[英]Can ASP.NET Core 7 with Blazor use NavigateToLogin with a domain hint?
按照此处的建议在 .NET 7 中的 Blazor 应用程序中使用 new.NavigateToLogin 时,如何在调用 NavigateToLogin(或 NavigateToLogout)时传递域提示? 或者有没有办法通过设置自动添加域提示?
没有域提示,我的用户现在有一个额外的登录和注销步骤。 (我将 MSAL 用于 Open ID Connect with Azure AD。)
从此页面看来,好像我可以新建一个 InteractiveRequestOptions 对象,运行options.TryAddAdditionalParameter("domain_hint", "mydomain.com"); ,并将其传递给Navigation.NavigateToLogin但它根本不起作用; 这根本是无效的。
我认为这个问题仍然适用: https ://github.com/dotnet/aspnetcore/issues/40046#issuecomment-1042575825 - 至少我是这样解决的。 不确定是否有更好的方法来做到这一点。
因此,第 1 步:添加 AuthExtensions 类:
using System.Text.Json.Serialization;
using Microsoft.AspNetCore.Components;
using Microsoft.AspNetCore.Components.WebAssembly.Authentication;
using Microsoft.Extensions.DependencyInjection.Extensions;
using Microsoft.Extensions.Options;
namespace Your.Namespace;
/// <summary>
/// https://github.com/dotnet/aspnetcore/issues/40046
/// </summary>
public static class AuthExtensions
{
/// <summary>
/// Adds support for Auth0 authentication for SPA applications using <see cref="Auth0OidcProviderOptions"/> and the <see cref="RemoteAuthenticationState"/>.
/// </summary>
/// <param name="services">The <see cref="IServiceCollection"/> to add the services to.</param>
/// <param name="configure">An action that will configure the <see cref="RemoteAuthenticationOptions{TProviderOptions}"/>.</param>
/// <returns>The <see cref="IServiceCollection"/> where the services were registered.</returns>
public static IRemoteAuthenticationBuilder<RemoteAuthenticationState, RemoteUserAccount> AddAuth0OidcAuthentication(this IServiceCollection services, Action<RemoteAuthenticationOptions<Auth0OidcProviderOptions>> configure)
{
services.TryAddEnumerable(ServiceDescriptor.Scoped<IPostConfigureOptions<RemoteAuthenticationOptions<Auth0OidcProviderOptions>>, DefaultAuth0OidcOptionsConfiguration>());
return services.AddRemoteAuthentication<RemoteAuthenticationState, RemoteUserAccount, Auth0OidcProviderOptions>(configure);
}
}
public class Auth0OidcProviderOptions : OidcProviderOptions
{
public MetadataSeed MetadataSeed { get; set; } = new();
}
public class MetadataSeed
{
[JsonPropertyName("end_session_endpoint")]
public string EndSessionEndpoint { get; set; } = null!;
}
// Copy/paste from Microsoft.AspNetCore.Components.WebAssembly.Authentication with the option type changed.
public class DefaultAuth0OidcOptionsConfiguration : IPostConfigureOptions<RemoteAuthenticationOptions<Auth0OidcProviderOptions>>
{
private readonly NavigationManager _navigationManager;
public DefaultAuth0OidcOptionsConfiguration(NavigationManager navigationManager) => _navigationManager = navigationManager;
public void Configure(RemoteAuthenticationOptions<Auth0OidcProviderOptions> options)
{
if (options == null)
{
return;
}
options.UserOptions.AuthenticationType ??= options.ProviderOptions.ClientId;
var redirectUri = options.ProviderOptions.RedirectUri;
if (redirectUri == null || !Uri.TryCreate(redirectUri, UriKind.Absolute, out _))
{
redirectUri ??= "authentication/login-callback";
options.ProviderOptions.RedirectUri = _navigationManager.ToAbsoluteUri(redirectUri).AbsoluteUri;
}
var logoutUri = options.ProviderOptions.PostLogoutRedirectUri;
if (logoutUri == null || !Uri.TryCreate(logoutUri, UriKind.Absolute, out _))
{
logoutUri ??= "authentication/logout-callback";
options.ProviderOptions.PostLogoutRedirectUri = _navigationManager.ToAbsoluteUri(logoutUri).AbsoluteUri;
}
}
public void PostConfigure(string name, RemoteAuthenticationOptions<Auth0OidcProviderOptions> options)
{
if (string.Equals(name, Options.DefaultName, StringComparison.Ordinal))
{
Configure(options);
}
}
}
然后在你的 program.cs 中你像这样连接它:
builder.Services.AddAuth0OidcAuthentication(options =>
{
var authority = builder.Configuration["GoogleAuth:Authority"];
var clientId = builder.Configuration["GoogleAuth:ClientId"];
options.ProviderOptions.MetadataSeed.EndSessionEndpoint = $"{authority}/v2/logout?client_id={clientId}&returnTo={builder.HostEnvironment.BaseAddress}";
// Allowing only MyDomain.Com users
options.ProviderOptions.AdditionalProviderParameters.Add("hd", builder.Configuration["GoogleAuth:hd"]);
});
请注意,我不是 100% 确定您应该添加哪个确切参数。 “hd”是基于谷歌云的域的域提示参数: https ://developers.google.com/identity/openid-connect/openid-connect#hd-param
基于本指南: https ://learn.microsoft.com/en-us/azure/active-directory-b2c/direct-signin?pivots=b2c-user-flow - 看起来 Azure 域提示参数是login_hint或domain_hint
从这个页面,我发现我可以创建一个InteractiveRequestOptions对象,运行options.TryAddAdditionalParameter("domainHint", "mydomain.com"); ,并将其传递给 Navigation.NavigateToLogin,效果很好。 请小心使用domainHint而不是domain_hint ,这与几篇文档相反。
“Blazor (ASP.NET Core hostd)”可以使用 Windows 身份验证吗?
[英]Can "Blazor (ASP.NET Core hostd)" use windows authentication?
Blazor WASM Asp.net 核心是否托管 = Blazor 服务器端?
[英]Is Blazor WASM Asp.net core Hosted = Blazor server side?
如何正确使用依赖注入在 Blazor 组件上包含 asp.net 核心标识 UserManager?
[英]How do I properly use dependency injection to include asp.net core identity UserManager on a Blazor component?
如何在 asp.net 核心 blazor 的通用服务中使用任何 model
[英]How to use any model in a generic service in asp.net core blazor
如何逐步使用 Blazor WASM 作为现有 Asp.Net Core Angular 项目的一部分
[英]How to use Blazor WASM gradually as part of existing Asp.Net Core Angular project
带有 Blazor 的 ASP.NET Core:无法弄清楚 cookie 身份验证
[英]ASP.NET Core with Blazor: Cannot figure out cookie authentification
部署托管到 Azure 的 Blazor WebAssembly 应用 ASP.NET Core
[英]Deploy Blazor WebAssembly App ASP.NET Core hosted to Azure
声明:本站的技术帖子网页,遵循CC BY-SA 4.0协议,如果您需要转载,请注明本站网址或者原文地址。任何问题请咨询:yoyou2525@163.com.