User

User

关注
发信
关注(28)粉丝(399)

当Azure Active Directory中的AuthenticationMode为被动时如何获取/设置userIdentity

本文介绍了当Azure Active Directory中的AuthenticationMode为被动时如何获取/设置userIdentity的处理方法,对大家解决问题具有一定的参考价值,需要的朋友们下面随着小编来一起学习吧!

问题描述

我已将AuthenticationMode设置为被动,并使用显式质询重定向到Azure登录页面.

I have set the AuthenticationMode to passive and using explicit challenge to redirect to azure login page.

这很好用,但是我需要一种编程方式来确定用户是否通过了身份验证.我也想利用用户名,但是在HttpContext.User.Identity.IsAuthenticated中不可用.

This works well, but I need a programmatical way to find out if the user is authenticated or not. I also want to utilize the user Name, but it is not availble in HttpContext.User.Identity.IsAuthenticated.

请让我知道我可以从哪里获得这些信息?

Please let me know where from I can get this information?

        app.UseOpenIdConnectAuthentication(
            new OpenIdConnectAuthenticationOptions
            {
                AuthenticationType="a",
                AuthenticationMode = AuthenticationMode.Passive,
                MetadataAddress = String.Format(aadInstance2, tenant2, SignUpSignInPolicyId),
                ClientId = clientId2,
                RedirectUri = redirectUri2,
                PostLogoutRedirectUri = postLogoutRedirectUri,
                CallbackPath= new PathString("/Home/index"),
            });

        app.UseOpenIdConnectAuthentication(
            new OpenIdConnectAuthenticationOptions
            {
                AuthenticationType = "b",
                AuthenticationMode = AuthenticationMode.Passive,
                ClientId = clientId,
                Authority = authority,
                PostLogoutRedirectUri = postLogoutRedirectUri,
                CallbackPath = new PathString("/Home/contact"),
            });


    public void Redirect1()
    {
        HttpContext.GetOwinContext().Authentication.Challenge(new AuthenticationProperties { RedirectUri = "/" }, "b");
    }

    public void Redirect2()
    {
        HttpContext.GetOwinContext().Authentication.Challenge(new AuthenticationProperties { RedirectUri = "/" }, "a");
    }

推荐答案

此问题不是由AuthenticationMode引起的,您不应指定CallbackPath.如果设置此参数,则Microsoft.Owin.Security.OpenIdConnect.OpenIdConnectAuthenticationHandler将仅侦听此地址处的帖子.因此,您将无法成功处理从Azure AD进行的重定向.

This issue is not caused by AuthenticationMode, you shouldn't specify the CallbackPath. If you set this parameter, then the Microsoft.Owin.Security.OpenIdConnect.OpenIdConnectAuthenticationHandler will only listen for posts at this address. So you are not able to handle the redirect from Azure AD successfully.

以下是使用多个OpenId connect OWIN注释的代码供您参考:

Here is the code for using the multiple OpenId connect OWIN comments for your reference:

app.UseOpenIdConnectAuthentication(new OpenIdConnectAuthenticationOptions
{
    ClientId = clientId,
    Authority = authority,
    AuthenticationType = "aad1",
    RedirectUri = "http://localhost:2803/",
    AuthenticationMode = AuthenticationMode.Passive,
    PostLogoutRedirectUri= "http://localhost:2803/"
});

app.UseOpenIdConnectAuthentication(new OpenIdConnectAuthenticationOptions
{
    ClientId = "5efa8abc-13dc-4681-83f5-c6fde071xxxx",
    Authority = authority2,
    AuthenticationType = "aad2",
    RedirectUri = "http://localhost:2803/",
    AuthenticationMode = AuthenticationMode.Passive,
    PostLogoutRedirectUri= "http://localhost:2803/"
});

然后我们可以使用HttpContext.User.Identity.IsAuthenticated检查用户是否登录.

Then we can use the HttpContext.User.Identity.IsAuthenticated check whether the user is sign-in.

AccountController.cs:

AccountController.cs:

public class AccountController : Controller
{
    public void SignIn(string provider,string ReturnUrl = "/default")
    {
        // Send an OpenID Connect sign-in request.
        if (!Request.IsAuthenticated)
        {
            HttpContext.GetOwinContext().Authentication.Challenge(new AuthenticationProperties { RedirectUri = ReturnUrl }, provider);
            HttpContext.Response.Cookies["provider"].Value = provider;
        }
    }
    public void SignOut()
    {
        var provider = HttpContext.Request.Cookies["provider"].Value;
        Request.Cookies.Clear();
        HttpContext.GetOwinContext().Authentication.SignOut(
            provider, CookieAuthenticationDefaults.AuthenticationType);

    }

    public void EndSession()
    {
        // If AAD sends a single sign-out message to the app, end the user's session, but don't redirect to AAD for sign out.
        HttpContext.GetOwinContext().Authentication.SignOut(CookieAuthenticationDefaults.AuthenticationType);
    }
}

登录页面上的登录按钮:

Login buttons on the login page:

    <input type="button" value="AzureAD-aad1" onclick="location.href='@Url.Action("SignIn", "Account",new { provider="aad1"} )'" />
    <input type="button" value="AzureAD-aad2" onclick="location.href='@Url.Action("SignIn", "Account",new { provider="aad2"} )'" />

以下是使用Fiddler捕获请求的图:

Here is a figure which captured the request using Fiddler:

这篇关于当Azure Active Directory中的AuthenticationMode为被动时如何获取/设置userIdentity的文章就介绍到这了,希望我们推荐的答案对大家有所帮助,也希望大家多多支持!

10-30 07:27
Powered by LMLPHP ©2024 User 0.001291