堆栈内存溢出
  简体   繁体   English

Asp.NET 4.7.2 多个 Owin 身份验证提供程序

[英]Asp.NET 4.7.2 Multiple Owin Auth Providers

 原文  2020-04-16 23:46:36       c#/ asp.net/ owin

问题描述

Is it possible to use two OpenIdConnect providers in the same application?是否可以在同一个应用程序中使用两个 OpenIdConnect 提供程序? I need to have logins for two distinct groups, the first being employees who have valid Azure AD accounts, and the second customers, who do not have Azure AD accounts.我需要登录两个不同的组,第一个是拥有有效 Azure AD 帐户的员工,第二个是没有 Azure AD 帐户的客户。 I know the endpoints to use, and have worked on applications that contain this functionality using .NET Core but I am unable to successfully implement this in .NET 4.7.2我知道要使用的端点,并且已经使用 .NET Core 处理包含此功能的应用程序,但我无法在 .NET 4.7.2 中成功实现此功能

In my start.auth.cs file I have been trying to add the providers like this在我的 start.auth.cs 文件中,我一直在尝试添加这样的提供程序

app.UseOpenIdConnectAuthentication(CustomerOptions());
app.UseOpenIdConnectAuthentication(EmployeeOptions());

    private static OpenIdConnectAuthenticationOptions EmployeeOptions() =>
            new OpenIdConnectAuthenticationOptions
            {
                ClientId = ClientId,
                Authority = authority,
                RedirectUri = RedirectUri,
                ClientSecret = ClientSecret,
                PostLogoutRedirectUri = RedirectUri,
                Scope = OpenIdConnectScope.OpenIdProfile,
                // ResponseType is set to request the id_token - which contains basic information about the signed-in user
                ResponseType = OpenIdConnectResponseType.CodeIdToken,
                // ValidateIssuer set to false to allow personal and work accounts from any organization to sign in to your application
                // To only allow users from a single organizations, set ValidateIssuer to true and 'tenant' setting in web.config to the tenant name
                // To allow users from only a list of specific organizations, set ValidateIssuer to true and use ValidIssuers parameter
                TokenValidationParameters = new TokenValidationParameters()
                {
                    ValidateIssuer = false // This is a simplification
                },
                // OpenIdConnectAuthenticationNotifications configures OWIN to send notification of failed authentications to OnAuthenticationFailed method
                Notifications = new OpenIdConnectAuthenticationNotifications
                {
                    AuthenticationFailed = OnAuthenticationFailed,
                    SecurityTokenValidated = OnAdSecurityTokenValidated
                }
            };

Where the...Options methods have the OpenIdConnectAuthenticationOptions specific to each endpoint.其中...Options 方法具有特定于每个端点的 OpenIdConnectAuthenticationOptions。 If I use just one of the methods I can authenticate into the application, but when I try adding both the authentication will only use the client added last.如果我只使用其中一种方法,我可以在应用程序中进行身份验证,但是当我尝试同时添加两种身份验证时,只会使用最后添加的客户端。

The code that calls the methods is: 1. calls the Azure AD provider调用方法的代码为: 1.调用Azure AD provider

            HttpContext.GetOwinContext().Authentication.Challenge(
                new AuthenticationProperties { RedirectUri = "/" },
                OpenIdConnectAuthenticationDefaults.AuthenticationType);

  1. calls the customer provider致电客户提供商

     var properties = new AuthenticationProperties { RedirectUri = "/" }; var scheme = "schemeName"; HttpContext.GetOwinContext().Authentication.Challenge(properties, scheme);

How do I get the appropriate authentication provider called?如何调用适当的身份验证提供程序?

Thanks谢谢

2 个解决方案

解决方案1
 1 已采纳  2020-04-20 14:03:55

You need to set different scheme for each authentication middleware via OpenIdConnectAuthenticationOptions.AuthenticationType property and pass the scheme you want to authenticate in Challenge(...) method.您需要通过OpenIdConnectAuthenticationOptions.AuthenticationType属性为每个身份验证中间件设置不同的方案,并在Challenge(...)方法中传递要进行身份验证的方案。

解决方案2
 0  2020-04-20 13:03:05

I had neglected to set the authentication type parameter when I was newing up the OpenIdConnectAuthenticationOptions, so I was overwritting the default settings when I added the second authentication provider.我在更新 OpenIdConnectAuthenticationOptions 时忽略了设置身份验证类型参数,因此在添加第二个身份验证提供程序时覆盖了默认设置。

app.UseOpenIdConnectAuthentication(CustomerOptions());
app.UseOpenIdConnectAuthentication(EmployeeOptions());

private static OpenIdConnectAuthenticationOptions EmployeeOptions() =>
        new OpenIdConnectAuthenticationOptions("employeeAuthenticationType")
        {
            ClientId = ClientId,
            Authority = authority,
            RedirectUri = RedirectUri,
            ClientSecret = ClientSecret,
            PostLogoutRedirectUri = RedirectUri,
            Scope = OpenIdConnectScope.OpenIdProfile,
            // ResponseType is set to request the id_token - which contains basic information about the signed-in user
            ResponseType = OpenIdConnectResponseType.CodeIdToken,
            // ValidateIssuer set to false to allow personal and work accounts from any organization to sign in to your application
            // To only allow users from a single organizations, set ValidateIssuer to true and 'tenant' setting in web.config to the tenant name
            // To allow users from only a list of specific organizations, set ValidateIssuer to true and use ValidIssuers parameter
            TokenValidationParameters = new TokenValidationParameters()
            {
                ValidateIssuer = false // This is a simplification
            },
            // OpenIdConnectAuthenticationNotifications configures OWIN to send notification of failed authentications to OnAuthenticationFailed method
            Notifications = new OpenIdConnectAuthenticationNotifications
            {
                AuthenticationFailed = OnAuthenticationFailed,
                SecurityTokenValidated = OnAdSecurityTokenValidated
            }
        };

暂无
暂无

声明:本站的技术帖子网页,遵循CC BY-SA 4.0协议,如果您需要转载,请注明本站网址或者原文地址。任何问题请咨询:yoyou2525@163.com.

相关问题 ASP.NET 4.7.2 OWIN JWT 承载身份验证承载前缀 - ASP.NET 4.7.2 OWIN JWT Bearer Authentication Bearer prefix ASP.NET MVC中的多个身份验证提供程序 - Multiple authentication providers in ASP.NET MVC 在asp.net下使用owin和LinkedIn身份验证提供程序进行WebApi身份验证 - WebApi authentication with owin and LinkedIn auth provider under Asp.Net ASP.Net MVC 5中的未解析符号 - OWIN Startup.Auth - Unresolved symbols in ASP.Net MVC 5 - OWIN Startup.Auth 通过在弹出窗口中使用Owin外部登录来登录Asp.net - Asp.net Login providers by using Owin external login In a Pop Up Window 如果在 ASP.NET (webforms) / OWIN 中多次单击,则复制用户 - Duplicating users if clicking multiple times in ASP.NET (webforms) / OWIN 带有ASP.NET的WMI提供程序 - WMI Providers with ASP.NET Asp.Net Core 3.1 多个依赖的自定义配置提供程序 - Asp.Net Core 3.1 Multiple dependent custom configuration providers ASP.NET Core身份:同一帐户的多个提供程序 - ASP.NET Core Identity: Multiple providers for the same account ASP.NET Core - 多个 Microsoft 身份验证提供程序 - ASP.NET Core - Multiple Microsoft Authentication Providers
相关标签
 
粤ICP备18138465号  © 2020-2024 STACKOOM.COM