如果使用 Azure AD 身份驗證，如何保護 asp.net 網站的所有內容（.aspx、.asp、.js 和 img 等）？

Question

 <authorization>
  <deny users="?"/>
  <allow users="*"/>
</authorization>
<authentication mode="None">
  <forms loginUrl="~/login.aspx" timeout="2880"/>
</authentication>

這個配置甚至不帶我登錄屏幕。

我的 startup.cs 有 Azure AD 的配置。 但是為了保護所有內容（.aspx、.asp、.js 和 .img）究竟要制作什么代碼

 app.SetDefaultSignInAsAuthenticationType(OpenIdConnectAuthenticationDefaults.AuthenticationType);
        app.UseCookieAuthentication(new CookieAuthenticationOptions());
        app.UseOpenIdConnectAuthentication(
            new OpenIdConnectAuthenticationOptions
            {
                Authority = authority,
                ClientId = clientId,
                ClientSecret= clientsecret,
                RedirectUri = redirectUri,
                PostLogoutRedirectUri = redirectUri,
                Scope = $"openid",
                TokenValidationParameters = new TokenValidationParameters()
                {
                    NameClaimType = "preferred_username",
                    ValidateIssuer = true,
                    ValidIssuer = tenant
                },
                Notifications = new OpenIdConnectAuthenticationNotifications
                {
                    RedirectToIdentityProvider = OnRedirectToIdentityProvider,
                    AuthorizationCodeReceived = OnAuthorizationCodeReceived,
                    AuthenticationFailed = OnAuthenticationFailed
                }
            }
        ); 

 private Task OnRedirectToIdentityProvider(RedirectToIdentityProviderNotification<OpenIdConnectMessage, OpenIdConnectAuthenticationOptions> notification)
    {
        var policy = notification.OwinContext.Get<string>("Policy");

        if (!string.IsNullOrEmpty(policy) && !policy.Equals(DefaultPolicy))
        {
            notification.ProtocolMessage.Scope = OpenIdConnectScope.OpenId;
            notification.ProtocolMessage.ResponseType = OpenIdConnectResponseType.IdToken;
            notification.ProtocolMessage.IssuerAddress = notification.ProtocolMessage.IssuerAddress.ToLower().Replace(DefaultPolicy.ToLower(), policy.ToLower());
        }

        return Task.FromResult(0);
    }
    private Task OnAuthenticationFailed(AuthenticationFailedNotification<OpenIdConnectMessage, OpenIdConnectAuthenticationOptions> context)
    {
        context.HandleResponse();
        context.Response.Redirect("/?errormessage=" + context.Exception.Message);
        return Task.FromResult(0);
    }
    private async Task OnAuthorizationCodeReceived(AuthorizationCodeReceivedNotification notification)
    {
        try
        {                
            IConfidentialClientApplication confidentialClient = MsalAppBuilder.BuildConfidentialClientApplication(new ClaimsPrincipal(notification.AuthenticationTicket.Identity));

            // Upon successful sign in, get & cache a token using MSAL
            AuthenticationResult result = await confidentialClient.AcquireTokenByAuthorizationCode(Scopes, notification.Code).ExecuteAsync();

            string username = notification.AuthenticationTicket.Identity.FindFirst("preferred_username").Value;
            FormsAuthenticationTicket authTicket = new FormsAuthenticationTicket(1, username, DateTime.Now, DateTime.Now.AddMinutes(60), true, "");
            string encryptedTicket = FormsAuthentication.Encrypt(authTicket);
            notification.Response.Cookies.Append(FormsAuthentication.FormsCookieName, encryptedTicket);
        }
        catch (Exception ex)
        {
            throw new HttpResponseException(new HttpResponseMessage
            {
                StatusCode = HttpStatusCode.BadRequest,
                ReasonPhrase = $"Unable to get authorization code {ex.Message}."
            });
        }
    }

<authentication mode="Forms">
  <forms loginUrl="~/login.aspx" timeout="2880"/>
</authentication>

這個配置讓我去登錄頁面。 但即使在 Azure 身份驗證之后，它也沒有意識到用戶已通過身份驗證並且沒有登陸到 default.aspx ，而是再次返回登錄屏幕。 請幫忙。

Answer 1

對於 ASPX 和 ASP 頁面，您可以實現一個Http 模塊來檢查請求並驗證是否已附加到請求中。 對於其他資源，您可以嘗試實現執行相同操作的Http 處理程序。