我有一个简单的asp.net MVC应用程序,带有一个帐户控制器,有两种操作方法可以登录和注销。
我的项目有一个来自我们购买的主题的自定义_layout.cshtml,但服务器端逻辑是基于这篇文章完成的: http://www.andrewconnell.com/azure-ad-asp-net-mvc-walk-through-implementing-adal-owin
如果我在ConfigureAUth中的AuthorizationCodeReceived上设置了一个breakoint,那么这个断点永远不会被命中。
当我点击SIGN IN时会显示天蓝色的SIGN IN页面,但是当它返回时,它不显示Loginpartial视图选项,它显示ITS AUTHENTICATED。
所以我的结论是azure aad,用户输入电子邮件和密码,它经过身份验证"然后它会回到应用程序,但它说它没有经过身份验证。
非常奇怪。
所以我会粘贴代码中最重要的部分。
public partial class Startup
{
// The Client ID is used by the application to uniquely identify itself to Azure AD.
// The App Key is a credential used to authenticate the application to Azure AD. Azure AD supports password and certificate credentials.
// The Metadata Address is used by the application to retrieve the signing keys used by Azure AD.
// The AAD Instance is the instance of Azure, for example public Azure or Azure China.
// The Authority is the sign-in URL of the tenant.
// The Post Logout Redirect Uri is the URL where the user will be redirected after they sign out.
// This is the resource ID of the AAD Graph API. We'll need this to request a token to call the Graph API.
public static readonly string Authority = String.Format(CultureInfo.InvariantCulture, SettingsHelper.AADInstance, SettingsHelper.Tenant);
public void ConfigureAuth(IAppBuilder app)
{
app.SetDefaultSignInAsAuthenticationType(CookieAuthenticationDefaults.AuthenticationType);
app.UseCookieAuthentication(new CookieAuthenticationOptions());
app.UseOpenIdConnectAuthentication(
new OpenIdConnectAuthenticationOptions
{
ClientId = SettingsHelper.ClientId,
Authority = Authority,
PostLogoutRedirectUri = SettingsHelper.PostLogoutRedirectUri,
Notifications = new OpenIdConnectAuthenticationNotifications()
{
AuthorizationCodeReceived = (context) =>
{
var code = context.Code;
ClientCredential credential = new ClientCredential(SettingsHelper.ClientId, SettingsHelper.AppKey);
string userObjectId = context.AuthenticationTicket.Identity.FindFirst(System.IdentityModel.Claims.ClaimTypes.NameIdentifier).Value;
EfAdalTokenCache sampleCache = new EfAdalTokenCache(userObjectId);
AuthenticationContext authContext = new AuthenticationContext(Authority, sampleCache);
AuthenticationResult result = authContext.AcquireTokenByAuthorizationCode(code, new Uri(HttpContext.Current.Request.Url.GetLeftPart(UriPartial.Path)), credential, SettingsHelper.GraphResourceId);
return Task.FromResult(0);
},
AuthenticationFailed = context =>
{
context.HandleResponse();
context.Response.Redirect("/Home/Error?message=" + context.Exception.Message);
return Task.FromResult(0);
}
}
});
}
}
登录部分,应该显示类似,Hello用户!但它没有。
@using Microsoft.AspNet.Identity
@if (Request.IsAuthenticated)
{
using (Html.BeginForm("LogOff", "Account", FormMethod.Post, new { id = "logoutForm", @class = "navbar-right" }))
{
<ul class="nav navbar-top-links navbar-right">
<li class="dropdown">
<a class="dropdown-toggle count-info" data-toggle="dropdown" href="#">
@*@{ Html.RenderAction("GetModules", "Module"); }*@
</a>
</li>
<li>
@Session["DateAndTime"].ToString()
</li>
<li>
@Html.ActionLink("Hello " + User.Identity.GetUserName() + "!", "Manage", "Account", routeValues: null, htmlAttributes: new { title = "Manage" })
</li>
<li>@Html.ActionLink("Sign out", "SignOut", "Account")</li>
</ul>
}
}
else
{
<ul class="nav navbar-top-links navbar-right">
<li>@Html.ActionLink("Sign in", "SignIn", "Account", routeValues: null, htmlAttributes: new { id = "loginLink" })</li>
</ul>
}
帐户控制器
public class AccountController : Controller
{
public void SignIn()
{
// Send an OpenID Connect sign-in request.
if (!Request.IsAuthenticated)
{
HttpContext.GetOwinContext().Authentication.Challenge(new AuthenticationProperties { RedirectUri = "/" }, OpenIdConnectAuthenticationDefaults.AuthenticationType);
}
}
public void SignOut()
{
// Remove all cache entries for this user and send an OpenID Connect sign-out request.
//string userObjectID = ClaimsPrincipal.Current.FindFirst("http://schemas.microsoft.com/identity/claims/objectidentifier").Value;
//AuthenticationContext authContext = new AuthenticationContext(Startup.Authority, new EfAdalTokenCache(userObjectID));
//authContext.TokenCache.Clear();
HttpContext.GetOwinContext().Authentication.SignOut(
OpenIdConnectAuthenticationDefaults.AuthenticationType, CookieAuthenticationDefaults.AuthenticationType);
}
}
和家庭控制器
public class HomeController : Controller
{
public ActionResult Index()
{
//UserProfile up = Cache.GetUserProfile(ClaimsPrincipal.Current.Identities.First().Name);
ViewData["SubTitle"] = "Welcome in ASP.NET MVC 5 INSPINIA SeedProject ";
ViewData["Message"] = "It is an application skeleton for a typical MVC 5 project. You can use it to quickly bootstrap your webapp projects.";
return View();
}
public ActionResult Minor()
{
ViewData["SubTitle"] = "Simple example of second view";
ViewData["Message"] = "Data are passing to view by ViewData from controller";
return View();
}
}
更新1: 当我去: https://localhost:44300/
然后点击登录链接
它去: 有时会https://localhost:44300/Account/SignIn,有时会转到Azure,当它从Azure返回时,它返回到:https://localhost:44300/Account/SignIn而不是https://localhost:44300/
但从未在帐户控制器上点击SignIn断点!