如何在Azure Active Directory

时间:2017-05-09 20:24:42

标签: c# azure azure-active-directory

我已将AuthenticationMode设置为被动,并使用显式质询重定向到azure登录页面。

这很好用,但我需要一种程序化的方法来确定用户是否经过身份验证。我也想使用用户名,但在HttpContext.User.Identity.IsAuthenticated中无法使用。

请告诉我从何处可以获得此信息?

        app.UseOpenIdConnectAuthentication(
            new OpenIdConnectAuthenticationOptions
            {
                AuthenticationType="a",
                AuthenticationMode = AuthenticationMode.Passive,
                MetadataAddress = String.Format(aadInstance2, tenant2, SignUpSignInPolicyId),
                ClientId = clientId2,
                RedirectUri = redirectUri2,
                PostLogoutRedirectUri = postLogoutRedirectUri,
                CallbackPath= new PathString("/Home/index"),
            });

        app.UseOpenIdConnectAuthentication(
            new OpenIdConnectAuthenticationOptions
            {
                AuthenticationType = "b",
                AuthenticationMode = AuthenticationMode.Passive,
                ClientId = clientId,
                Authority = authority,
                PostLogoutRedirectUri = postLogoutRedirectUri,
                CallbackPath = new PathString("/Home/contact"),
            });


    public void Redirect1()
    {
        HttpContext.GetOwinContext().Authentication.Challenge(new AuthenticationProperties { RedirectUri = "/" }, "b");
    }

    public void Redirect2()
    {
        HttpContext.GetOwinContext().Authentication.Challenge(new AuthenticationProperties { RedirectUri = "/" }, "a");
    }

1 个答案:

答案 0 :(得分:1)

此问题不是由AuthenticationMode引起的,您不应指定CallbackPath。如果设置此参数,则Microsoft.Owin.Security.OpenIdConnect.OpenIdConnectAuthenticationHandler将仅侦听此地址的帖子。因此,您无法成功处理Azure AD中的重定向。

以下是使用多个OpenId connect OWIN注释供您参考的代码:

app.UseOpenIdConnectAuthentication(new OpenIdConnectAuthenticationOptions
{
    ClientId = clientId,
    Authority = authority,
    AuthenticationType = "aad1",
    RedirectUri = "http://localhost:2803/",
    AuthenticationMode = AuthenticationMode.Passive,
    PostLogoutRedirectUri= "http://localhost:2803/"
});

app.UseOpenIdConnectAuthentication(new OpenIdConnectAuthenticationOptions
{
    ClientId = "5efa8abc-13dc-4681-83f5-c6fde071xxxx",
    Authority = authority2,
    AuthenticationType = "aad2",
    RedirectUri = "http://localhost:2803/",
    AuthenticationMode = AuthenticationMode.Passive,
    PostLogoutRedirectUri= "http://localhost:2803/"
});

然后我们可以使用HttpContext.User.Identity.IsAuthenticated检查用户是否登录。

更新

AccountController.cs:

public class AccountController : Controller
{
    public void SignIn(string provider,string ReturnUrl = "/default")
    {
        // Send an OpenID Connect sign-in request.
        if (!Request.IsAuthenticated)
        {
            HttpContext.GetOwinContext().Authentication.Challenge(new AuthenticationProperties { RedirectUri = ReturnUrl }, provider);
            HttpContext.Response.Cookies["provider"].Value = provider;
        }
    }
    public void SignOut()
    {
        var provider = HttpContext.Request.Cookies["provider"].Value;
        Request.Cookies.Clear();
        HttpContext.GetOwinContext().Authentication.SignOut(
            provider, CookieAuthenticationDefaults.AuthenticationType);

    }

    public void EndSession()
    {
        // If AAD sends a single sign-out message to the app, end the user's session, but don't redirect to AAD for sign out.
        HttpContext.GetOwinContext().Authentication.SignOut(CookieAuthenticationDefaults.AuthenticationType);
    }
}

登录页面上的登录按钮:

    <input type="button" value="AzureAD-aad1" onclick="location.href='@Url.Action("SignIn", "Account",new { provider="aad1"} )'" />
    <input type="button" value="AzureAD-aad2" onclick="location.href='@Url.Action("SignIn", "Account",new { provider="aad2"} )'" />

这是使用Fiddler捕获请求的图: enter image description here

相关问题
最新问题