使用ASP.NET WebAPI2进行Owin OpenIDConnect挑战

时间:2015-11-24 12:00:02

标签: angularjs asp.net-web-api owin openid-connect adal

我找到了template来通过AzureAD为MultiTenant网络应用连接Office365服务。

这很好但是这个示例是用ASP.NET MVC编写的,我想修改它并使其作为带有ASP.NET WebAPI2的Angular SPA工作。

 public void ConfigureAuth(IAppBuilder app)
{
    app.SetDefaultSignInAsAuthenticationType(CookieAuthenticationDefaults.AuthenticationType);
app.UseCookieAuthentication(new CookieAuthenticationOptions());

app.UseOpenIdConnectAuthentication(
    new OpenIdConnectAuthenticationOptions
    {
        ClientId = SettingsHelper.ClientId,
        Authority = SettingsHelper.Authority,

        TokenValidationParameters = new System.IdentityModel.Tokens.TokenValidationParameters
        {
            ValidateIssuer = false
        },

        Notifications = new OpenIdConnectAuthenticationNotifications()
        {
            AuthorizationCodeReceived = (context) =>
            {
                var code = context.Code;
                ClientCredential credential = new ClientCredential(SettingsHelper.ClientId, SettingsHelper.AppKey);
                string tenantID = context.AuthenticationTicket.Identity.FindFirst("http://schemas.microsoft.com/identity/claims/tenantid").Value;
                string signInUserId = context.AuthenticationTicket.Identity.FindFirst(ClaimTypes.NameIdentifier).Value;

                AuthenticationContext authContext = new AuthenticationContext(string.Format("{0}/{1}", SettingsHelper.AuthorizationUri, tenantID), new ADALTokenCache(signInUserId));he
                AuthenticationResult result = authContext.AcquireTokenByAuthorizationCode(code, new Uri(HttpContext.Current.Request.Url.GetLeftPart(UriPartial.Path)), credential, SettingsHelper.AADGraphResourceId);

                return Task.FromResult(0);
            },

            RedirectToIdentityProvider = (context) =>
            {
                string appBaseUrl = context.Request.Scheme + "://" + context.Request.Host + context.Request.PathBase;
                context.ProtocolMessage.RedirectUri = appBaseUrl + "/";
                context.ProtocolMessage.PostLogoutRedirectUri = appBaseUrl;

                return Task.FromResult(0);
            },

            AuthenticationFailed = (context) =>
            {
                context.HandleResponse();
                return Task.FromResult(0);
            }
        }
    });

}

AccountController 中的 SignIn 方法是通过ASP.NET MVC Action.Link

调用的 
public class AccountController : Controller
    {
        public void SignIn()
        {
            if (!Request.IsAuthenticated)
            {
                HttpContext.GetOwinContext().Authentication.Challenge(new AuthenticationProperties { RedirectUri = "/" }, OpenIdConnectAuthenticationDefaults.AuthenticationType);
            }
        }
}

AccountController 是MVC控制器, IAuthenticationManager 的方法 .Challenge 实际上使用适当的方法对权限网址进行302重定向OAuth2 url参数。如果我们在 ApiController 中重用相同的代码并通过 XHR 调用它,它就不起作用,它会将OpenId cookie返回给客户端,显然不会重定向。

ApiController 的有效 SignIn 方法是什么?

0 个答案:

没有答案
相关问题
最新问题