[英]I am failing to authenticate users on login in asp.net mvc5 using asp.net identity
[英]Let users choose to authenticate using local forms login or Microsoft 365 external login in a MVC5 app
我正在尝试设置我的 MVC5(.net 框架 4.8,OWIN)网络应用程序的身份验证。 用户需要能够在基于普通本地表单的登录和 Microsoft 365(多租户)外部登录之间进行选择。
使用下面的代码,似乎无法使用登录表单,因为用户会立即被重定向到 Microsoft 365 登录页面,而没有提供标准登录页面。 另一个问题是似乎存在无限重定向循环。
如果我取消注释 UseMicrosoftAccountAuthentication,它会按预期工作:我确实获得了自己的登录视图,并且在登录视图中,我添加了一个“使用 Microsoft 登录”按钮,该按钮启动了对 Microsoft 登录页面的挑战,但使用它,只允许私人 Microsoft 帐户 (@outlook.com) 登录,不能进行多租户(甚至是单个租户),这是我的要求。
有没有人使用本地表单身份验证和 microsoft 365 身份验证的 web 应用程序的工作 MVC5 示例?
[assembly: OwinStartup(typeof(Website.Startup))]
namespace Website
{
public class Startup {
public void Configuration(IAppBuilder app) {
//.... (code removed for brevity)
ConfigureAuth(app);
//.... (code removed for brevity)
}
private void ConfigureAuth(IAppBuilder app) {
app.SetDefaultSignInAsAuthenticationType(CookieAuthenticationDefaults.AuthenticationType);
app.UseCookieAuthentication(new CookieAuthenticationOptions {
CookieManager = new ChunkingCookieManagerHeaderSentCheck(),
AuthenticationType = DefaultAuthenticationTypes.ApplicationCookie,
LoginPath = new PathString("/Account/Login"),
Provider = new CookieAuthenticationProvider {
OnValidateIdentity = context => SecurityStampValidator.OnValidateIdentity<ApplicationUserManager, ApplicationUser, string>(
validateInterval: TimeSpan.FromMinutes(30),
regenerateIdentityCallback: (manager, user) => user.GenerateUserIdentityAsync(manager),
getUserIdCallback: (ci) => ci.GetUserId())
.Invoke(context)
}
});
app.UseExternalSignInCookie(DefaultAuthenticationTypes.ExternalCookie);
////SSO -> microsoft login (doesn't work for Microsoft 365)
//app.UseMicrosoftAccountAuthentication(new MicrosoftAccountAuthenticationOptions {
// ClientId = "***azure app clientid***",
// ClientSecret = "***",
// Scope = { "wl.basic", "wl.emails" },
//});
string redirectUri = "https://MyPublicServerName/account/ExternalLoginCallback";
app.UseOpenIdConnectAuthentication(
new OpenIdConnectAuthenticationOptions
{
ClientId = "***azure app clientid***",
Authority = "https://login.microsoftonline.com/common/v2.0",
RedirectUri = redirectUri,
PostLogoutRedirectUri = redirectUri,
Scope = OpenIdConnectScope.OpenIdProfile,
ResponseType = OpenIdConnectResponseType.CodeIdToken,
TokenValidationParameters = new TokenValidationParameters()
{
ValidateIssuer = false // This is a simplification
},
Notifications = new OpenIdConnectAuthenticationNotifications
{
AuthenticationFailed = OnAuthenticationFailed
}
}
);
app.UseTwoFactorSignInCookie(DefaultAuthenticationTypes.TwoFactorCookie, TimeSpan.FromMinutes(5));
app.UseTwoFactorRememberBrowserCookie(DefaultAuthenticationTypes.TwoFactorRememberBrowserCookie);
}
private Task OnAuthenticationFailed(AuthenticationFailedNotification<OpenIdConnectMessage, OpenIdConnectAuthenticationOptions> context)
{
context.HandleResponse();
context.Response.Redirect("/error?message=" + context.Exception.Message);
return Task.FromResult(0);
}
}
}
登录视图包含登录 Microsoft 的代码:
<div class="form-group">
<div class="col-xs-12">
<button id="js-LoginMicrosoft" formaction="@nameof(AccountController.LoginMicrosoft)">Microsoft login</button>
</div>
</div>
帐户控制器包含以下内容:
[AllowAnonymous]
public ActionResult LoginMicrosoft(LoginViewModel model)
{
string redirectUrl = Url.Action<AccountController>(c => nameof(c.ExternalLoginCallback), new { returnUrl = model.ReturnUrl, rememberMe = model.RememberMe }, "https");
return new ChallengeResult("Microsoft", redirectUrl);
}
[HttpGet]
[AllowAnonymous]
public async Task<ActionResult> ExternalLoginCallback(string returnUrl = null, string rememberMe = "false", string remoteError = null)
{
//this is called OK when using app.UseMicrosoftAccountAuthentication,
}
我的问题实际上是带有 OpenId 选项的重复(但很难找到)MVC 个人用户帐户
我不得不更改身份验证使用的顺序。
声明:本站的技术帖子网页,遵循CC BY-SA 4.0协议,如果您需要转载,请注明本站网址或者原文地址。任何问题请咨询:yoyou2525@163.com.