[英]How to combine Asp.Net Identity with Azure AD Authorization
How to integrate Asp.Net Identity with Azure AD Authorization 如何将Asp.Net身份与Azure AD授权集成
Is it possible to integrate Asp.Net Identity with Azure AD Authorization by means of OpenIdConnect? 是否可以通过OpenIdConnect将Asp.Net Identity与Azure AD授权集成在一起? I'd like to have a both authorization providers one for local authorization ( by means of standart Asp.net core Identity and second by means of Azure AD 我想同时拥有两个授权提供程序,一个用于本地授权(通过standart Asp.net核心身份,另一个通过Azure AD)
_services
.AddAuthentication(options =>
{
options.DefaultAuthenticateScheme = CookieAuthenticationDefaults.AuthenticationScheme;
options.DefaultChallengeScheme = OpenIdConnectDefaults.AuthenticationScheme;
options.DefaultScheme = CookieAuthenticationDefaults.AuthenticationScheme;
})
.AddOpenIdConnect(OpenIdConnectDefaults.AuthenticationScheme, options =>
{
options.SignInScheme = CookieAuthenticationDefaults.AuthenticationScheme;
options.ClientId = clientId;
options.ClientSecret = clientSecret;
options.Authority = $"{baseAuthorityUrl}/{tenantId}/v2.0";
options.CallbackPath = new PathString(callBackPath);
options.Scope.Add("email");
options.Scope.Add("profile");
options.ResponseType = "code id_token";
options.SaveTokens = true;
options.GetClaimsFromUserInfoEndpoint = true;
options.TokenValidationParameters = new TokenValidationParameters
{
NameClaimType = "name"
};
})
This works for Azure AD Authorization, but i can't change authorization method from Azure AD to ASp.Net Identity. 这适用于Azure AD授权,但是我无法将授权方法从Azure AD更改为ASp.Net Identity。 Any help is much appreciated 任何帮助深表感谢
I'd suggest using the default ASP.NET Identity template to start the project : 我建议使用默认的ASP.NET Identity模板启动项目:
Create new application with ASP.NET Identity (Individual User Accounts template). 使用ASP.NET标识(“个人用户帐户”模板)创建新的应用程序。
Seed the database with Migrations Add-Migration Name
, Update-Database
. 使用Migrations Add-Migration Name
Update-Database
为数据库设置种子。
Add your OIDC provider : 添加您的OIDC提供者:
services .AddAuthentication(options => { options.DefaultChallengeScheme = OpenIdConnectDefaults.AuthenticationScheme; options.DefaultScheme = CookieAuthenticationDefaults.AuthenticationScheme; }).AddCookie() .AddOpenIdConnect(OpenIdConnectDefaults.AuthenticationScheme, options => { options.SignInScheme = IdentityConstants.ExternalScheme; options.ClientId = ClientId; options.ClientSecret = ClientSecret; options.Authority = $"{baseAuthorityUrl}/{tenantId}/v2.0"; options.CallbackPath = new PathString("/signin-oidc"); options.Scope.Add("email"); options.Scope.Add("profile"); options.ResponseType = "code id_token"; options.SaveTokens = true; options.GetClaimsFromUserInfoEndpoint = true; options.TokenValidationParameters = new TokenValidationParameters { NameClaimType = "name" }; });
Make sure using IdentityConstants.ExternalScheme
for SignInScheme otherwise the Identity won't accept external login information correctly . 确保对SignInScheme使用IdentityConstants.ExternalScheme
,否则Identity将无法正确接受外部登录信息。
Asp.net will create a local account that associates your external account , so that you can perform authorization with your local identity system . Asp.net将创建一个与您的外部帐户关联的本地帐户,以便您可以使用本地身份系统执行授权。
声明:本站的技术帖子网页,遵循CC BY-SA 4.0协议,如果您需要转载,请注明本站网址或者原文地址。任何问题请咨询:yoyou2525@163.com.