我正在尝试建立.net核心站点,该站点是用另一种语言编写的更大的旧版系统的一部分。在此阶段,我不想重写主系统的登录/授权,因此我需要用户能够通过主系统登录,并将他们的登录凭据和授权角色传递到新的.net系统中。 >
我不想在新系统中维护单独的用户数据库,因此将旧系统有效地用作第三方认证服务。我正在努力寻找实现此目标的最佳方法的示例。我在想可以在两个系统之间编写一个OAuth流程。
我基本上希望新系统与旧系统进行核对,如果有人获得了访问权限的登录,如果允许,则让他们继续使用,否则将他们退回到旧系统以进行登录。
最好在新站点上使用Cookie Authentication without identity,并以某种方式写入到旧系统的重定向/ OAuth流程中?有人知道如何执行此操作的任何示例或指南吗?我所能找到的只是链接到第三方提供商的预设列表(例如google,facebook等)的示例。
我可以在旧系统上编写OAuth部分,只是不确定如何在.net核心站点端实现它。与往常一样,任何指导都非常有用。
答案 0 :(得分:0)
据我所知,asp.net核心包含可与oauth配合使用的OAuth 2.0身份验证中间件。
有关如何使用它的更多详细信息,您可以参考以下示例:
注意:似乎您使用了owin身份验证服务器,应该自己替换该参数。
services.AddAuthentication(options =>
{
// If an authentication cookie is present, use it to get authentication information
options.DefaultAuthenticateScheme = CookieAuthenticationDefaults.AuthenticationScheme;
options.DefaultSignInScheme = CookieAuthenticationDefaults.AuthenticationScheme;
// If authentication is required, and no cookie is present, use Yourauth (configured below) to sign in
options.DefaultChallengeScheme = "Yourauth";
})
.AddCookie() // cookie authentication middleware first
.AddOAuth("Yourauth", options =>
{
// Oauth authentication middleware is second
var Domain = Configuration.GetValue<string>("yourdomain");
// When a user needs to sign in, they will be redirected to the authorize endpoint
options.AuthorizationEndpoint = $"{Domain}/oauth2/default/v1/authorize";
// if your OAuth server is OpenID compliant, so request the standard openid
// scopes when redirecting to the authorization endpoint
options.Scope.Add("openid");
options.Scope.Add("profile");
options.Scope.Add("email");
// After the user signs in, an authorization code will be sent to a callback
// in this app. The OAuth middleware will intercept it
options.CallbackPath = new PathString("/authorization-code/callback");
// The OAuth middleware will send the ClientId, ClientSecret, and the
// authorization code to the token endpoint, and get an access token in return
options.ClientId = Configuration.GetValue<string>("ClientId");
options.ClientSecret = Configuration.GetValue<string>("ClientSecret");
options.TokenEndpoint = $"{Domain}/oauth2/default/v1/token";
// Below we call the userinfo endpoint to get information about the user
options.UserInformationEndpoint = $"{Domain}/oauth2/default/v1/userinfo";
// Describe how to map the user info we receive to user claims
options.ClaimActions.MapJsonKey(ClaimTypes.NameIdentifier, "sub");
options.ClaimActions.MapJsonKey(ClaimTypes.Name, "given_name");
options.ClaimActions.MapJsonKey(ClaimTypes.Email, "email");
options.Events = new OAuthEvents
{
OnCreatingTicket = async context =>
{
// Get user info from the userinfo endpoint and use it to populate user claims
var request = new HttpRequestMessage(HttpMethod.Get, context.Options.UserInformationEndpoint);
request.Headers.Accept.Add(new MediaTypeWithQualityHeaderValue("application/json"));
request.Headers.Authorization = new AuthenticationHeaderValue("Bearer", context.AccessToken);
var response = await context.Backchannel.SendAsync(request, HttpCompletionOption.ResponseHeadersRead, context.HttpContext.RequestAborted);
response.EnsureSuccessStatusCode();
var user = JObject.Parse(await response.Content.ReadAsStringAsync());
context.RunClaimActions(user);
}
};
});