WsFederation和本地用户混合身份验证

时间:2014-11-06 02:06:56

标签: asp.net-mvc asp.net-identity owin katana ws-federation

我正在尝试使用Azure AD凭据(使用OWIN WsFederation插件)或在MVC 5.1 Web App中使用具有microsoft asp.net身份的本地用户帐户登录我的用户。

使用本地用户登录工作正常,使用联合帐户登录只能运行一次,我需要重新启动我的应用才能使其再次运行。

我认为问题在于Microsoft登录页面的响应未正确处理

事实上,在私人模式和Fiddler中使用两个不同的浏览器(chrome + ie),我可以看到我的cookie是在第一次请求时设置的,而不是在从不同浏览器发出的后续请求中设置的

第一个请求 First request

第二次请求 second request

这是我的ConfigureAuth 

     public void ConfigureAuth(IAppBuilder app)
    {
        AntiForgeryConfig.UniqueClaimTypeIdentifier = ClaimTypes.NameIdentifier;

        app.CreatePerOwinContext(ApplicationDbContext.Create);
        app.CreatePerOwinContext<ApplicationUserManager>(ApplicationUserManager.Create);

        app.SetDefaultSignInAsAuthenticationType("ExternalCookie");

        app.UseCookieAuthentication(new CookieAuthenticationOptions
        {
            AuthenticationType = DefaultAuthenticationTypes.ApplicationCookie,
            LoginPath = new PathString("/Account/Login"),
            AuthenticationMode = Microsoft.Owin.Security.AuthenticationMode.Active,
        });


        // these two lines of code are needed if you are using any of the external authentication middleware
        app.UseCookieAuthentication(new CookieAuthenticationOptions
        {
            AuthenticationType = "ExternalCookie",
            AuthenticationMode = Microsoft.Owin.Security.AuthenticationMode.Passive,
        });


        app.UseWsFederationAuthentication(new Microsoft.Owin.Security.WsFederation.WsFederationAuthenticationOptions()
        {
            MetadataAddress = "https://login.windows.net/XXXXXXX.onmicrosoft.com/federationmetadata/2007-06/federationmetadata.xml",
            Wtrealm = "https://MYREALM",

            AuthenticationType = WsFederationAuthenticationDefaults.AuthenticationType,
        });

    }

这是帐户控制器的一部分

    //
    // POST: /Account/ExternalLogin
    [HttpPost]
    [AllowAnonymous]
    [ValidateAntiForgeryToken]
    public ActionResult ExternalLogin(string provider, string returnUrl)
    {
        // Request a redirect to the external login provider
        return new ChallengeResult(provider, Url.Action("ExternalLoginCallback", "Account", new { ReturnUrl = returnUrl }));
    }


    // GET: /Account/ExternalLoginCallback
    [AllowAnonymous]
    public ActionResult ExternalLoginCallback(string returnUrl)
    {

        var ctx = Request.GetOwinContext();
        var result = ctx.Authentication.AuthenticateAsync("ExternalCookie").Result;

        if (result != null) //null on request other than the first (!!!)
        {
            ctx.Authentication.SignOut("ExternalCookie");

            var claims = result.Identity.Claims.ToList();
            claims.Add(new Claim(ClaimTypes.AuthenticationMethod, "External Account"));
            var email = claims.Where(x => x.Type == "http://schemas.xmlsoap.org/ws/2005/05/identity/claims/name").SingleOrDefault().Value;
            var ci = new ClaimsIdentity(claims, DefaultAuthenticationTypes.ApplicationCookie);
            ctx.Authentication.SignIn(ci);
        }

        return RedirectToLocal(returnUrl);
    }

1 个答案:

答案 0 :(得分:3)

在ConfgureAuth中将AuthenticationMode设置为Passive。它在我的工作流程中起作用,看起来与你的非常相似。 

app.UseWsFederationAuthentication(new Microsoft.Owin.Security.WsFederation.WsFederationAuthenticationOptions()
    {
        MetadataAddress = "https://login.windows.net/XXXXXXX.onmicrosoft.com/federationmetadata/2007-06/federationmetadata.xml",
        Wtrealm = "https://MYREALM",

        AuthenticationType = WsFederationAuthenticationDefaults.AuthenticationType,
        AuthenticationMode = AuthenticationMode.Passive
    });

http://msdn.microsoft.com/en-us/library/microsoft.owin.security.authenticationmode%28v=vs.113%29.aspx

相关问题
最新问题