microsoft.AspNetCore.Authentication.OpenIdConnect.OpenIdConnectHandler:Debug:接收到“ id_token” Microsoft.AspNetCore.Authentication。 OpenIdConnect.OpenIdConnectHandler:Debug:接收到'id_token'Microsoft.AspNetCore.DataProtection.KeyManagement.KeyRingBasedDataProtector:Trace:出于目的(对“工作区”,“ Microsoft.AspNetCore.Authentication.OpenIdConnect.OpenIdConnectHandler”,“系统。字符串”,“ aad”,“ v1”)。Microsoft.AspNetCore.DataProtection.KeyManagement.KeyRingBasedDataProtector:跟踪:出于目的(对“工作区”,“ Microsoft.AspNetCore.Authentication.OpenIdConnect.OpenIdConnectHandler”,“ System.String”,“ aad”,“ v1')。Microsoft.AspNetCore.DataProtection.KeyManagement.KeyRingBasedDataProtector:跟踪:对目的{keyremoved}的目的(“工作区”,“ Microsoft.AspNetCore.Authentication.Cookies.CookieAuthenticationMiddleware”,“ Cookies”,“ v2”)执行保护操作。Microsoft.AspNetCore.DataProtection.KeyManagement.KeyRingBasedDataProtector:跟踪:出于目的(“工作区”,“ Microsoft.AspNetCore.Authentication.Cookies”)执行对键{keyremoved}的保护操作。CookieAuthenticationMiddleware”,“ Cookies”,“ v2”)。Microsoft.AspNetCore.Authentication.Cookies.CookieAuthenticationHandler:信息:AuthenticationScheme:登录的cookie。Microsoft.AspNetCore.Authentication.Cookies.CookieAuthenticationHandler:Information:AuthenticationScheme:登录的Cookie。Microsoft.AspNetCore.Server.Kestrel:Debug:连接ID为“ 0HLC9LOBLM019 ”完成后,请继续回复。Microsoft.AspNetCore.Server.Kestrel:Debug:连接ID“ 0HLC9LOBLM019”已完成,保持活动响应。Microsoft.AspNetCore.Hosting.Internal.WebHost:信息:请求在129.6921ms内完成302 Microsoft.AspNetCore.Hosting.Internal.WebHost:信息:请求在129.6921ms内完成302 Microsoft.AspNetCore.Hosting.Internal.WebHost:信息:请求开始HTTP / 1.1 GET 'Cookies','v2')。Microsoft.AspNetCore.Authentication.Cookies.CookieAuthenticationHandler:信息:AuthenticationScheme:登录的cookie。Microsoft.AspNetCore.Authentication.Cookies.CookieAuthenticationHandler:Information:AuthenticationScheme:登录的Cookie。Microsoft.AspNetCore.Server.Kestrel:Debug:连接ID为“ 0HLC9LOBLM019 ”完成后,请继续回复。Microsoft.AspNetCore.Server.Kestrel:Debug:连接ID“ 0HLC9LOBLM019”已完成,保持活动响应。Microsoft.AspNetCore.Hosting.Internal.WebHost:信息:请求在129.6921ms内完成302 Microsoft.AspNetCore.Hosting.Internal.WebHost:信息:请求在129.6921ms内完成302 Microsoft.AspNetCore.Hosting.Internal.WebHost:信息:请求开始HTTP / 1.1 GET 'Cookies','v2')。Microsoft.AspNetCore.Authentication.Cookies.CookieAuthenticationHandler:信息:AuthenticationScheme:登录的cookie。Microsoft.AspNetCore.Authentication.Cookies.CookieAuthenticationHandler:Information:AuthenticationScheme:登录的Cookie。Microsoft.AspNetCore.Server.Kestrel:Debug:连接ID为“ 0HLC9LOBLM019 ”完成后,请继续回复。Microsoft.AspNetCore.Server.Kestrel:Debug:连接ID“ 0HLC9LOBLM019”已完成,保持活动响应。Microsoft.AspNetCore.Hosting.Internal.WebHost:信息:请求在129.6921ms内完成302 Microsoft.AspNetCore.Hosting.Internal.WebHost:信息:请求在129.6921ms内完成302 Microsoft.AspNetCore.Hosting.Internal.WebHost:信息:请求开始HTTP / 1.1 GET Authentication.Cookies.CookieAuthenticationHandler:信息:AuthenticationScheme:登录的cookie。Microsoft.AspNetCore.Authentication.Cookies.CookieAuthenticationHandler:信息:AuthenticationScheme:登录的cookie。Microsoft.AspNetCore.Server.Kestrel:Debug:连接ID“ 0HLC9LOBLM019”已完成保持活动状态响应。Microsoft.AspNetCore.Server.Kestrel:Debug:连接ID“ 0HLC9LOBLM019”已完成,保持活动响应。Microsoft.AspNetCore.Hosting.Internal.WebHost:信息:请求在129.6921ms内完成302 Microsoft.AspNetCore.Hosting.Internal.WebHost:信息:请求在129.6921ms内完成302 Microsoft.AspNetCore.Hosting.Internal.WebHost:信息:请求开始HTTP / 1.1 GET Authentication.Cookies.CookieAuthenticationHandler:信息:AuthenticationScheme:登录的cookie。Microsoft.AspNetCore.Authentication.Cookies.CookieAuthenticationHandler:信息:AuthenticationScheme:登录的cookie。Microsoft.AspNetCore.Server.Kestrel:Debug:连接ID“ 0HLC9LOBLM019”已完成保持活动状态响应。Microsoft.AspNetCore.Server.Kestrel:Debug:连接ID“ 0HLC9LOBLM019”已完成,保持活动响应。Microsoft.AspNetCore.Hosting.Internal.WebHost:信息:请求在129.6921ms内完成302 Microsoft.AspNetCore.Hosting.Internal.WebHost:信息:请求在129.6921ms内完成302 Microsoft.AspNetCore.Hosting.Internal.WebHost:信息:请求开始HTTP / 1.1 GET Authentication.Cookies.CookieAuthenticationHandler:信息:AuthenticationScheme:登录的Cookies。Microsoft.AspNetCore.Server.Kestrel:Debug:连接ID“ 0HLC9LOBLM019”已完成,保持活动响应。Microsoft.AspNetCore.Server.Kestrel:Debug:连接ID“ 0HLC9LOBLM019”已完成,保持活动响应。Microsoft.AspNetCore.Hosting.Internal.WebHost:信息:请求在129.6921ms内完成302 Microsoft.AspNetCore.Hosting.Internal.WebHost:信息:请求在129.6921ms内完成302 Microsoft.AspNetCore.Hosting.Internal.WebHost:信息:请求开始HTTP / 1.1 GET Authentication.Cookies.CookieAuthenticationHandler:信息:AuthenticationScheme:登录的Cookies。Microsoft.AspNetCore.Server.Kestrel:Debug:连接ID“ 0HLC9LOBLM019”已完成,保持活动响应。Microsoft.AspNetCore.Server.Kestrel:Debug:连接ID“ 0HLC9LOBLM019”已完成,保持活动响应。Microsoft.AspNetCore.Hosting.Internal.WebHost:信息:请求在129.6921ms内完成302 Microsoft.AspNetCore.Hosting.Internal.WebHost:信息:请求在129.6921ms内完成302 Microsoft.AspNetCore.Hosting.Internal.WebHost:信息:请求开始HTTP / 1.1 GET 连接ID“ 0HLC9LOBLM019”已完成,保持活动响应。Microsoft.AspNetCore.Hosting.Internal.WebHost:信息:请求在129.6921ms内完成302 Microsoft.AspNetCore.Hosting.Internal.WebHost:信息:请求在129.6921ms内完成302 Microsoft.AspNetCore.Hosting.Internal.WebHost:信息:请求开始HTTP / 1.1 GET 连接ID“ 0HLC9LOBLM019”已完成,保持活动响应。Microsoft.AspNetCore.Hosting.Internal.WebHost:信息:请求在129.6921ms内完成302 Microsoft.AspNetCore.Hosting.Internal.WebHost:信息:请求在129.6921ms内完成302 Microsoft.AspNetCore.Hosting.Internal.WebHost:信息:请求开始HTTP / 1.1 GEThttps:// localhost:44301 / api / connect / authorize
Microsoft.AspNetCore.Hosting.Internal.WebHost:信息:请求启动HTTP / 1.1 GET https:// localhost:44301 / api / connect / authorize
Microsoft.AspNetCore.DataProtection.KeyManagement.KeyRingBasedDataProtector:跟踪:对目的{keyremoved}进行有目的的取消保护操作(“工作区”,“ Microsoft.AspNetCore.Authentication.Cookies.CookieAuthenticationMiddleware”,“ Cookies”,“ v2”)。Microsoft.AspNetCore.DataProtection.KeyManagement.KeyRingBasedDataProtector:跟踪:对目的{keyremoved}进行有目的的取消保护操作(“工作区”,“ Microsoft.AspNetCore.Authentication.Cookies.CookieAuthenticationMiddleware”,“ Cookies”,“ v2”)。Microsoft.AspNetCore.Authentication.Cookies.CookieAuthenticationHandler:信息:AuthenticationScheme:Cookies已成功通过身份验证。Microsoft.AspNetCore.Authentication.Cookies.CookieAuthenticationHandler:信息:AuthenticationScheme:Cookies已成功通过身份验证。Microsoft.AspNetCore.Routing.Tree.TreeRouter:Debug:请求已成功匹配名称为“ authorize”和模板为“ api / connect / authorize”的路由。Microsoft.AspNetCore.Routing.Tree.TreeRouter:Debug:请求已成功匹配名称为“ authorize”和模板为“ api / connect / authorize”的路由。
如果仔细查看日志,您会看到它写着:
请求启动HTTP / 1.1 POST https:// localhost:44301 / api / connect / microsoftcallback2
由于您指定了响应,因此应以POST形式出现:
o.ResponseMode = "form_post";
您在定义的回调中以POST形式获得响应。
现在,默认情况下,OIDC处理程序会将您重定向回发出挑战时尝试访问的路径。您也可以在日志中看到302重定向。
在使用显式登录处理程序的情况下,这不好。您应该自己定义:
return Challenge(new AuthenticationProperties
{
RedirectUri = "/"
}, "aad");
在这种情况下,将在处理登录后将用户重定向到应用程序的根目录。
本文收集自互联网,转载请注明来源。
如有侵权,请联系 [email protected] 删除。
我来说两句