[英]How to protect all contents(.aspx,.asp,.js and img ,etc) of an asp.net web site if we use Azure AD authentication?
<authorization>
<deny users="?"/>
<allow users="*"/>
</authorization>
<authentication mode="None">
<forms loginUrl="~/login.aspx" timeout="2880"/>
</authentication>
這個配置甚至不帶我登錄屏幕。
我的 startup.cs 有 Azure AD 的配置。 但是為了保護所有內容(.aspx、.asp、.js 和 .img)究竟要制作什么代碼
app.SetDefaultSignInAsAuthenticationType(OpenIdConnectAuthenticationDefaults.AuthenticationType);
app.UseCookieAuthentication(new CookieAuthenticationOptions());
app.UseOpenIdConnectAuthentication(
new OpenIdConnectAuthenticationOptions
{
Authority = authority,
ClientId = clientId,
ClientSecret= clientsecret,
RedirectUri = redirectUri,
PostLogoutRedirectUri = redirectUri,
Scope = $"openid",
TokenValidationParameters = new TokenValidationParameters()
{
NameClaimType = "preferred_username",
ValidateIssuer = true,
ValidIssuer = tenant
},
Notifications = new OpenIdConnectAuthenticationNotifications
{
RedirectToIdentityProvider = OnRedirectToIdentityProvider,
AuthorizationCodeReceived = OnAuthorizationCodeReceived,
AuthenticationFailed = OnAuthenticationFailed
}
}
);
private Task OnRedirectToIdentityProvider(RedirectToIdentityProviderNotification<OpenIdConnectMessage, OpenIdConnectAuthenticationOptions> notification)
{
var policy = notification.OwinContext.Get<string>("Policy");
if (!string.IsNullOrEmpty(policy) && !policy.Equals(DefaultPolicy))
{
notification.ProtocolMessage.Scope = OpenIdConnectScope.OpenId;
notification.ProtocolMessage.ResponseType = OpenIdConnectResponseType.IdToken;
notification.ProtocolMessage.IssuerAddress = notification.ProtocolMessage.IssuerAddress.ToLower().Replace(DefaultPolicy.ToLower(), policy.ToLower());
}
return Task.FromResult(0);
}
private Task OnAuthenticationFailed(AuthenticationFailedNotification<OpenIdConnectMessage, OpenIdConnectAuthenticationOptions> context)
{
context.HandleResponse();
context.Response.Redirect("/?errormessage=" + context.Exception.Message);
return Task.FromResult(0);
}
private async Task OnAuthorizationCodeReceived(AuthorizationCodeReceivedNotification notification)
{
try
{
IConfidentialClientApplication confidentialClient = MsalAppBuilder.BuildConfidentialClientApplication(new ClaimsPrincipal(notification.AuthenticationTicket.Identity));
// Upon successful sign in, get & cache a token using MSAL
AuthenticationResult result = await confidentialClient.AcquireTokenByAuthorizationCode(Scopes, notification.Code).ExecuteAsync();
string username = notification.AuthenticationTicket.Identity.FindFirst("preferred_username").Value;
FormsAuthenticationTicket authTicket = new FormsAuthenticationTicket(1, username, DateTime.Now, DateTime.Now.AddMinutes(60), true, "");
string encryptedTicket = FormsAuthentication.Encrypt(authTicket);
notification.Response.Cookies.Append(FormsAuthentication.FormsCookieName, encryptedTicket);
}
catch (Exception ex)
{
throw new HttpResponseException(new HttpResponseMessage
{
StatusCode = HttpStatusCode.BadRequest,
ReasonPhrase = $"Unable to get authorization code {ex.Message}."
});
}
}
<authentication mode="Forms">
<forms loginUrl="~/login.aspx" timeout="2880"/>
</authentication>
這個配置讓我去登錄頁面。 但即使在 Azure 身份驗證之后,它也沒有意識到用戶已通過身份驗證並且沒有登陸到 default.aspx ,而是再次返回登錄屏幕。 請幫忙。
聲明:本站的技術帖子網頁,遵循CC BY-SA 4.0協議,如果您需要轉載,請注明本站網址或者原文地址。任何問題請咨詢:yoyou2525@163.com.