ASP.NET Core& OpenID Connect重定向到外部身份提供商

时间:2017-01-30 21:28:34

标签: asp.net-core openid-connect

我使用OpenID Connect构建了一个身份提供程序,以提供利用OAuth2访问令牌的身份验证和授权。服务器上的授权工作流程有效;但是,当身份验证失败时,我似乎无法让我的ASP.NET核心客户端自动重定向到OpenID Connect提供程序。我目前只收到401。

这是我的startup.cs:

        public void Configure(IApplicationBuilder app, IHostingEnvironment env, ILoggerFactory loggerFactory)
    {
        loggerFactory.AddConsole(Configuration.GetSection("Logging"));
        loggerFactory.AddDebug();

        if (env.IsDevelopment())
        {
            app.UseDeveloperExceptionPage();
            app.UseBrowserLink();
        }
        else
        {
            app.UseExceptionHandler("/Home/Error");
        }

        app.UseStaticFiles();

        app.UseCookieAuthentication();

        var options = new OpenIdConnectOptions
                          {
                              Authority = "http://localhost:63467",
                              AutomaticAuthenticate = true,
                              AutomaticChallenge = true,
                              AuthenticationMethod = OpenIdConnectRedirectBehavior.RedirectGet,
                              AuthenticationScheme = "oidc",
                              ClientId = "2",
                              ClientSecret = "alskghalsd",
                              Configuration =
                                  new OpenIdConnectConfiguration
                                      {
                                          AuthorizationEndpoint =
                                              "http://localhost:63467/connect/authorize",
                                          TokenEndpoint =
                                              "http://localhost:63467/connect/token"
                                      },
                              PostLogoutRedirectUri = "/",
                              ResponseType = "Code",
                              RemoteSignOutPath = "/signout",
                              UseTokenLifetime = true,
                              SaveTokens = true,
                              SignInScheme = "Cookies",
                              RequireHttpsMetadata = false
                          };
        options.Scope.AddRange(new[] { "openid name role profile" });
        app.UseOpenIdConnectAuthentication(options);

        app.UseMvc(routes =>
        {
            routes.MapRoute(
                name: "default",
                template: "{controller=Home}/{action=Index}/{id?}");
        });
    }

1 个答案:

答案 0 :(得分:0)

我最终通过使用IdentityServer将应用程序作为Identity端点托管并相应地配置我的客户端来解决此问题。

        public void ConfigureServices(IServiceCollection services)
    {
        // Add framework services.
        services.AddMvc(
            opts =>
                {
                    // custom api exception filter
                    opts.Filters.Add(typeof(ApiExceptionFilter));
                });
        services.Configure<IISOptions>(
            options =>
                {
                    options.AutomaticAuthentication = false;
                    options.ForwardClientCertificate = false;
                    options.ForwardWindowsAuthentication = false;
                });

        services.AddSingleton(this.Configuration);
        services.AddIdentityServer();
    }

        public void Configure(IApplicationBuilder app, IHostingEnvironment env, ILoggerFactory loggerFactory)
    {  
            app.UseCookieAuthentication(new CookieAuthenticationOptions { AuthenticationScheme = "Cookies" });
        JwtSecurityTokenHandler.DefaultInboundClaimTypeMap.Clear();

        // get values from config
        IConfigurationSection clientSettings = this.Configuration.GetSection("AppSettings:ClientSettings");
        string[] scopes = clientSettings["Scope"].Split(' ');
        var oidcOptions = new OpenIdConnectOptions
                          {
                              AuthenticationScheme = clientSettings["AuthenticationScheme"],
                              SignInScheme = clientSettings["SignInScheme"],
                              Authority = clientSettings["Authority"],
                              ClaimsIssuer = clientSettings["ClaimsIssuer"],
                              RequireHttpsMetadata =
                                  clientSettings.GetValue<bool>("RequireHttpsMetadata"),
                              ClientId = clientSettings["ClientId"],
                              ClientSecret = clientSettings["ClientSecret"],
                              ResponseType = clientSettings["ResponseType"],
                              GetClaimsFromUserInfoEndpoint = clientSettings.GetValue<bool>("GetClaimsFromUserInfoEndpoint"),
                              SaveTokens = clientSettings.GetValue<bool>("SaveTokens")
                          };
        foreach (var scope in scopes)
        {
            oidcOptions.Scope.Add(scope);
        }

        app.UseOpenIdConnectAuthentication(oidcOptions);

        app.UseStaticFiles();

        app.UseMvcWithDefaultRoute();
}

在将此标记为允许其他人提供替代解决方案的答案之前,我会等待一段时间。