[英]Is it possible to trace what the middleware is doing in MS Identity/OpenID Connect?
I'm trying to understand how to to authenticate to login.microsoftonline.com in C#.我试图了解如何在 C# 中对 login.microsoftonline.com 进行身份验证。
I registered a test app on portal.azure.com, and used their "Quickstart" to auto-generate an example ASP.Net Core 3.1 project.我在 portal.azure.com 上注册了一个测试应用程序,并使用他们的“快速入门”自动生成一个示例 ASP.Net Core 3.1 项目。 I got these redirect URIs:我得到了这些重定向 URI:
https://localhost:44321/signin-oidc
https://localhost:44321/
https://localhost:44368/
https://localhost:5001
The auto-generated, ASP.Net Core 3.1 project compiled and ran like a charm.自动生成的 ASP.Net Core 3.1 项目编译并运行得非常顺利。 I was able to authenticate.我能够进行身份验证。
Next, I tried copying/pasting from the auto-generated code into a separate, ASP.Net Core 5 project where I'm successfully using ASP.Net Core Identity to authenticate to a "local account" (an ASP.Net Core Identity database) and to Google (OAuth2 authentication, which is what I'm TRYING to accomplish with Microsoft!)接下来,我尝试将自动生成的代码复制/粘贴到一个单独的 ASP.Net Core 5 项目中,在该项目中我成功地使用 ASP.Net Core Identity 对“本地帐户”(ASP.Net Core Identity 数据库)进行身份验证) 和谷歌( OAuth2身份验证,这是我试图通过 Microsoft 完成的!)
It fails with this unhelpful message in the web browser:它在 web 浏览器中失败并显示此无用消息:
"Error loading external login information"
Q: How can I "trace" what the MS Identity and/or OpenID Connect middleware is doing "under the covers"?问:如何“跟踪”MS Identity 和/或 OpenID Connect 中间件“在幕后”正在做什么?
Q: Is there any way for me to enable "verbose logging"?问:有什么方法可以启用“详细日志记录”吗?
Here's the Startup.cs in the failing example:这是失败示例中的 Startup.cs:
using Microsoft.AspNetCore.Authentication.OpenIdConnect;
using Microsoft.AspNetCore.Authorization;
...
using Microsoft.AspNetCore.Identity;
using Microsoft.AspNetCore.Mvc.Authorization;
...
using Microsoft.Identity.Web;
using Microsoft.Identity.Web.UI;
...
public void ConfigureServices(IServiceCollection services) {
// MS Identity Store: This all works, independent of the OpenID Connect problem...
services.AddDbContext<ApplicationDbContext>(options =>
options.UseSqlServer(
Configuration.GetConnectionString("DefaultConnection")
));
services.AddDatabaseDeveloperPageExceptionFilter();
services.AddDefaultIdentity<IdentityUser>(options => options.SignIn.RequireConfirmedAccount = true)
.AddEntityFrameworkStores<ApplicationDbContext>();
// Known-good "AzureId" copied from working example into appsettings.json
services.AddAuthentication(OpenIdConnectDefaults.AuthenticationScheme)
.AddMicrosoftIdentityWebApp(Configuration.GetSection("AzureAd"));
services.AddControllersWithViews(options =>
{
var policy = new AuthorizationPolicyBuilder()
.RequireAuthenticatedUser()
.Build();
options.Filters.Add(new AuthorizeFilter(policy));
});
services.AddRazorPages()
.AddMicrosoftIdentityUI();
...
public void Configure(IApplicationBuilder app, IWebHostEnvironment env) {
...
app.UseHttpsRedirection();
app.UseStaticFiles();
app.UseRouting();
app.UseAuthentication();
app.UseAuthorization();
OK, I found at least one alternative:好的,我至少找到了一种选择:
appsettings.json应用程序设置.json
"Logging": {
"LogLevel": {
"Default": "Information",
"Microsoft": "Warning",
"Microsoft.Hosting.Lifetime": "Information",
"Microsoft.IdentityModel": "Information"
}
Startup.cs启动.cs
public void ConfigureServices(IServiceCollection services)
{
IdentityModelEventSource.ShowPII = true; // Enable PII logging
services.AddAuthentication(OpenIdConnectDefaults.AuthenticationScheme)
.AddMicrosoftIdentityWebApp(Configuration.GetSection("AzureAd"));
...
Example MS logging示例 MS 日志记录
dotnet run
Building...
info: Microsoft.Hosting.Lifetime[0]
Now listening on: https://localhost:44321
...
info: Microsoft.IdentityModel.LoggingExtensions.IdentityLoggerAdapter[0]
Microsoft.IdentityModel Version: 6.25.0.0. Date 11/25/2022 20:10:10. PII logging is ON, do not use in production. See https://aka.ms/IdentityModel/PII for details.
IDX10242: Security token: 'eyJ0eXA*dENQ' has a valid signature.
info: Microsoft.IdentityModel.LoggingExtensions.IdentityLoggerAdapter[0]
IDX10239: Lifetime of the token is valid.
info: Microsoft.IdentityModel.LoggingExtensions.IdentityLoggerAdapter[0]
IDX10234: Audience Validated.Audience: '4ec8e*9a'
info: Microsoft.IdentityModel.LoggingExtensions.IdentityLoggerAdapter[0]
IDX10245: Creating claims identity from the validated token: '{"typ":"JWT","alg":"RS256","kid":"bW8*4"}.{"ver":"2.0","iss":"https://login.microsoftonline.com/91880*dad/v2.0","sub":"AAAA*LX_8","aud":"4ec8e482-8df2-4e90-bfec-4aafb846c99a","exp":1669493410,"iat":1669406710,"nbf":1669406710,"name":"***,"preferred_username":"***","oid":"00000...e3d","tid":"9188...ad","nonce":"6380*0.YjgzZ*U0","aio":"DXF*Lo$"}'.
info: Microsoft.IdentityModel.LoggingExtensions.IdentityLoggerAdapter[0]
IDX10241: Security token validated. token: 'eyJ0e*ENQ'.
...
声明:本站的技术帖子网页,遵循CC BY-SA 4.0协议,如果您需要转载,请注明本站网址或者原文地址。任何问题请咨询:yoyou2525@163.com.