从Azure AD Connect获取身份令牌

Question

I am trying to find out how can I get the Identity Token from the azure ad connect. I am integrating it with Identity Server 4 (dotnet core). Their sample shows how to connect AD with Identity Server but I can't find how actually get the Id Token. I've also tried accessing it using the events but had no success. This is my configuration on Startup.cs on the identity server project.

 public void Configure(IApplicationBuilder app, IHostingEnvironment env, 
 ILoggerFactory loggerFactory)
{
    loggerFactory.AddConsole(LogLevel.Debug);
        app.UseDeveloperExceptionPage();

        app.UseIdentityServer();

        app.UseCookieAuthentication(new CookieAuthenticationOptions
        {
            AuthenticationScheme = IdentityServerConstants.ExternalCookieAuthenticationScheme,

            AutomaticAuthenticate = false,
            AutomaticChallenge = false
        });

        ///
        /// Setup Custom Data Format
        /// 
        var schemeName = "oidc";
        var dataProtectionProvider = app.ApplicationServices.GetRequiredService<IDataProtectionProvider>();
        var distributedCache = app.ApplicationServices.GetRequiredService<IDistributedCache>();

        var dataProtector = dataProtectionProvider.CreateProtector(
            typeof(OpenIdConnectMiddleware).FullName,
            typeof(string).FullName, schemeName,
            "v1");

        var dataFormat = new CachedPropertiesDataFormat(distributedCache, dataProtector);

        ///
        /// Azure AD Configuration
        /// 
        var clientId = "XXXX";
        var tenantId = "XXXXX";

        app.UseOpenIdConnectAuthentication(new OpenIdConnectOptions
        {
            AuthenticationScheme = schemeName,
            DisplayName = "AzureAD",
            SignInScheme = IdentityServerConstants.ExternalCookieAuthenticationScheme,
            ClientId = clientId,
            Authority = $"https://login.microsoftonline.com/{tenantId}",
            ResponseType = OpenIdConnectResponseType.IdToken,
            StateDataFormat = dataFormat,
            Events = new OpenIdConnectEvents
            {
                OnRemoteFailure = OnAuthenticationFailed,
                OnTokenValidated = OnTokenValidated,
                OnTokenResponseReceived = TokenResponseReceived
            },
            TokenValidationParameters = new TokenValidationParameters
            {
                SaveSigninToken = true
            }
        });

        app.UseStaticFiles();
          app.UseMvcWithDefaultRoute();
 }

These are my event handlers from which I hoped to get the id token.

private Task OnTokenValidated(TokenValidatedContext context)
    {
        var type = context.Properties.GetType();
        var tokens = context.Properties.GetTokens();
        var ci = (System.Security.Claims.ClaimsIdentity)
         ClaimsPrincipal.Current.Identity;
        return Task.FromResult(0);
    }

    private Task OnAuthenticationFailed(FailureContext context)
    {
        var failure = context.Failure;
        return Task.FromResult(0);
    }

    public Task TokenResponseReceived(TokenResponseReceivedContext context)
    {
        var variable = context.TokenEndpointResponse.IdToken;
        return Task.FromResult(0);
    }

Answer 1

You can read Token information under context.SecurityToken .

I use my sample project as base, and add OnTokenValidated and OnTokenResponseReceived to test it.

(Click on the image to enlarge it)