但我宁愿使用Microsoft.AspNetCore.Authentication.AzureAD.UI NuGet包而不是我的自定义变体,我只是不确定如何进入并访问OpenIDConnectoptions上的事件.
我不知道它是不是可以做的事情,或者我只是没有足够的依赖注入处理来弄清楚如何做到这一点.
或者我应该考虑在流程的不同部分添加索赔等?
public static AuthenticationBuilder AddAzureAD( this AuthenticationBuilder builder,string scheme,string openIDConnectScheme,string cookieScheme,string displayname,Action<AzureADOptions> configureOptions) { AddAdditionalMvcApplicationParts(builder.Services); builder.AddPolicyScheme(scheme,displayname,o => { o.ForwardDefault = cookieScheme; o.ForwardChallenge = openIDConnectScheme; }); builder.Services.Configure( TryAddOpenIDcookieSchemeMapPings(scheme,openIDConnectScheme,cookieScheme)); builder.Services.TryAddSingleton<IConfigureOptions<AzureADOptions>,AzureADOptionsConfiguration>(); // They put in their custom OpenIDConnect configuration,but I can't see how to get at the events. builder.Services.TryAddSingleton<IConfigureOptions<OpenIDConnectoptions>,OpenIDConnectoptionsConfiguration>(); builder.Services.TryAddSingleton<IConfigureOptions<cookieAuthenticationoptions>,cookieOptionsConfiguration>(); builder.Services.Configure(scheme,configureOptions); builder.AddOpenIDConnect(openIDConnectScheme,null,o => { }); builder.Addcookie(cookieScheme,o => { }); return builder;}解决方法 我在这里可能会迟到一点,但我遇到了同样的问题,发现AzureAD身份验证中间件的记录很少.在这里添加解决方案,为其他人在同一个问题上挣扎. 正如您在问题的代码片段底部所看到的,AzureAD提供程序实际上依赖于OpenIDConnect和cookie auth提供程序,并且本身不实现任何身份验证逻辑.
为此,添加了两个额外的身份验证方案,分别使用定义为AzureADDefaults.OpenIDScheme和AzureADDefaults.cookieScheme的名称.
(虽然使用AddAzureAD时也可以自定义名称(此Microsoft.AspNetCore.Authentication.AuthenticationBuilder构建器,字符串方案,字符串openIDConnectScheme,字符串cookieScheme,字符串displayname, *** 作< Microsoft.AspNetCore.Authentication.AzureAD.UI.AzureADOptions> configureOptions )超载).
反过来,它允许使用上面的方案名称配置有效的OpenIDConnectoptions和cookieAuthenticationoptions,包括访问OpenIDConnectEvents.
看到这个完整的例子:
services.AddAuthentication(AzureADDefaults.AuthenticationScheme) .AddAzureAD(options => Configuration.Bind("AzureAd",options)); services.Configure<OpenIDConnectoptions>(AzureADDefaults.OpenIDScheme,options => { options.Events = new OpenIDConnectEvents { OnRedirectToIDentityProvIDer = async ctxt => { // Invoked before redirecting to the IDentity provIDer to authenticate. This can be used to set ProtocolMessage.State // that will be persisted through the authentication process. The ProtocolMessage can also be used to add or customize // parameters sent to the IDentity provIDer. await Task.YIEld(); },OnMessageReceived = async ctxt => { // Invoked when a protocol message is first received. await Task.YIEld(); },OnTicketReceived = async ctxt => { // Invoked after the remote ticket has been received. // Can be used to modify the Principal before it is passed to the cookie scheme for sign-in. // This example removes all 'groups' claims from the Principal (assuming the AAD app has been configured // with "groupMembershipClaims": "SecurityGroup"). Group memberships can be checked here and turned into // roles,to be persisted in the cookie. if (ctxt.Principal.IDentity is ClaimsIDentity IDentity) { ctxt.Principal.FindAll(x => x.Type == "groups") .ToList() .ForEach(IDentity.RemoveClaim); } await Task.YIEld(); },}; }); services.Configure<cookieAuthenticationoptions>(AzureADDefaults.cookieScheme,options => { options.Events = new cookieAuthenticationEvents { // ... }; }); 总结 以上是内存溢出为你收集整理的c# – 使用Authentication.AzureAD.UI库时实现OpenIdConnectOptions事件全部内容,希望文章能够帮你解决c# – 使用Authentication.AzureAD.UI库时实现OpenIdConnectOptions事件所遇到的程序开发问题。
如果觉得内存溢出网站内容还不错,欢迎将内存溢出网站推荐给程序员好友。
欢迎分享,转载请注明来源:内存溢出
微信扫一扫
支付宝扫一扫
评论列表(0条)