使用jwt和openidconnect的ASP.NET框架身份验证

时间:2019-07-13 21:12:08

标签: asp.net .net okta oidc

我有一个使用openidconnect身份验证和okta配置的ASP.NET MVC应用程序(.Net Framework 4.7.2)。如果未授权用户,则该应用会将用户重定向到okta进行登录,并且适用于网络浏览器。

我们要求允许移动应用通过Web视图在应用内呈现某些页面,并且它们将传递带有访问令牌的请求标头授权。

经过一段时间的Google搜索,我发现我可以添加jwt和openidconnect身份验证,因此将检查请求标头中是否存在授权标头,如果存在,我们将使用jwt else openidconnect。

我尝试使用.NET Core 2.2,它工作正常,但是我不确定如何在.net框架中实现类似的功能。

.NET Core代码片段

services.AddAuthentication("DefaultPolicy")
        .AddJwtBearer(options => {
            options.Authority = Configuration["Okta:Issuer"];
            options.Audience = "auth";
        })
        .AddCookie()
        .AddOpenIdConnect(options => {
            options.ClientId = Configuration["Okta:ClientId"];
            options.ClientSecret = Configuration["Okta:ClientSecret"];
            options.Authority = Configuration["Okta:Issuer"];
            options.CallbackPath = "/authorization-code/callback";
            options.ResponseType = "code";
            options.SaveTokens = true;
            options.UseTokenLifetime = false;
            options.GetClaimsFromUserInfoEndpoint = true;
            options.Scope.Add("openid");
            options.Scope.Add("profile");
            options.TokenValidationParameters = new TokenValidationParameters {
                NameClaimType = "name"
            };
        })
        .AddPolicyScheme("DefaultPolicy", "Authorization Bearer or OIDC", o => {
            o.ForwardAuthenticate = "AuthenticateSignInPolicy";
            o.ForwardSignIn = "AuthenticateSignInPolicy";
            o.ForwardChallenge = "ChallengePolicy";
        })
        .AddPolicyScheme("AuthenticateSignInPolicy", "Authorization Bearer or OIDC", options => {
            options.ForwardDefaultSelector = context => {
                var authHeader = context.Request.Headers["Authorization"].FirstOrDefault();
                if (authHeader?.StartsWith("Bearer ") == true)
                {
                    return JwtBearerDefaults.AuthenticationScheme;
                }
                return CookieAuthenticationDefaults.AuthenticationScheme;                    
            };
        })
        .AddPolicyScheme("ChallengePolicy", "Authorization Bearer or OIDC", options => {
            options.ForwardDefaultSelector = context => {
                var authHeader = context.Request.Headers["Authorization"].FirstOrDefault();
                if (authHeader?.StartsWith("Bearer ") == true)
                {
                    return JwtBearerDefaults.AuthenticationScheme;
                }
                return OpenIdConnectDefaults.AuthenticationScheme;                    
            };
        });

1 个答案:

答案 0 :(得分:0)

我将在这里假设您正在遵循OKTA提供的快速入门: https://developer.okta.com/quickstart/#/okta-sign-in-page/dotnet/aspnet4

在他们的指南中,他们告诉您添加一个Startup类。您需要将其“ app.UseOktaMVC”替换为“ app.AddJwtBearerAuthentication”。

public class Startup
{
    public void Configuration(IAppBuilder app)
    {
        app.AddJwtBearerAuthentication(new OktaWebApiOptions()
        {
            OktaDomain = Constants.GetIssuer,
            AuthorizationServerId = string.Empty,
            Audience = Constants.GetAudience,
        });
    }
}

扩展名由OKTA提供。如果您想了解如何自己注册所有内容,可以在github上找到其源代码。 https://github.com/okta/okta-aspnet/blob/master/Okta.AspNet/OktaMiddlewareExtensions.cs

相关问题
最新问题