Owin OpenId回调网址

时间:2018-12-06 12:38:05

标签: asp.net-mvc owin openid

我正在在.NET MVC应用程序中实现OpenId。 我用过:https://docs.microsoft.com/en-us/azure/active-directory/develop/quickstart-v1-aspnet-webapp 作为入门指南。它正在工作,但是我有1个关于RedirectUri和CallbackPath的问题。

如果我仅使用RedirectUri,则我的应用程序中的回调页面将获得302重定向。

如果我使用CallbackPath,则实际上会命中回调页面。

从示例中并不清楚是怎么回事?这是来自MS:

“在其上处理身份验证回调的可选受约束路径。如果未提供且RedirectUri可用,则将从RedirectUri生成此值。”

我在控制器上使用[Authorize]属性。

Code Startup.cs:

    public void Configuration(IAppBuilder app)
    {
        app.SetDefaultSignInAsAuthenticationType(CookieAuthenticationDefaults.AuthenticationType);
        app.UseCookieAuthentication(new CookieAuthenticationOptions());

        var openIdOptions = new OpenIdConnectAuthenticationOptions
        {
            // Sets the ClientId, authority, RedirectUri as obtained from web.config
            ClientId = ApplicationIdentifier,
            Authority = FederationGateway,
            RedirectUri = RedirectUrl,
            ClientSecret = AppToken,
            AuthenticationMode = AuthenticationMode.Active,
            //CallbackPath = new PathString("/callback/"),

            // PostLogoutRedirectUri is the page that users will be redirected to after sign-out. In this case, it is using the home page
            PostLogoutRedirectUri = "~/home/loggedout/",

            //Scope is the requested scope: OpenIdConnectScopes.OpenIdProfileis equivalent to the string 'openid profile': in the consent screen, this will result in 'Sign you in and read your profile'
            Scope = OpenIdConnectScope.OpenIdProfile,

            // ResponseType is set to request the id_token - which contains basic information about the signed-in user
            ////ResponseType = OpenIdConnectResponseType.IdToken,
            ResponseType = OpenIdConnectResponseType.IdTokenToken,
            // ValidateIssuer set to false to allow work accounts from any organization to sign in to your application
            // To only allow users from a single organizations, set ValidateIssuer to true and 'tenant' setting in web.config to the tenant name or Id (example: contoso.onmicrosoft.com)
            // To allow users from only a list of specific organizations, set ValidateIssuer to true and use ValidIssuers parameter
            TokenValidationParameters = new TokenValidationParameters()
            {
                ValidateIssuer = false
            },

            // OpenIdConnectAuthenticationNotifications configures OWIN to send notification of failed authentications to OnAuthenticationFailed method
            Notifications = new OpenIdConnectAuthenticationNotifications
            {
                AuthenticationFailed = OnAuthenticationFailed,
                SecurityTokenValidated = OnSecurityTokenValidated
            }
        };

        app.UseOpenIdConnectAuthentication(openIdOptions);

        AntiForgeryConfig.UniqueClaimTypeIdentifier = IdentityNameIdentifier;
    }

0 个答案:

没有答案