我正在开发一个基于此解决方案的项目:https://github.com/Azure-Samples/active-directory-dotnet-webapp-wsfederation
目前,我默认使用用户身份验证的方式。当页面加载时,我调用我的登录脚本:
Public Sub SignIn()
If (Not Request.IsAuthenticated) Then
Try
Dim newAuth As AuthenticationProperties = New AuthenticationProperties()
newAuth.RedirectUri = "/"
HttpContext.Current.GetOwinContext().Authentication.Challenge(newAuth, WsFederationAuthenticationDefaults.AuthenticationType)
Catch ex As Exception
End Try
End If
End Sub
修改 要添加更多上下文,这是我的APP_START / Startup.Auth.vb代码:
Partial Public Class Startup
Private realm As String = ConfigurationManager.AppSettings("ida:RPIdentifier")
Private aadInstance As String = ConfigurationManager.AppSettings("ida:AADInstance")
Private tenant As String = ConfigurationManager.AppSettings("ida:Tenant")
Private metadata As String = String.Format("{0}/FederationMetadata/2007-06/FederationMetadata.xml", aadInstance)
Private authority As String = String.Format(CultureInfo.InvariantCulture, aadInstance, tenant)
Public Sub ConfigureAuth(app As IAppBuilder)
Try
app.SetDefaultSignInAsAuthenticationType(CookieAuthenticationDefaults.AuthenticationType)
app.UseCookieAuthentication(New CookieAuthenticationOptions())
Dim authOption As WsFederationAuthenticationOptions = New WsFederationAuthenticationOptions()
app.UseWsFederationAuthentication(New WsFederationAuthenticationOptions() With {
.Wtrealm = realm,
.MetadataAddress = metadata,
.Notifications = New WsFederationAuthenticationNotifications() With {
.AuthenticationFailed = Function(context)
context.HandleResponse()
context.Response.Redirect("Home/Error?message=" + context.Exception.Message)
Return Task.FromResult(0)
End Function
}
})
Catch ex As Exception
Throw ex
End Try
End Sub
End Class
但是,我想避免的是,如果来自我们网络外部的人查看该网站,我不希望将它们重定向到Azure Single Sign On登录页面。我只是希望他们继续访问网站,我的代码将处理他们可以看到和做的事情。最后,我会添加一个登录按钮,将它们带到登录页面,如果它们只是在场外。但是,目前,我如何跳过登录页面?
其次,我想处理Azure ADFS关闭的可能性。在这种情况下,我只希望将用户重定向到网站,作为未经身份验证的用户。我通过断开与互联网的连接并运行我的应用来测试它。我尝试过使用Try块,但我仍然遇到这些错误:
无法解析远程名称:'adfs.myCompany.com'
IOException:无法从以下位置获取文档: https://adfs.myCompany.com/FederationMetadata/2007-06/FederationMetadata.xml
[InvalidOperationException:IDX10803:无法创建以获取 配置来自: 'https://adfs.myCompany.com/FederationMetadata/2007-06/FederationMetadata.xml'。]
Azure中的这些设置应该在我的代码中吗?任何这些问题的任何帮助都会很棒。我需要,我也可以添加我的Start.Auth.vb代码。
感谢
答案 0 :(得分:-1)
不幸的是,使用Microsoft提供的示例将强制执行自动登录。 话虽如此,有两种选择:
如果我误解了,请告诉我。希望这可以帮助!