如何从/ signin-oidc重定向回到我的控制器/动作?

时间:2019-06-25 13:38:54

标签: asp.net-core azure-active-directory

回调URL为https://localhost:44338/signin-oidc

让我说我在控制者/行动中,并饰以[Authorize](授权)

我如何从https://localhost:44338/signin-oidc重定向回到我的控制器/操作?

注意:我正在关注维基: Quickstart: Add sign-in with Microsoft to an ASP.NET Core web app

1 个答案:

答案 0 :(得分:0)

您可以将URL存储在服务器端。例如,基于代码示例:

Quickstart: Add sign-in with Microsoft to an ASP.NET Core web app

修改您的OIDC配置,例如:

services.AddAuthentication(AzureADDefaults.AuthenticationScheme)
    .AddAzureAD(options => Configuration.Bind("AzureAd", options));

services.Configure<OpenIdConnectOptions>(AzureADDefaults.OpenIdScheme, options =>
{
    options.Authority = options.Authority + "/v2.0/";
    options.Events = new OpenIdConnectEvents
    {
        OnRedirectToIdentityProvider = async n =>
        {
            //save url to state
            n.ProtocolMessage.State = n.HttpContext.Request.Path.Value.ToString();
        },

        OnTokenValidated =  ctx =>
        {
            var url = ctx.ProtocolMessage.GetParameter("state");
            var claims = new List<Claim>
            {
                new Claim("myurl", url)
            };
            var appIdentity = new ClaimsIdentity(claims);

            //add url to claims
            ctx.Principal.AddIdentity(appIdentity);

            return Task.CompletedTask;
        },

        OnTicketReceived = ctx =>
        {
            var url = ctx.Principal.FindFirst("myurl").Value;
            ctx.ReturnUri = url;
            return Task.CompletedTask;
        }



    };
    // Per the code below, this application signs in users in any Work and School
    // accounts and any Microsoft Personal Accounts.
    // If you want to direct Azure AD to restrict the users that can sign-in, change 
    // the tenant value of the appsettings.json file in the following way:
    // - only Work and School accounts => 'organizations'
    // - only Microsoft Personal accounts => 'consumers'
    // - Work and School and Personal accounts => 'common'

    // If you want to restrict the users that can sign-in to only one tenant
    // set the tenant value in the appsettings.json file to the tenant ID of this
    // organization, and set ValidateIssuer below to true.

    // If you want to restrict the users that can sign-in to several organizations
    // Set the tenant value in the appsettings.json file to 'organizations', set
    // ValidateIssuer, above to 'true', and add the issuers you want to accept to the
    // options.TokenValidationParameters.ValidIssuers collection
    options.TokenValidationParameters.ValidateIssuer = false;
});
相关问题
最新问题