stackoom
  简体   繁体   中英

OWIN challenge not triggered when using web.config authorization elements

 原文  2016-05-18 09:15:49       c#/ asp.net/ asp.net-identity/ owin/ identityserver3

Question

I'm migrating a Web Forms application from Forms Authentication to OpenID Connect (using OWIN and IdentityServer3). The application already has a lot of 'authorization' elements (for various locations) in the web.config which I would like to reuse after migrating to OWIN. 

<authorization>
   <deny users="?" />
</authorization>
<location path="Path/Page.aspx">
    <system.web>
        <authorization>
            <allow users="*" />
        </authorization>
    </system.web>
</location>
...

The problem is that after I switch to OWIN instead of being redirected to the login page and I get a 401 (unauthorized).

At the moment the only way to redirect the user to the login page is to manually make a challenge in the Page_Load event: 

if (!Request.IsAuthenticated)
{
   HttpContext.Current.GetOwinContext().Authentication.Challenge();
}

This is how my Startup.Auth looks like: 

public void ConfigureAuth(IAppBuilder app)
        {
            //reset the mapping dictionary to ensure the claims are not mapped to .NET standard claims
            JwtSecurityTokenHandler.InboundClaimTypeMap = new Dictionary<string, string>();

            app.UseCookieAuthentication(new CookieAuthenticationOptions
            {
                AuthenticationType = "ApplicationCookie",                    
                AuthenticationMode = AuthenticationMode.Active          
            });

            app.UseOpenIdConnectAuthentication(new OpenIdConnectAuthenticationOptions
            {
                ClientId = "id",
                Authority = IdentityConstants.BaseAddress,
                RedirectUri = "uri",
                ResponseType = "code id_token token",                    
                SignInAsAuthenticationType = "ApplicationCookie",
                Scope = "openid profile email roles offline_access",
                ...
            }
...

Is there a way to leverage the existing authorization elements in web config so that I don't have to make these checks again in the code?

1 answers

solution1
 4  2016-06-03 13:07:53

Add following code after app.UseOpenIdConnectAuthentication: 

app.UseStageMarker(PipelineStage.Authenticate);

This will instruct Owin to run in the integrated pipeline.

暂无
暂无

The technical post webpages of this site follow the CC BY-SA 4.0 protocol. If you need to reprint, please indicate the site URL or the original address.Any question please contact:yoyou2525@163.com.

Related Question Custom config elements collection in Web.config - Using a key to choose web.config authorization roles character escaping web.config and authentification, authorization, location Conditional location authorization in web.config? Authorization Asp.net web.config Setting authorization section of multiple location elements in one web.config from code behind Owin provide startup class in web.config (no automatic startup discovery) Web.config authorization issue using Active Directory groups that contain additional subgroups Web.Config authorization using claims instead of roles asp.net Error controller not hit when using httpErrors in web.config
Related Tags
 
粤ICP备18138465号  © 2020-2024 STACKOOM.COM