Question

我可能正在处理这个完全错误，但我使用OpenID和MS Azure来验证我的用户，然后我检查以确保用户在OpenID中间件的通知中有用户帐户，如果找不到用户，我抛出一个安全例外。如何返回您无权访问此应用程序类型页面。我只是错过了勾拳吗？

以下是示例： https://gist.github.com/phillipsj/3200ddda158eddac74ca

Answer 1

您可以在通知中使用try ... catch，这些内容如下：

SecurityTokenValidated = (context) =>
{
   try
   {
       // retriever caller data from the incoming principal
       var username = context.AuthenticationTicket.Identity.FindFirst(ClaimTypes.Name).Value.Split('@')[0];
       var database = DependencyResolver.Current.GetService(typeof (IDatabase)) as IDatabase;
       var employee = database.Query(new GetEmployeeByUsername(username));

       if (employee == null)
       {
          throw new SecurityTokenValidationException();
       }
         // I add my custom claims here
         context.AuthenticationTicket.Identity.AddClaims(claims);
         return Task.FromResult(0);
   }
   catch (SecurityTokenValidationException ex)
   {
       context.HandleResponse();   // This will skip executing rest of the code in the middleware
       context.Response.Redirect(....);
       return Task.FromResult(0);
   }
}

OpenID OWIN身份验证和缺少用户权限

1 个答案: