[英]AspNet Core Identity GetExternalLoginInfoAsync Always Null
I am using a combination of IdentityServer4 and ASP .NET Core Identity to create a federated sign-in page.我结合使用 IdentityServer4 和 ASP .NET Core Identity 来创建联合登录页面。 One of the external providers I am using is Azure Active Directory through the Open ID Connect protocol.
我正在使用的外部提供商之一是通过 Open ID Connect 协议的 Azure Active Directory。 I also have integrated EntityFrameworkCore for all of my data storage.
我还为所有数据存储集成了 EntityFrameworkCore。
After I scaffolded my initial website with Identity authentication, I add the appropriate services to my Startup.cs
file.在我使用身份验证构建我的初始网站后,我将适当的服务添加到我的
Startup.cs
文件中。
services.AddOidcStateDataFormatterCache();
// Some DI registrations
services.Configure<CookiePolicyOptions>(options =>
{
options.CheckConsentNeeded = context => true;
options.MinimumSameSitePolicy = SameSiteMode.None;
});
services.AddDbContext<MyDbContext>();
services.AddMvc().AddRazorPages(options => /* Some options */);
services.AddIdentityServer(options =>
options.Events.RaiseErrorEvents = true;
options.Events.RaiseFailureEvents = true;
options.Events.RaiseInformationEvents = true;
options.Events.RaiseSuccessEvents = true;
)
.AddConfigurationStore(options => /* Set up DbContext */)
.AddOperationStore(options => /* Set up DbContext */)
.AddAspNetIdentity<MyAppUser>();
services.AddAuthentication().AddOpenIdConnect(options =>
{
// Does not bind itself for mysterious reasons
Configuration.GetSection("OpenIdConect").Bind(options)
});
I decided it would look nicer if I did most of my authentication setup in my appsettings.json
file.我决定如果我在我的
appsettings.json
文件中完成大部分身份验证设置,它会看起来更好。
{
"OpenIdConnect": {
"ClientId": "<my_client_id>",
"Authority:" "https://login.microsoft.com/<my_tenant_id>",
"PostLogoutRedirectUri": "http://localhost:5000/MyApp/Account",
"CallbackPath": "/signin-oidc",
"ResponseType": "code id_token",
"Scope": "openid profile email",
"SignInScheme": "idsrv.external",
"AutomaticAuthenticate": "false",
"AutomaticChallenge": "false",
"RequireHttpsMetadata": "true"
}
}
Everything runs and my Open ID Connect login provider appears on the login page automatically.一切都在运行,我的 Open ID Connect 登录提供程序自动出现在登录页面上。 Smashing, Upon trying to use that: I am greeted by an error:
Error loading external login information.
粉碎,在尝试使用它时:我收到一个错误:
Error loading external login information.
Ends up that on the scaffolded Razor page Areas/Identity/Pages/Account/ExternalLogin.cshtml.cs:72
there is this bit of code:最后,在脚手架 Razor 页面
Areas/Identity/Pages/Account/ExternalLogin.cshtml.cs:72
上有这段代码:
var info = await _signInManager.GetExternalLoginInfoAsync();
if (info == null)
{
ErrorMessage = "Error loading external login information.";
return RedirectToPage("./Login", new { ReturnUrl = returnUrl });
}
info
always resolved to null. info
总是解析为空。 I suspect it is a configuration issue somewhere in my Startup.cs
, or some bit of magic that no documentation bothered to mention.我怀疑这是我的
Startup.cs
中某处的配置问题,或者是没有文档提及的一些魔法。
After reading my brains out, I decided to reread the IdentityServer4 documentation about external identity providers.脑洞大开后,我决定重新阅读有关外部身份提供者的 IdentityServer4 文档。
This caught my (tired) eye:这引起了我(疲倦)的注意:
Given that this is such a common practise, IdentityServer registers a cookie handler specifically for this external provider workflow.
鉴于这是一种常见的做法,IdentityServer 专门为这个外部提供者工作流程注册了一个 cookie 处理程序。 The scheme is represented via the
IdentityServerConstants.ExternalCookieAuthenticationScheme
constant.该方案通过
IdentityServerConstants.ExternalCookieAuthenticationScheme
常量表示。If you were to use our external cookie handler, then for the SignInScheme [in your OpenIdConnect service setup] you'd assign the value to be the
IdentityServerConstants.ExternalCookieAuthenticationScheme
constant如果您要使用我们的外部 cookie 处理程序,那么对于 SignInScheme [在您的 OpenIdConnect 服务设置中],您会将值分配为
IdentityServerConstants.ExternalCookieAuthenticationScheme
常量
Well, I think I'm not using their external cookie handler.好吧,我想我没有使用他们的外部 cookie 处理程序。 Pretty sure I'm letting ASP .NET Core Identity do that.
很确定我让 ASP .NET Core Identity 这样做。 I decided to kill this line in my appsettings.json:
我决定在我的 appsettings.json 中取消这一行:
"SignInScheme": "idsrv.external"
And behold, I could sign in using my Active Directory credentials.瞧,我可以使用我的 Active Directory 凭据登录。 Reading the actual source code of
GetExternalLoginInfoAsync
, I saw that they were looking for a very specific cookie, and it wasn't "idsrc.external"
.阅读
GetExternalLoginInfoAsync
的实际源代码,我看到他们正在寻找一个非常具体的 cookie,而不是"idsrc.external"
。 Leaving it as its default was what I needed.将其保留为默认值是我所需要的。
声明:本站的技术帖子网页,遵循CC BY-SA 4.0协议,如果您需要转载,请注明本站网址或者原文地址。任何问题请咨询:yoyou2525@163.com.