美好的一天,
我对此问题感到困惑,因为在升级到Core 2.0之前,我已经很好地为我工作了。我的应用程序有(或有!)两个登录选项,一个为内部用户调用Azure AD,另一个使用Identity为外部用户注册/登录。 (我使用ClaimsTransformer
从应用程序的声明数据库中向AD用户添加声明。
我的_LoginPartial看起来像这样:
@if (SignInManager.IsSignedIn(User))
{
... display @User.GetFirstName() and log out button
...
}
else if (User.Identity.IsAuthenticated)
{
... Display AD's @User.Claims.First(c => c.Type == ClaimTypes.GivenName).Value and sign out button
}
else
{
<ul class="nav navbar-nav ml-auto">
<li class="nav-item"><a asp-area="" asp-controller="Account" asp-action="Register" class="nav-link">Register</a>
</li>
<li class="nav-item"><a asp-area="" asp-controller="Account" asp-action="SignIn" class="nav-link">Internal Log in</a>
</li>
<li class="nav-item"><a asp-area="" asp-controller="Account" asp-action="Login" class="nav-link">External Log in</a>
</li> </ul>
}
这使Core 1.1产生了预期的效果。但是,现在我似乎无法让SignInManager.IsSignedIn(User)
返回true(这是之前为外部登录所发生的事情。
我的Startup.cs
看起来像这样:
services.AddIdentity<ApplicationUser, IdentityRole>(options =>
{
...
})
.AddEntityFrameworkStores<JCContext>()
.AddDefaultTokenProviders();
services.ConfigureApplicationCookie(options => options.LoginPath = "/Account/LogIn");
services.AddAuthentication(o =>
{
o.DefaultAuthenticateScheme = CookieAuthenticationDefaults.AuthenticationScheme;
o.DefaultChallengeScheme = OpenIdConnectDefaults.AuthenticationScheme;
o.DefaultSignInScheme = CookieAuthenticationDefaults.AuthenticationScheme;
})
.AddOpenIdConnect(option =>
{
option.ClientId = Configuration["Authentication:AzureAD:ClientId"];
option.Authority = Configuration["Authentication:AzureAd:Authority"];
option.CallbackPath = Configuration["Authentication:AzureAd:CallbackPath"];
})
.AddCookie(o =>
{
o.LoginPath = new PathString("/Account/LogIn");
o.ExpireTimeSpan = TimeSpan.FromDays(150);
o.LogoutPath = "/Account/LogOut";
});
有趣的是,如果我把services.AddAuthentication(...)
放在 services.AddIdentity
之前,我会得到相反的效果。我的外部用户可以显示&#39;已登录,但{AD}用户登录时User.Identity.IsAuthenticated
不会返回true
。
我在启动时来回重新排列项目,但我似乎无法找到获胜的组合。我错过了一些明显的东西吗?必须有一些关于SignInManager / cookies的东西,我不理解。
感谢。
答案 0 :(得分:0)
我还创建了一个与Azure AD和个人帐户集成的项目,这对我很有用。以下是ConfigureServices
方法中的代码。
public void ConfigureServices(IServiceCollection services)
{
services.AddDbContext<ApplicationDbContext>(options =>
options.UseSqlServer(Configuration.GetConnectionString("DefaultConnection")));
services.AddIdentity<ApplicationUser, IdentityRole>()
.AddEntityFrameworkStores<ApplicationDbContext>()
.AddDefaultTokenProviders();
services.AddMvc()
.AddRazorPagesOptions(options =>
{
options.Conventions.AuthorizeFolder("/Account/Manage");
options.Conventions.AuthorizePage("/Account/Logout");
});
// Register no-op EmailSender used by account confirmation and password reset during development
// For more information on how to enable account confirmation and password reset please visit https://go.microsoft.com/fwlink/?LinkID=532713
services.AddSingleton<IEmailSender, EmailSender>();
services.AddAuthentication(options =>
{
options.DefaultScheme = CookieAuthenticationDefaults.AuthenticationScheme;
options.DefaultChallengeScheme = OpenIdConnectDefaults.AuthenticationScheme;
})
.AddCookie()
.AddOpenIdConnect(options =>
{
options.Authority = String.Format(Configuration["AzureAd:AadInstance"], Configuration["AzureAd:Tenant"]);
options.ClientId = Configuration["AzureAd:ClientId"];
});
}
我还将演示项目上传到GitHub,您可以从this link下载并比较与您的代码的差异。