[英]Asp.NET 4.7.2 Multiple Owin Auth Providers
是否可以在同一個應用程序中使用兩個 OpenIdConnect 提供程序? 我需要登錄兩個不同的組,第一個是擁有有效 Azure AD 帳戶的員工,第二個是沒有 Azure AD 帳戶的客戶。 我知道要使用的端點,並且已經使用 .NET Core 處理包含此功能的應用程序,但我無法在 .NET 4.7.2 中成功實現此功能
在我的 start.auth.cs 文件中,我一直在嘗試添加這樣的提供程序
app.UseOpenIdConnectAuthentication(CustomerOptions());
app.UseOpenIdConnectAuthentication(EmployeeOptions());
private static OpenIdConnectAuthenticationOptions EmployeeOptions() =>
new OpenIdConnectAuthenticationOptions
{
ClientId = ClientId,
Authority = authority,
RedirectUri = RedirectUri,
ClientSecret = ClientSecret,
PostLogoutRedirectUri = RedirectUri,
Scope = OpenIdConnectScope.OpenIdProfile,
// ResponseType is set to request the id_token - which contains basic information about the signed-in user
ResponseType = OpenIdConnectResponseType.CodeIdToken,
// ValidateIssuer set to false to allow personal and work accounts from any organization to sign in to your application
// To only allow users from a single organizations, set ValidateIssuer to true and 'tenant' setting in web.config to the tenant name
// To allow users from only a list of specific organizations, set ValidateIssuer to true and use ValidIssuers parameter
TokenValidationParameters = new TokenValidationParameters()
{
ValidateIssuer = false // This is a simplification
},
// OpenIdConnectAuthenticationNotifications configures OWIN to send notification of failed authentications to OnAuthenticationFailed method
Notifications = new OpenIdConnectAuthenticationNotifications
{
AuthenticationFailed = OnAuthenticationFailed,
SecurityTokenValidated = OnAdSecurityTokenValidated
}
};
其中...Options 方法具有特定於每個端點的 OpenIdConnectAuthenticationOptions。 如果我只使用其中一種方法,我可以在應用程序中進行身份驗證,但是當我嘗試同時添加兩種身份驗證時,只會使用最后添加的客戶端。
調用方法的代碼為: 1.調用Azure AD provider
HttpContext.GetOwinContext().Authentication.Challenge(
new AuthenticationProperties { RedirectUri = "/" },
OpenIdConnectAuthenticationDefaults.AuthenticationType);
致電客戶提供商
var properties = new AuthenticationProperties { RedirectUri = "/" }; var scheme = "schemeName"; HttpContext.GetOwinContext().Authentication.Challenge(properties, scheme);
如何調用適當的身份驗證提供程序?
謝謝
您需要通過OpenIdConnectAuthenticationOptions.AuthenticationType
屬性為每個身份驗證中間件設置不同的方案,並在Challenge(...)
方法中傳遞要進行身份驗證的方案。
我在更新 OpenIdConnectAuthenticationOptions 時忽略了設置身份驗證類型參數,因此在添加第二個身份驗證提供程序時覆蓋了默認設置。
app.UseOpenIdConnectAuthentication(CustomerOptions());
app.UseOpenIdConnectAuthentication(EmployeeOptions());
private static OpenIdConnectAuthenticationOptions EmployeeOptions() =>
new OpenIdConnectAuthenticationOptions("employeeAuthenticationType")
{
ClientId = ClientId,
Authority = authority,
RedirectUri = RedirectUri,
ClientSecret = ClientSecret,
PostLogoutRedirectUri = RedirectUri,
Scope = OpenIdConnectScope.OpenIdProfile,
// ResponseType is set to request the id_token - which contains basic information about the signed-in user
ResponseType = OpenIdConnectResponseType.CodeIdToken,
// ValidateIssuer set to false to allow personal and work accounts from any organization to sign in to your application
// To only allow users from a single organizations, set ValidateIssuer to true and 'tenant' setting in web.config to the tenant name
// To allow users from only a list of specific organizations, set ValidateIssuer to true and use ValidIssuers parameter
TokenValidationParameters = new TokenValidationParameters()
{
ValidateIssuer = false // This is a simplification
},
// OpenIdConnectAuthenticationNotifications configures OWIN to send notification of failed authentications to OnAuthenticationFailed method
Notifications = new OpenIdConnectAuthenticationNotifications
{
AuthenticationFailed = OnAuthenticationFailed,
SecurityTokenValidated = OnAdSecurityTokenValidated
}
};
聲明:本站的技術帖子網頁,遵循CC BY-SA 4.0協議,如果您需要轉載,請注明本站網址或者原文地址。任何問題請咨詢:yoyou2525@163.com.