如何将ASPNetIdentity转换为OpenIdConnect

时间:2019-01-17 16:17:15

标签: c# .net asp.net-core-2.0 identityserver4 openid-connect

我有一个使用.NET Framework 4.6 AspNetIdentity的项目,并且我正在尝试对其进行升级以使用OpenIdConnect。是否有人成功使用.NET Framework 4.6用OpenIdConnect替换ASPNetIdentity?

我研究了owin示例和一些.NET Core 2.0快速入门示例,例如these,但它们似乎与我要完成的工作不兼容。

我正在尝试专门添加类似于上面示例之一的以下代码片段的内容:

services.AddAuthentication(options =>
{
    options.DefaultScheme = "Cookies";
    options.DefaultChallengeScheme = "oidc";
});
    .AddCookie("Cookies")
    .AddOpenIdConnect("oidc", options =>
    {
        options.SignInScheme = "Cookies";

        options.Authority = "http://xxx.xxx.xxx.xxx:5000";
        options.RequireHttpsMetadata = false;

        options.ClientId = "foo";
        options.ClientSecret = "secret";
        options.ResponseType = "code id_token";

        options.SaveTokens = true;
        options.GetClaimsFromUserInfoEndpoint = true;

        options.Scope.Add("api1");
        options.Scope.Add("offline_access");
    });

我需要类似于Startup.cs文件的ConfigureServices()方法中IServiceCollection服务参数的AddAuthentication()扩展名的某些内容,以便允许客户端通过IdentityServer4登录。

2 个答案:

答案 0 :(得分:0)

在.net框架中,您可以使用Microsoft.Owin.Security.OpenIdConnect文件中的Startup.Auth.cs库来配置OpenID Connect,例如:

public void ConfigureAuth(IAppBuilder app)
    {
        app.SetDefaultSignInAsAuthenticationType(CookieAuthenticationDefaults.AuthenticationType);

        app.UseCookieAuthentication(new CookieAuthenticationOptions());

        app.UseOpenIdConnectAuthentication(
            new OpenIdConnectAuthenticationOptions
            {
                ClientId = clientId,
                Authority = Authority,
                PostLogoutRedirectUri = redirectUri,
                RedirectUri = redirectUri,

                Notifications = new OpenIdConnectAuthenticationNotifications()
                {
                    //
                    // If there is a code in the OpenID Connect response, redeem it for an access token and refresh token, and store those away.
                    //
                    AuthenticationFailed = OnAuthenticationFailed
                }

            });
    }

    private Task OnAuthenticationFailed(AuthenticationFailedNotification<OpenIdConnectMessage, OpenIdConnectAuthenticationOptions> context)
    {
        context.HandleResponse();
        context.Response.Redirect("/Home/Error?message=" + context.Exception.Message);
        return Task.FromResult(0);
    }

答案 1 :(得分:0)

感谢您的答复!我想说@Nan Yu可能得到的答案最终与我想出的解决方案最接近,但是我认为我会在Startup.cs文件的Configure()方法中分享最终最终得到的结果。

using Microsoft.AspNetCore.Authentication.OpenIdConnect;
using Microsoft.IdentityModel.Protocols.OpenIdConnect;
...
var openidOptions = new OpenIdConnectOptions(authenticationScheme)
{
    ClientSecret = secret,
    AutomaticAuthenticate = true,
    SignInScheme = "Identity.External",
    Authority = identityServerAddress,
    ClientId = clientId,
    RequireHttpsMetadata = true,
    ResponseType = OpenIdConnectResponseType.CodeIdToken,
    AutomaticChallenge= true,
    GetClaimsFromUserInfoEndpoint = true,
    SaveTokens = true,
    Events = new OpenIdConnectEvents
    {
        OnRemoteSignOut = async remoteSignOutContext =>
        {
            remoteSignOutContext.HttpContext.Session.Clear();
        },
    },
};
openidOptions.Scope.Clear();
openidOptions.Scope.Add("openid");
app.UseOpenIdConnectAuthentication(openidOptions);

将此添加到我的.NET Framework 4.6客户端中最终使我能够与.NET Core 2.0 Identity Server成功通信!感谢所有尝试提供帮助的人:)