Question

我已将OpenID身份验证添加到我的ASP.NET Core 2.0 wep应用程序中：

services.AddAuthentication(sharedOptions =>
        {
            sharedOptions.DefaultScheme = CookieAuthenticationDefaults.AuthenticationScheme;
            sharedOptions.DefaultChallengeScheme = OpenIdConnectDefaults.AuthenticationScheme;
        })
            .AddCookie()
            .AddOpenIdConnect(option =>
            {
                option.ClientId = Configuration["AzureAD:ClientId"];
                option.Authority = String.Format(Configuration["AzureAd:AadInstance"], Configuration["AzureAd:Tenant"]);
                option.SignedOutRedirectUri = Configuration["AzureAd:PostLogoutRedirectUri"];
            });

如何打开自动质询，所以控制器，使用AuthorizeAttribute的resp操作将返回403而不是重定向？

修改我最终得到了这个：

.AddOpenIdConnect(option =>
{
    ...
    option.Events = new OpenIdConnectEvents
    {
        OnRedirectToIdentityProvider = context =>
        {
            bool isAjaxRequest = context.HttpContext.Request.Headers["x-requested-with"] == "XMLHttpRequest";
            if (isAjaxRequest)
            {
                context.HttpContext.Response.StatusCode = StatusCodes.Status401Unauthorized;
                //context.HttpContext.Response.Headers["Location"] = ???request.RedirectUrl;
                context.HandleResponse();
            }
            return Task.CompletedTask;
        }
    };
});

虽然我不想重定向Ajax请求（因为为什么？），但我想将重定向url传递给客户端。 如何获取RedirectURL ？

Answer 1

到目前为止，我能提供的最佳解决方案是：

services.AddAuthentication(sharedOptions =>
{
    sharedOptions.DefaultScheme = CookieAuthenticationDefaults.AuthenticationScheme;
    sharedOptions.DefaultSignInScheme = CookieAuthenticationDefaults.AuthenticationScheme;
    sharedOptions.DefaultChallengeScheme = OpenIdConnectDefaults.AuthenticationScheme;
})
  .AddCookie(options =>
  {
      options.Events.OnRedirectToAccessDenied = DontRedirectAjaxOrApiRequestToForbidden;
  })
  .AddOpenIdConnect(options =>
  {
      ...
      options.Events.OnRedirectToIdentityProvider = DontRedirectAjaxRequestToOpenIdProvider;
  });


/// <summary>
/// Unauthenticated ajax or API request returns 403 rather than Redirect to forbidden page
/// </summary>
private static Task DontRedirectAjaxOrApiRequestToForbidden(RedirectContext<CookieAuthenticationOptions> ctx)
{
    bool isAjaxRequest = ctx.HttpContext.Request.Headers["x-requested-with"] == "XMLHttpRequest";
    if (isAjaxRequest || (ctx.Request.Path.StartsWithSegments("/api")))
    {
        ctx.Response.StatusCode = 403;
    }
    else
    {
        ctx.Response.Redirect(ctx.RedirectUri);
    }
    return Task.CompletedTask;
}

/// <summary>
/// Unauthenticated ajax request returns 401 rather than Redirect
/// </summary>
private static Task DontRedirectAjaxRequestToOpenIdProvider(RedirectContext redirectContext)
{
    bool isAjaxRequest = redirectContext.HttpContext.Request.Headers["x-requested-with"] == "XMLHttpRequest";
    if (isAjaxRequest)
    {
        redirectContext.HttpContext.Response.StatusCode = StatusCodes.Status401Unauthorized;
        redirectContext.HttpContext.Response.Headers["Location"] = CookieAuthenticationDefaults.LoginPath.Value;
        redirectContext.HandleResponse();
    }
    return Task.CompletedTask;
}

关闭asp.net mvc core 2 OpenIdConnect中的AutomaticChallenge

1 个答案: