Web API 401 重定向 Azure Active Directory OpenIdConnect
Web API 401 Redirect Azure Active Directory OpenIdConnect
我遇到导致重定向 (302) 到登录页面的 401 响应的问题。我的应用程序同时使用 MVC 和 Web API。我正在使用 OpenID 和 Azure Active Directory 对用户进行身份验证,我的身份验证设置如下:
private static string clientId = ConfigurationManager.AppSettings["ida:ClientId"];
private static string appKey = ConfigurationManager.AppSettings["ida:AppKey"];
private static string aadInstance = ConfigurationManager.AppSettings["ida:AADInstance"];
private static string tenant = ConfigurationManager.AppSettings["ida:Tenant"];
private static string postLogoutRedirectUri = ConfigurationManager.AppSettings["ida:PostLogoutRedirectUri"];
private static string graphResourceId = ConfigurationManager.AppSettings["ida:GraphResourceId"];
public static readonly string authority = String.Format(CultureInfo.InvariantCulture, aadInstance, tenant);
MvcApplication mvcApplication = HttpContext.Current.ApplicationInstance as MvcApplication;
public void ConfigureAuth(IAppBuilder app)
{
OpenIdConnectAuthenticationOptions openIdConnectAuthenticationOptions = new OpenIdConnectAuthenticationOptions
{
ClientId = clientId,
Authority = authority,
PostLogoutRedirectUri = postLogoutRedirectUri,
AuthenticationMode = AuthenticationMode.Active,
Notifications = new OpenIdConnectAuthenticationNotifications()
{
SecurityTokenValidated = (context) =>
{
string userId = context.AuthenticationTicket.Identity.FindFirst(ClaimTypes.Name).Value;
IUserManager userManager = mvcApplication.CurrentContainer.Resolve<IUserManager>();
if(!userManager.IsUserEnrolled(userId))
{
string givenName = context.AuthenticationTicket.Identity.FindFirst(ClaimTypes.GivenName).Value;
string surname = context.AuthenticationTicket.Identity.FindFirst(ClaimTypes.Surname).Value;
userManager.EnrolUser(userId, givenName, surname);
Claim groupSuper = context.AuthenticationTicket.Identity.Claims.FirstOrDefault(c => c.Type == "groups" && c.Value.Equals(AADClaimTypes.Super, StringComparison.CurrentCultureIgnoreCase));
if(groupSuper != null)
{
userManager.AddClaim(userId, CharitableClaimTypes.Super, userId);
}
}
List<Claim> claims = userManager.GetUserClaims(userId);
if(claims != null && claims.Count() > 0)
{
OpenIdClaimsAuthenticationManager openIdClaimsAuthenticationManager = new OpenIdClaimsAuthenticationManager();
openIdClaimsAuthenticationManager.Authenticate(context.AuthenticationTicket.Identity, claims);
}
return Task.FromResult(0);
},
RedirectToIdentityProvider = (context) =>
{
context.ProtocolMessage.RedirectUri = context.Request.Uri.ToString();
context.ProtocolMessage.PostLogoutRedirectUri = postLogoutRedirectUri;
return Task.FromResult(0);
},
AuthorizationCodeReceived = (context) =>
{
Claim objectIdentifierClaim = context.AuthenticationTicket.Identity.FindFirst("http://schemas.microsoft.com/identity/claims/objectidentifier");
if(objectIdentifierClaim != null)
{
ClientCredential credential = new ClientCredential(clientId, appKey);
string objectIdentifier = objectIdentifierClaim.Value;
string code = context.Code;
Uri redirectUri = new Uri(HttpContext.Current.Request.Url.GetLeftPart(UriPartial.Path));
AuthenticationContext authContext = new AuthenticationContext(authority);//, new NaiveSessionCache(objectIdentifier));
AuthenticationResult result = authContext.AcquireTokenByAuthorizationCode(code, redirectUri, credential, graphResourceId);
}
return Task.FromResult(0);
}
}
};
CookieAuthenticationOptions cookieAuthenticationOptions = new CookieAuthenticationOptions()
{
AuthenticationType = OpenIdConnectAuthenticationDefaults.AuthenticationType
};
app.SetDefaultSignInAsAuthenticationType(OpenIdConnectAuthenticationDefaults.AuthenticationType);// CookieAuthenticationDefaults.AuthenticationType);
app.UseCookieAuthentication(cookieAuthenticationOptions);
app.UseOpenIdConnectAuthentication(openIdConnectAuthenticationOptions);
当 Web API 调用生成 401 时,我希望将该状态 return 发送给客户端。我已经阅读了很多文章,例如 here, here and here,但是我一直无法获得有效的解决方案。我可以 return 一个 404,正如上一个 link 的回复中所建议的那样,但我不想那样做。谁能推荐一种方法?
我遇到导致重定向 (302) 到登录页面的 401 响应的问题。我的应用程序同时使用 MVC 和 Web API。我正在使用 OpenID 和 Azure Active Directory 对用户进行身份验证,我的身份验证设置如下:
private static string clientId = ConfigurationManager.AppSettings["ida:ClientId"];
private static string appKey = ConfigurationManager.AppSettings["ida:AppKey"];
private static string aadInstance = ConfigurationManager.AppSettings["ida:AADInstance"];
private static string tenant = ConfigurationManager.AppSettings["ida:Tenant"];
private static string postLogoutRedirectUri = ConfigurationManager.AppSettings["ida:PostLogoutRedirectUri"];
private static string graphResourceId = ConfigurationManager.AppSettings["ida:GraphResourceId"];
public static readonly string authority = String.Format(CultureInfo.InvariantCulture, aadInstance, tenant);
MvcApplication mvcApplication = HttpContext.Current.ApplicationInstance as MvcApplication;
public void ConfigureAuth(IAppBuilder app)
{
OpenIdConnectAuthenticationOptions openIdConnectAuthenticationOptions = new OpenIdConnectAuthenticationOptions
{
ClientId = clientId,
Authority = authority,
PostLogoutRedirectUri = postLogoutRedirectUri,
AuthenticationMode = AuthenticationMode.Active,
Notifications = new OpenIdConnectAuthenticationNotifications()
{
SecurityTokenValidated = (context) =>
{
string userId = context.AuthenticationTicket.Identity.FindFirst(ClaimTypes.Name).Value;
IUserManager userManager = mvcApplication.CurrentContainer.Resolve<IUserManager>();
if(!userManager.IsUserEnrolled(userId))
{
string givenName = context.AuthenticationTicket.Identity.FindFirst(ClaimTypes.GivenName).Value;
string surname = context.AuthenticationTicket.Identity.FindFirst(ClaimTypes.Surname).Value;
userManager.EnrolUser(userId, givenName, surname);
Claim groupSuper = context.AuthenticationTicket.Identity.Claims.FirstOrDefault(c => c.Type == "groups" && c.Value.Equals(AADClaimTypes.Super, StringComparison.CurrentCultureIgnoreCase));
if(groupSuper != null)
{
userManager.AddClaim(userId, CharitableClaimTypes.Super, userId);
}
}
List<Claim> claims = userManager.GetUserClaims(userId);
if(claims != null && claims.Count() > 0)
{
OpenIdClaimsAuthenticationManager openIdClaimsAuthenticationManager = new OpenIdClaimsAuthenticationManager();
openIdClaimsAuthenticationManager.Authenticate(context.AuthenticationTicket.Identity, claims);
}
return Task.FromResult(0);
},
RedirectToIdentityProvider = (context) =>
{
context.ProtocolMessage.RedirectUri = context.Request.Uri.ToString();
context.ProtocolMessage.PostLogoutRedirectUri = postLogoutRedirectUri;
return Task.FromResult(0);
},
AuthorizationCodeReceived = (context) =>
{
Claim objectIdentifierClaim = context.AuthenticationTicket.Identity.FindFirst("http://schemas.microsoft.com/identity/claims/objectidentifier");
if(objectIdentifierClaim != null)
{
ClientCredential credential = new ClientCredential(clientId, appKey);
string objectIdentifier = objectIdentifierClaim.Value;
string code = context.Code;
Uri redirectUri = new Uri(HttpContext.Current.Request.Url.GetLeftPart(UriPartial.Path));
AuthenticationContext authContext = new AuthenticationContext(authority);//, new NaiveSessionCache(objectIdentifier));
AuthenticationResult result = authContext.AcquireTokenByAuthorizationCode(code, redirectUri, credential, graphResourceId);
}
return Task.FromResult(0);
}
}
};
CookieAuthenticationOptions cookieAuthenticationOptions = new CookieAuthenticationOptions()
{
AuthenticationType = OpenIdConnectAuthenticationDefaults.AuthenticationType
};
app.SetDefaultSignInAsAuthenticationType(OpenIdConnectAuthenticationDefaults.AuthenticationType);// CookieAuthenticationDefaults.AuthenticationType);
app.UseCookieAuthentication(cookieAuthenticationOptions);
app.UseOpenIdConnectAuthentication(openIdConnectAuthenticationOptions);
当 Web API 调用生成 401 时,我希望将该状态 return 发送给客户端。我已经阅读了很多文章,例如 here, here and here,但是我一直无法获得有效的解决方案。我可以 return 一个 404,正如上一个 link 的回复中所建议的那样,但我不想那样做。谁能推荐一种方法?