ectAuthentication和Identity服务器重定向

ectAuthentication和Identity服务器重定向

本文介绍了登录后使用OpenIdConnectAuthentication和Identity服务器重定向其他目录,然后重定向首页/索引的处理方法,对大家解决问题具有一定的参考价值,需要的朋友们下面随着小编来一起学习吧!

问题描述

我正在尝试将用户重定向到仪表板,但它始终将其重定向到Home/Index,这是因为我已将RedirectUri设置为 Identity Server选项中的http://localhost:35641/.但是,对于登录后的应用程序登录页面来说,这是正确的,它需要重定向仪表板.我可以在Index的Action Result中编写自定义逻辑,但我想避免这样做.MVC Web启动方法

I'm trying to Redirect user to Dashboard but it always redirect it to Home/Index that is because I've set RedirectUri to http://localhost:35641/ in Identity Server Options. But that is true in case of application landing page after login it needs to redirect o dashboard. I can write custom logic in Index's Action Result but I want to avoid it.MVC web Startup method

  public void Configuration(IAppBuilder app)
    {
                // Implicit mvc owin
                JwtSecurityTokenHandler.InboundClaimTypeMap = new Dictionary<string, string>();
                app.UseCookieAuthentication(new CookieAuthenticationOptions
                {
                    AuthenticationType = "Cookies"
                });
                app.UseOpenIdConnectAuthentication(new OpenIdConnectAuthenticationOptions
                {
                    ClientId = ApplicationConstants.ClientIdNucleusMvcApp,
                    Authority = ApplicationConstants.UrlBaseAuth,
                    RedirectUri = ApplicationConstants.UrlBaseWeb,
                    PostLogoutRedirectUri = ApplicationConstants.UrlBaseWeb,
                    ResponseType = "id_token token",
                    Scope = string.Format("openid email {0}", ApplicationScopes.MvcApp),
                    SignInAsAuthenticationType = "Cookies",

                    // sample how to access token on form (when adding the token response type)
                    Notifications = new OpenIdConnectAuthenticationNotifications
                    {
                        SecurityTokenValidated = async n =>
                        {
                            // Adding access token in claims
                            var accessToken = n.ProtocolMessage.AccessToken;
                            if (!string.IsNullOrEmpty(accessToken))
                            {
                                n.AuthenticationTicket.Identity.AddClaim(new Claim("access_token", accessToken));
                            }

                            // Adding identity token in claims
                            var identityToken = n.ProtocolMessage.IdToken;
                            if (!string.IsNullOrEmpty(identityToken))
                            {
                                n.AuthenticationTicket.Identity.AddClaim(new Claim("identity_token", identityToken));
                            }
                        },
                        RedirectToIdentityProvider = async n =>
                        {
                            // if signing out, add the id_token_hint
                            if (n.ProtocolMessage.RequestType == OpenIdConnectRequestType.LogoutRequest)
                            {
                                var idToken = n.OwinContext.Authentication.User.FindFirst("identity_token");
                                n.ProtocolMessage.IdTokenHint = idToken == null ? null : idToken.Value;
                                n.ProtocolMessage.PostLogoutRedirectUri = ApplicationConstants.UrlBaseWeb;
                            }
                        }
                    }
                });
            }

这是我在Identity Server上的客户端

Here is my Client on Identity Server

 new Client
                {
                    Enabled = true,
                    ClientName = ApplicationConstants.ClientNameNucleusMvcApp,
                    ClientId = ApplicationConstants.ClientIdNucleusMvcApp,
                    ClientSecrets = new List<ClientSecret>
                    {
                        new ClientSecret(ApplicationConstants.ClientSecretNucleusMvcApp.Sha256())
                    },
                    Flow = Flows.Implicit,
                    RequireConsent = false,
                    AccessTokenType = AccessTokenType.Reference,
                    IdentityTokenLifetime = 1800,
                    AccessTokenLifetime = 1800,
                    RedirectUris = new List<string>
                    {
                        // MVC form post sample
                        ApplicationConstants.UrlBaseWeb,
                        ApplicationConstants.UrlBaseWeb + "Dashboard/Index"
                    },
                    PostLogoutRedirectUris = new List<string>
                    {
                        ApplicationConstants.UrlBaseWeb
                    }
                }

我们将不胜感激.谢谢

推荐答案

用于与您的权限进行通信的RedirectUri不应有所不同,它只是用于将令牌分派回您的应用程序.之后,有一个内部(==应用程序本地)重定向,用于设置会话cookie,并且可以转到站点中您想要的任何位置.您如何触发身份验证?如果您是通过[授权]从受保护的动作开始的,那么您最终应该始终回到那里.如果您使用的是显式登录代码,例如

The RedirectUri you use for talking with your authority should not make a difference, that's just used for dispatching the token back to your application. After that there is an internal (==local to the app) redirect that is used for setting the session cookie and can go anywhere you want within the site. How do you trigger authentication? If you started from a protected action via [authorize], you should always land back in there in the end. If you are using explicit sign in code like if

HttpContext.GetOwinContext().Authentication.Challenge(new AuthenticationProperties { RedirectUri = "/" }, OpenIdConnectAuthenticationDefaults.AuthenticationType);

您始终可以在RedirectUri中指定所需的任何着陆路线.我知道,驱动此内部重定向的属性与协议对应的名称完全相同,这非常令人困惑-我们唯一的借口是,当引入基于声明的新中间件时,AuthenticationProperties类已经存在,并调用带有下划线的实际OAuth/OIDC redirect_uri不适用于.NET社区. HTH

you can always specify whatever desired landing route you want in RedirectUri. I know, it is fantastically confusing that the property driving this internal redirect has the exact same name as the protocol counterpart - the only excuse we have is that the AuthenticationProperties class already existed when the new claims based middleware was introduced, and calling the actual OAuth/OIDC redirect_uri with the underscore didn't fly with the .NET community. HTH

这篇关于登录后使用OpenIdConnectAuthentication和Identity服务器重定向其他目录,然后重定向首页/索引的文章就介绍到这了,希望我们推荐的答案对大家有所帮助,也希望大家多多支持!

08-04 15:38