我们有ID4,根据登录请求时的配置,它将针对数据库提示Windows AD,Azure AD或自定义UI登录页面。
这可行,但是如果Windows AD或Azure AD返回未经授权,我们希望重定向到我们的自定义登录页面。
这是两种方式的注册方式。没什么异常
// configures IIS out-of-proc settings (see https://github.com/aspnet/AspNetCore/issues/14882)
services.Configure<IISOptions>(iis =>
{
iis.AuthenticationDisplayName = "Windows";
iis.AutomaticAuthentication = false;
});
// configures IIS in-proc settings
services.Configure<IISServerOptions>(iis =>
{
iis.AuthenticationDisplayName = "Windows";
iis.AutomaticAuthentication = false;
});
services.AddAuthentication()
.AddOpenIdConnect("aad", "Azure AD", options =>
{
options.RemoteAuthenticationTimeout = TimeSpan.FromSeconds(30);
options.SignInScheme = IdentityServerConstants.ExternalCookieAuthenticationScheme;
options.SignOutScheme = IdentityServerConstants.SignoutScheme;
options.Authority = configuration["Login:AzureAD:AuthorityUrl"];
options.ClientId = configuration["Login:AzureAD:ClientId"];
options.ResponseType = OpenIdConnectResponseType.IdToken;
options.CallbackPath = "/signin-aad";
options.SignedOutCallbackPath = "/signout-callback-aad";
options.RemoteSignOutPath = "/signout-aad";
options.TokenValidationParameters = new TokenValidationParameters
{
NameClaimType = "name",
RoleClaimType = "role"
};
});
对于Azure AD,我可以看到存在options.AccessDeniedPath,我认为我可以传递部分URL来处理控制器内部的URL。但是,对于Windows身份验证,我该怎么做呢?