堆棧內存溢出
  簡體   English   中英

Asp.NET 4.7.2 多個 Owin 身份驗證提供程序

[英]Asp.NET 4.7.2 Multiple Owin Auth Providers

 原文  2020-04-16 23:46:36       c#/ asp.net/ owin

問題描述

是否可以在同一個應用程序中使用兩個 OpenIdConnect 提供程序? 我需要登錄兩個不同的組,第一個是擁有有效 Azure AD 帳戶的員工,第二個是沒有 Azure AD 帳戶的客戶。 我知道要使用的端點,並且已經使用 .NET Core 處理包含此功能的應用程序,但我無法在 .NET 4.7.2 中成功實現此功能

在我的 start.auth.cs 文件中,我一直在嘗試添加這樣的提供程序

app.UseOpenIdConnectAuthentication(CustomerOptions());
app.UseOpenIdConnectAuthentication(EmployeeOptions());

    private static OpenIdConnectAuthenticationOptions EmployeeOptions() =>
            new OpenIdConnectAuthenticationOptions
            {
                ClientId = ClientId,
                Authority = authority,
                RedirectUri = RedirectUri,
                ClientSecret = ClientSecret,
                PostLogoutRedirectUri = RedirectUri,
                Scope = OpenIdConnectScope.OpenIdProfile,
                // ResponseType is set to request the id_token - which contains basic information about the signed-in user
                ResponseType = OpenIdConnectResponseType.CodeIdToken,
                // ValidateIssuer set to false to allow personal and work accounts from any organization to sign in to your application
                // To only allow users from a single organizations, set ValidateIssuer to true and 'tenant' setting in web.config to the tenant name
                // To allow users from only a list of specific organizations, set ValidateIssuer to true and use ValidIssuers parameter
                TokenValidationParameters = new TokenValidationParameters()
                {
                    ValidateIssuer = false // This is a simplification
                },
                // OpenIdConnectAuthenticationNotifications configures OWIN to send notification of failed authentications to OnAuthenticationFailed method
                Notifications = new OpenIdConnectAuthenticationNotifications
                {
                    AuthenticationFailed = OnAuthenticationFailed,
                    SecurityTokenValidated = OnAdSecurityTokenValidated
                }
            };

其中...Options 方法具有特定於每個端點的 OpenIdConnectAuthenticationOptions。 如果我只使用其中一種方法,我可以在應用程序中進行身份驗證,但是當我嘗試同時添加兩種身份驗證時,只會使用最后添加的客戶端。

調用方法的代碼為: 1.調用Azure AD provider

            HttpContext.GetOwinContext().Authentication.Challenge(
                new AuthenticationProperties { RedirectUri = "/" },
                OpenIdConnectAuthenticationDefaults.AuthenticationType);

  1. 致電客戶提供商

     var properties = new AuthenticationProperties { RedirectUri = "/" }; var scheme = "schemeName"; HttpContext.GetOwinContext().Authentication.Challenge(properties, scheme);

如何調用適當的身份驗證提供程序?

謝謝

2 個解決方案

解決方案1
 1 已采納  2020-04-20 14:03:55

您需要通過OpenIdConnectAuthenticationOptions.AuthenticationType屬性為每個身份驗證中間件設置不同的方案,並在Challenge(...)方法中傳遞要進行身份驗證的方案。

解決方案2
 0  2020-04-20 13:03:05

我在更新 OpenIdConnectAuthenticationOptions 時忽略了設置身份驗證類型參數,因此在添加第二個身份驗證提供程序時覆蓋了默認設置。

app.UseOpenIdConnectAuthentication(CustomerOptions());
app.UseOpenIdConnectAuthentication(EmployeeOptions());

private static OpenIdConnectAuthenticationOptions EmployeeOptions() =>
        new OpenIdConnectAuthenticationOptions("employeeAuthenticationType")
        {
            ClientId = ClientId,
            Authority = authority,
            RedirectUri = RedirectUri,
            ClientSecret = ClientSecret,
            PostLogoutRedirectUri = RedirectUri,
            Scope = OpenIdConnectScope.OpenIdProfile,
            // ResponseType is set to request the id_token - which contains basic information about the signed-in user
            ResponseType = OpenIdConnectResponseType.CodeIdToken,
            // ValidateIssuer set to false to allow personal and work accounts from any organization to sign in to your application
            // To only allow users from a single organizations, set ValidateIssuer to true and 'tenant' setting in web.config to the tenant name
            // To allow users from only a list of specific organizations, set ValidateIssuer to true and use ValidIssuers parameter
            TokenValidationParameters = new TokenValidationParameters()
            {
                ValidateIssuer = false // This is a simplification
            },
            // OpenIdConnectAuthenticationNotifications configures OWIN to send notification of failed authentications to OnAuthenticationFailed method
            Notifications = new OpenIdConnectAuthenticationNotifications
            {
                AuthenticationFailed = OnAuthenticationFailed,
                SecurityTokenValidated = OnAdSecurityTokenValidated
            }
        };

暫無
暫無

聲明:本站的技術帖子網頁,遵循CC BY-SA 4.0協議,如果您需要轉載,請注明本站網址或者原文地址。任何問題請咨詢:yoyou2525@163.com.

相關問題 ASP.NET 4.7.2 OWIN JWT 承載身份驗證承載前綴 ASP.NET MVC中的多個身份驗證提供程序 在asp.net下使用owin和LinkedIn身份驗證提供程序進行WebApi身份驗證 ASP.Net MVC 5中的未解析符號 - OWIN Startup.Auth 通過在彈出窗口中使用Owin外部登錄來登錄Asp.net 如果在 ASP.NET (webforms) / OWIN 中多次單擊,則復制用戶 帶有ASP.NET的WMI提供程序 Asp.Net Core 3.1 多個依賴的自定義配置提供程序 ASP.NET Core身份:同一帳戶的多個提供程序 ASP.NET Core - 多個 Microsoft 身份驗證提供程序
相關標簽
 
粵ICP備18138465號  © 2020-2024 STACKOOM.COM