搜索
搜索

AddOpenIdConnect与Azure AD V2

iprotocol 发表于 Dev
40
协议

NET Core 2.0和Azure AD(V2)中的AddOpenIdConnect存在一些问题。质询之后,在Azure AD中输入凭据并返回到我的应用程序,身份验证处理程序似乎将我重定向到发起质询的原始方法,而不是已定义的回调方法。但是,httpcontext.user中填充了具有正确声明的声明标识。

出于这篇文章的目的,代码已简化。

启动看起来像:

            services.AddAuthentication(o =>
            {
                o.DefaultChallengeScheme = "aad";
                o.DefaultSignInScheme = CookieAuthenticationDefaults.AuthenticationScheme;
                o.DefaultAuthenticateScheme = CookieAuthenticationDefaults.AuthenticationScheme;
            })
            .AddJwtBearer(JwtBearerDefaults.AuthenticationScheme, o =>
            {
                if (!Environment.IsProduction())
                {
                    o.RequireHttpsMetadata = false;
                }
                o.Authority = Configuration.GetValue<string>("Authentication:Authority");
                o.Audience = Constants.Audiences.Self;
                o.TokenValidationParameters = new TokenValidationParameters
                {
                    NameClaimType = OpenIdConnectConstants.Claims.Subject,
                    RoleClaimType = OpenIdConnectConstants.Claims.Role,
                    IssuerSigningKey =
                        new X509SecurityKey(
                            GetSigningCertificate(Configuration.GetValue<string>("Certificates:Signing")))
                };
            })
            .AddCookie()
            .AddOpenIdConnect("aad", o =>
            {
                if (!Environment.IsProduction())
                {
                    o.RequireHttpsMetadata = false;
                }
                o.Authority = "https://login.microsoftonline.com/{tenantID}/v2.0";
                o.AuthenticationMethod = OpenIdConnectRedirectBehavior.RedirectGet;
                o.ClientId = "[clientid]";
                o.ClientSecret = "[clientsecret]";
                o.ResponseMode = "form_post";
                o.ResponseType = "id_token";
                o.CallbackPath = new PathString("/api/connect/microsoftcallback2");
                o.TokenValidationParameters = new TokenValidationParameters
                {
                    ValidIssuer = "https://login.microsoftonline.com/{tenantID}/v2.0"
                };
            });

挑战:

    [AllowAnonymous]
    [HttpGet("authorize", Name = "authorize")]
    public async Task<IActionResult> ChallengeTemp()
    {
        return Challenge("aad");
    }

跟踪日志:

Microsoft.AspNetCore.Hosting.Internal.WebHost:信息:请求启动HTTP / 1.1 POST https:// localhost:44301 / api / connect / microsoftcallback2 application / x-www-form-urlencoded 1771 Microsoft.AspNetCore.Hosting.Internal.WebHost :信息:请求启动HTTP / 1.1 POST https:// localhost:44301 / api / connect / microsoftcallback2application / x-www-form-urlencoded 1771 Microsoft.AspNetCore.Authentication.OpenIdConnect.OpenIdConnectHandler:Trace:输入Microsoft.AspNetCore.Authentication.OpenIdConnect.OpenIdConnectHandler的HandleRemoteAuthenticateAsync。Microsoft.AspNetCore.Authentication.OpenIdConnect.OpenIdConnectHandler:跟踪:输入Microsoft.AspNetCore.Authentication.OpenIdConnect.OpenIdConnectHandler的HandleRemoteAuthenticateAsync。Microsoft.AspNetCore.Server.Kestrel:Debug:连接ID为“ 0HLC9LOBLM019”,请求ID为“ 0HLC9LOBLM019:00000004”:开始读取请求正文。Microsoft.AspNetCore.Server.Kestrel:Debug:连接ID为“ 0HLC9LOBLM019”,请求ID为“ 0HLC9LOBLM019:00000004”:开始读取请求正文。Microsoft.AspNetCore.Server.Kestrel:Debug:连接ID为“ 0HLC9LOBLM019”,请求ID为“ MessageReceived:'?id_token = {keyremoved}'。Microsoft.AspNetCore.Authentication.OpenIdConnect.OpenIdConnectHandler:Trace:MessageReceived:'?id_token = {keyremoved}'。Microsoft.AspNetCore.Authentication.OpenIdConnect.OpenIdConnectHandler:Debug:更新配置Microsoft.AspNetCore.Authentication.OpenIdConnect.OpenIdConnectHandler:Debug:更新配置Microsoft.AspNetCore.Authentication.OpenIdConnect.OpenIdConnectHandler:Debug:接收到“ id_token” Microsoft.AspNetCore.Authentication。 OpenIdConnect.OpenIdConnectHandler:Debug:接收到'id_token'Microsoft.AspNetCore.DataProtection.KeyManagement.KeyRingBasedDataProtector:Trace:出于目的(对“工作区”,“ Microsoft.AspNetCore.Authentication.OpenIdConnect.OpenIdConnectHandler”,“系统。字符串”,“ aad”,“ v1”)。Microsoft.AspNetCore.DataProtection.KeyManagement.KeyRingBasedDataProtector:跟踪:出于目的(对“工作区”,“ Microsoft.AspNetCore.Authentication.OpenIdConnect.OpenIdConnectHandler”,“ System.String”,“ aad”,“ v1')。Microsoft.AspNetCore.DataProtection.KeyManagement.KeyRingBasedDataProtector:跟踪:对目的{keyremoved}的目的(“工作区”,“ Microsoft.AspNetCore.Authentication.Cookies.CookieAuthenticationMiddleware”,“ Cookies”,“ v2”)执行保护操作。Microsoft.AspNetCore.DataProtection.KeyManagement.KeyRingBasedDataProtector:跟踪:出于目的(“工作区”,“ Microsoft.AspNetCore.Authentication.Cookies”)执行对键{keyremoved}的保护操作。CookieAuthenticationMiddleware”,“ Cookies”,“ v2”)。Microsoft.AspNetCore.Authentication.Cookies.CookieAuthenticationHandler:信息:AuthenticationScheme:登录的cookie。Microsoft.AspNetCore.Authentication.Cookies.CookieAuthenticationHandler:Information:AuthenticationScheme:登录的Cookie。Microsoft.AspNetCore.Server.Kestrel:Debug:连接ID为“ 0HLC9LOBLM019 ”完成后,请继续回复。Microsoft.AspNetCore.Server.Kestrel:Debug:连接ID“ 0HLC9LOBLM019”已完成,保持活动响应。Microsoft.AspNetCore.Hosting.Internal.WebHost:信息:请求在129.6921ms内完成302 Microsoft.AspNetCore.Hosting.Internal.WebHost:信息:请求在129.6921ms内完成302 Microsoft.AspNetCore.Hosting.Internal.WebHost:信息:请求开始HTTP / 1.1 GET 'Cookies','v2')。Microsoft.AspNetCore.Authentication.Cookies.CookieAuthenticationHandler:信息:AuthenticationScheme:登录的cookie。Microsoft.AspNetCore.Authentication.Cookies.CookieAuthenticationHandler:Information:AuthenticationScheme:登录的Cookie。Microsoft.AspNetCore.Server.Kestrel:Debug:连接ID为“ 0HLC9LOBLM019 ”完成后,请继续回复。Microsoft.AspNetCore.Server.Kestrel:Debug:连接ID“ 0HLC9LOBLM019”已完成,保持活动响应。Microsoft.AspNetCore.Hosting.Internal.WebHost:信息:请求在129.6921ms内完成302 Microsoft.AspNetCore.Hosting.Internal.WebHost:信息:请求在129.6921ms内完成302 Microsoft.AspNetCore.Hosting.Internal.WebHost:信息:请求开始HTTP / 1.1 GET 'Cookies','v2')。Microsoft.AspNetCore.Authentication.Cookies.CookieAuthenticationHandler:信息:AuthenticationScheme:登录的cookie。Microsoft.AspNetCore.Authentication.Cookies.CookieAuthenticationHandler:Information:AuthenticationScheme:登录的Cookie。Microsoft.AspNetCore.Server.Kestrel:Debug:连接ID为“ 0HLC9LOBLM019 ”完成后,请继续回复。Microsoft.AspNetCore.Server.Kestrel:Debug:连接ID“ 0HLC9LOBLM019”已完成,保持活动响应。Microsoft.AspNetCore.Hosting.Internal.WebHost:信息:请求在129.6921ms内完成302 Microsoft.AspNetCore.Hosting.Internal.WebHost:信息:请求在129.6921ms内完成302 Microsoft.AspNetCore.Hosting.Internal.WebHost:信息:请求开始HTTP / 1.1 GET Authentication.Cookies.CookieAuthenticationHandler:信息:AuthenticationScheme:登录的cookie。Microsoft.AspNetCore.Authentication.Cookies.CookieAuthenticationHandler:信息:AuthenticationScheme:登录的cookie。Microsoft.AspNetCore.Server.Kestrel:Debug:连接ID“ 0HLC9LOBLM019”已完成保持活动状态响应。Microsoft.AspNetCore.Server.Kestrel:Debug:连接ID“ 0HLC9LOBLM019”已完成,保持活动响应。Microsoft.AspNetCore.Hosting.Internal.WebHost:信息:请求在129.6921ms内完成302 Microsoft.AspNetCore.Hosting.Internal.WebHost:信息:请求在129.6921ms内完成302 Microsoft.AspNetCore.Hosting.Internal.WebHost:信息:请求开始HTTP / 1.1 GET Authentication.Cookies.CookieAuthenticationHandler:信息:AuthenticationScheme:登录的cookie。Microsoft.AspNetCore.Authentication.Cookies.CookieAuthenticationHandler:信息:AuthenticationScheme:登录的cookie。Microsoft.AspNetCore.Server.Kestrel:Debug:连接ID“ 0HLC9LOBLM019”已完成保持活动状态响应。Microsoft.AspNetCore.Server.Kestrel:Debug:连接ID“ 0HLC9LOBLM019”已完成,保持活动响应。Microsoft.AspNetCore.Hosting.Internal.WebHost:信息:请求在129.6921ms内完成302 Microsoft.AspNetCore.Hosting.Internal.WebHost:信息:请求在129.6921ms内完成302 Microsoft.AspNetCore.Hosting.Internal.WebHost:信息:请求开始HTTP / 1.1 GET Authentication.Cookies.CookieAuthenticationHandler:信息:AuthenticationScheme:登录的Cookies。Microsoft.AspNetCore.Server.Kestrel:Debug:连接ID“ 0HLC9LOBLM019”已完成,保持活动响应。Microsoft.AspNetCore.Server.Kestrel:Debug:连接ID“ 0HLC9LOBLM019”已完成,保持活动响应。Microsoft.AspNetCore.Hosting.Internal.WebHost:信息:请求在129.6921ms内完成302 Microsoft.AspNetCore.Hosting.Internal.WebHost:信息:请求在129.6921ms内完成302 Microsoft.AspNetCore.Hosting.Internal.WebHost:信息:请求开始HTTP / 1.1 GET Authentication.Cookies.CookieAuthenticationHandler:信息:AuthenticationScheme:登录的Cookies。Microsoft.AspNetCore.Server.Kestrel:Debug:连接ID“ 0HLC9LOBLM019”已完成,保持活动响应。Microsoft.AspNetCore.Server.Kestrel:Debug:连接ID“ 0HLC9LOBLM019”已完成,保持活动响应。Microsoft.AspNetCore.Hosting.Internal.WebHost:信息:请求在129.6921ms内完成302 Microsoft.AspNetCore.Hosting.Internal.WebHost:信息:请求在129.6921ms内完成302 Microsoft.AspNetCore.Hosting.Internal.WebHost:信息:请求开始HTTP / 1.1 GET 连接ID“ 0HLC9LOBLM019”已完成,保持活动响应。Microsoft.AspNetCore.Hosting.Internal.WebHost:信息:请求在129.6921ms内完成302 Microsoft.AspNetCore.Hosting.Internal.WebHost:信息:请求在129.6921ms内完成302 Microsoft.AspNetCore.Hosting.Internal.WebHost:信息:请求开始HTTP / 1.1 GET 连接ID“ 0HLC9LOBLM019”已完成,保持活动响应。Microsoft.AspNetCore.Hosting.Internal.WebHost:信息:请求在129.6921ms内完成302 Microsoft.AspNetCore.Hosting.Internal.WebHost:信息:请求在129.6921ms内完成302 Microsoft.AspNetCore.Hosting.Internal.WebHost:信息:请求开始HTTP / 1.1 GEThttps:// localhost:44301 / api / connect / authorize
Microsoft.AspNetCore.Hosting.Internal.WebHost:信息:请求启动HTTP / 1.1 GET https:// localhost:44301 / api / connect / authorize
Microsoft.AspNetCore.DataProtection.KeyManagement.KeyRingBasedDataProtector:跟踪:对目的{keyremoved}进行有目的的取消保护操作(“工作区”,“ Microsoft.AspNetCore.Authentication.Cookies.CookieAuthenticationMiddleware”,“ Cookies”,“ v2”)。Microsoft.AspNetCore.DataProtection.KeyManagement.KeyRingBasedDataProtector:跟踪:对目的{keyremoved}进行有目的的取消保护操作(“工作区”,“ Microsoft.AspNetCore.Authentication.Cookies.CookieAuthenticationMiddleware”,“ Cookies”,“ v2”)。Microsoft.AspNetCore.Authentication.Cookies.CookieAuthenticationHandler:信息:AuthenticationScheme:Cookies已成功通过身份验证。Microsoft.AspNetCore.Authentication.Cookies.CookieAuthenticationHandler:信息:AuthenticationScheme:Cookies已成功通过身份验证。Microsoft.AspNetCore.Routing.Tree.TreeRouter:Debug:请求已成功匹配名称为“ authorize”和模板为“ api / connect / authorize”的路由。Microsoft.AspNetCore.Routing.Tree.TreeRouter:Debug:请求已成功匹配名称为“ authorize”和模板为“ api / connect / authorize”的路由。

在六月

如果仔细查看日志,您会看到它写着:

请求启动HTTP / 1.1 POST https:// localhost:44301 / api / connect / microsoftcallback2

由于您指定了响应,因此应以POST形式出现:

o.ResponseMode = "form_post";

您在定义的回调中以POST形式获得响应。

现在,默认情况下,OIDC处理程序会将您重定向回发出挑战时尝试访问的路径。您也可以在日志中看到302重定向。

在使用显式登录处理程序的情况下,这不好。您应该自己定义:

return Challenge(new AuthenticationProperties
{
    RedirectUri = "/"
}, "aad");

在这种情况下,将在处理登录后将用户重定向到应用程序的根目录。

本文收集自互联网,转载请注明来源。

如有侵权,请联系 [email protected] 删除。

编辑于
0

我来说两句

0 条评论
登录 后参与评论

相关文章

Azure AD-如何获取v2访问令牌

Azure Active Directory B2C与Azure AD V2

获取Azure AD V2终结点的访问令牌时如何指定资源URI?

Azure AD B2C 不斷提供 v1 令牌而不是 v2 令牌

Azure AD B2C密码剩余部分在登录v2流中不起作用

Azure AD - 如何以编程方式设置应用清单属性(accessTokenAcceptedVersion 到 v2 和 signInAudience)?

ASP.NET Core 2.0 Web API Azure Ad v2令牌授权不起作用

您在“范围”中发送的内容是否控制您是否可以使用Azure AD V2端点使用Microsoft帐户登录

如何在ASP.NET核心WEB API中验证Azure AD v2生成的OpenID Connect访问令牌?

Azure AD B2C和Azure AD Connect

Azure AD与Azure AD B2C与Azure AD B2B

python azure函数v2 msiauthentication

Azure函数v2中的CorrelationId

Azure Function v2 .NET框架?

Azure AD 2FA API端点

Azure CLI v1与v2

用 Azure AD 替换 AD

从 Azure Functions 调用 Azure 数据工厂 (V2) 管道

在Azure AD B2C中使用Azure AD Graph API创建用户

Passport-azure-ad和Passport-azure-ad-oauth2有什么区别

Azure AD B2C中的多租户Azure AD

Azure AD和Azure AD B2C令牌之间的区别

Azure AD B2C与公司(Azure?)AD帐户集成

带有Azure AD的Azure AD B2C-配置文件

Azure AD B2C对企业Azure AD帐户进行身份验证

Можно ли подключить Azure API Management и Azure AD B2C?

Azure政府中的Azure AD B2B

Azure AD和Azure B2c

用户的Azure AD和Azure B2C

TOP 榜单

  1. 1

    Android Studio Kotlin:提取为常量

  2. 2

    IE 11中的FormData未定义

  3. 3

    计算数据帧R中的字符串频率

  4. 4

    如何在R中转置数据

  5. 5

    如何使用Redux-Toolkit重置Redux Store

  6. 6

    Excel 2016图表将增长与4个参数进行比较

  7. 7

    在 Python 2.7 中。如何从文件中读取特定文本并分配给变量

  8. 8

    未捕获的SyntaxError:带有Ajax帖子的意外令牌u

  9. 9

    OpenCv:改变 putText() 的位置

  10. 10

    ActiveModelSerializer仅显示关联的ID

  11. 11

    算术中的c ++常量类型转换

  12. 12

    如何开始为Ubuntu开发

  13. 13

    将加号/减号添加到jQuery菜单

  14. 14

    去噪自动编码器和常规自动编码器有什么区别?

  15. 15

    获取并汇总所有关联的数据

  16. 16

    OpenGL纹理格式的颜色错误

  17. 17

    在 React Native Expo 中使用 react-redux 更改另一个键的值

  18. 18

    http:// localhost:3000 /#!/为什么我在localhost链接中得到“#!/”。

  19. 19

    TreeMap中的自定义排序

  20. 20

    Redux动作正常,但减速器无效

  21. 21

    如何对treeView的子节点进行排序

热门标签

归档