[英]Different type of authentication for the same controller
I have WEB API CORE 3.0 back-end application.我有 WEB API CORE 3.0 后端应用程序。 Its controllers are protected with Azure AD.
其控制器受 Azure AD 保护。 For this I Use microsoft identity web library.
为此,我使用微软身份 Web 库。
In the source code I configure it like this:在源代码中,我是这样配置的:
public void ConfigureServices(IServiceCollection services)
{
Trace.TraceInformation("Configuring services");
services.AddProtectedWebApi(Configuration, subscribeToJwtBearerMiddlewareDiagnosticsEvents: true)
.AddProtectedApiCallsWebApis(Configuration)
.AddInMemoryTokenCaches();
...
And to protect controller I use [Authorize].为了保护控制器,我使用 [授权]。
Everything works perfect.一切都很完美。
Now I want to add the second way to authorize users (along with Azure AD).现在我想添加第二种方式来授权用户(以及 Azure AD)。 I want that users be able to login either with Azure AD or, say, JWT.
我希望用户能够使用 Azure AD 或 JWT 登录。
Is it possible to implement it for the same controller?是否可以为同一个控制器实现它?
Is it possible to change the existing authorizing mechanism to allow non-AzureAD users to use the controller.
是否可以更改现有的授权机制以允许非 AzureAD 用户使用控制器。
Sounds like you're trying to make the [Authorize]
to allow multiple authentication scheme at the same time.听起来您正在尝试使
[Authorize]
允许同时使用多个身份验证方案。 If that's the case, you should firstly register those authentication scheme with AddAuthentication().AddMyScheme1().AddMyScheme2()...
:如果是这种情况,您应该首先使用
AddAuthentication().AddMyScheme1().AddMyScheme2()...
注册这些身份验证方案:
services.AddAuthentication()
.AddAzureAD(options => Configuration.Bind("AzureAd", options));
.AddJwtBearer(otps=>{
otps.TokenValidationParameters = new TokenValidationParameters{ ...};
});
And then change the default Authorization Policy to authenticate those authentication schemes at the same time.然后更改默认授权策略以同时对这些身份验证方案进行身份验证。 For example, if you want to allow Identity/JwtBearer/AzureAd at the same time, you could do it in following way
例如,如果您想同时允许 Identity/JwtBearer/AzureAd,则可以通过以下方式进行
services.AddAuthorization(opts =>{
opts.DefaultPolicy = new AuthorizationPolicyBuilder()
.AddAuthenticationSchemes(
IdentityConstants.ApplicationScheme // ASP.NET Core Identity Authentication
,JwtBearerDefaults.AuthenticationScheme // JwtBearer Authentication
// ,"AzureAD" // AzureAd Authentication
)
.RequireAuthenticatedUser()
.Build();
});
Or if you want to allow only specific user/Role further, feel free to custom it by :或者,如果您只想进一步允许特定用户/角色,请随时通过以下方式自定义它:
opts.DefaultPolicy = new AuthorizationPolicyBuilder()
.AddAuthenticationSchemes(
IdentityConstants.ApplicationScheme // ASP.NET Core Identity Authentication
,JwtBearerDefaults.AuthenticationScheme // JwtBearer Authentication
// ,"AzureAD" // AzureAd Authentication
)
.RequireAuthenticatedUser()
.RequireRole(...)
.RequireAssertion(ctx =>{
...
return true_or_false;
})
.Build();
声明:本站的技术帖子网页,遵循CC BY-SA 4.0协议,如果您需要转载,请注明本站网址或者原文地址。任何问题请咨询:yoyou2525@163.com.