调用质询时未应用身份验证属性中传递的 RedirectUri
The RedirectUri passed in the authentication properties is not being applied when calling the challenge
我正在使用 OpenId Connect 协议在我的应用程序中进行身份验证。在 Startup.cs 文件中,我使用像“https://domain.com/en-IE/Home/Index”这样的 returnUrl 配置了所有挑战(登录、注册、更改密码等),但是当我调用挑战时,我想使用当前更改 returnUrl用户所处的文化...为此,我调用以下内容:
public static void SignIn(this IOwinContext context)
{
var authProperties = new AuthenticationProperties { RedirectUri = 'https://domain.com/ga-IE/Home/Index' };
context.Authentication.Challenge(authProperties, ClientSettings.Login);
}
所以,我的问题是我可以将 returnUrl 视为 en-IE,而不是新通过的 ga-IE。
我做错了什么?
根据您的问题,您不清楚您指的是 IdP 到应用程序的流量,还是应用程序内的流量。我会假设前者。
AuthenticationProperties 的 RedirectUri 属性 与您在中间件选项中指定的 RedirectUri 不同。这是我即将发表的 book 中的一句话,可能有助于澄清:
It is an unfortunate coincidence that the RedirectUri property just
described happens to be named exactly the same as an OAuth2/OpenID
Connect protocol parameter. The value passed in Challenge is not sent
to Azure AD and used as part of the protocol dance: it is a local
value that is used after the authentication dance takes place. All
redirect URIs used by Azure AD must be explicitly registered for
security reasons, and it is clearly not feasible to register all
possible controller actions as return URIs. That’s why Azure AD
normally associates only a few return URIs with each app (typically
one for every deployment root) and the middleware itself takes care of
performing local redirects without involving the IdP to ensure that
requests land on the correct resource.
我正在使用 OpenId Connect 协议在我的应用程序中进行身份验证。在 Startup.cs 文件中,我使用像“https://domain.com/en-IE/Home/Index”这样的 returnUrl 配置了所有挑战(登录、注册、更改密码等),但是当我调用挑战时,我想使用当前更改 returnUrl用户所处的文化...为此,我调用以下内容:
public static void SignIn(this IOwinContext context)
{
var authProperties = new AuthenticationProperties { RedirectUri = 'https://domain.com/ga-IE/Home/Index' };
context.Authentication.Challenge(authProperties, ClientSettings.Login);
}
所以,我的问题是我可以将 returnUrl 视为 en-IE,而不是新通过的 ga-IE。 我做错了什么?
根据您的问题,您不清楚您指的是 IdP 到应用程序的流量,还是应用程序内的流量。我会假设前者。 AuthenticationProperties 的 RedirectUri 属性 与您在中间件选项中指定的 RedirectUri 不同。这是我即将发表的 book 中的一句话,可能有助于澄清:
It is an unfortunate coincidence that the RedirectUri property just described happens to be named exactly the same as an OAuth2/OpenID Connect protocol parameter. The value passed in Challenge is not sent to Azure AD and used as part of the protocol dance: it is a local value that is used after the authentication dance takes place. All redirect URIs used by Azure AD must be explicitly registered for security reasons, and it is clearly not feasible to register all possible controller actions as return URIs. That’s why Azure AD normally associates only a few return URIs with each app (typically one for every deployment root) and the middleware itself takes care of performing local redirects without involving the IdP to ensure that requests land on the correct resource.