OpenID OWIN 身份验证和缺少用户权限
OpenID OWIN auth and lack of user permissions
我可能处理这个完全不正确,但我使用 OpenID 和 MS Azure 来验证我的用户,然后我检查以确保用户在 OpenID 中间件的通知中有一个用户帐户,如果用户是没有找到,我正在抛出一个安全异常。我如何 return 您无权访问此应用程序 类型的页面。我只是错过了钩子吗?
示例如下:
https://gist.github.com/phillipsj/3200ddda158eddac74ca
您可以在通知中使用 try...catch,大致如下:
SecurityTokenValidated = (context) =>
{
try
{
// retriever caller data from the incoming principal
var username = context.AuthenticationTicket.Identity.FindFirst(ClaimTypes.Name).Value.Split('@')[0];
var database = DependencyResolver.Current.GetService(typeof (IDatabase)) as IDatabase;
var employee = database.Query(new GetEmployeeByUsername(username));
if (employee == null)
{
throw new SecurityTokenValidationException();
}
// I add my custom claims here
context.AuthenticationTicket.Identity.AddClaims(claims);
return Task.FromResult(0);
}
catch (SecurityTokenValidationException ex)
{
context.HandleResponse(); // This will skip executing rest of the code in the middleware
context.Response.Redirect(....);
return Task.FromResult(0);
}
}
我可能处理这个完全不正确,但我使用 OpenID 和 MS Azure 来验证我的用户,然后我检查以确保用户在 OpenID 中间件的通知中有一个用户帐户,如果用户是没有找到,我正在抛出一个安全异常。我如何 return 您无权访问此应用程序 类型的页面。我只是错过了钩子吗?
示例如下: https://gist.github.com/phillipsj/3200ddda158eddac74ca
您可以在通知中使用 try...catch,大致如下:
SecurityTokenValidated = (context) =>
{
try
{
// retriever caller data from the incoming principal
var username = context.AuthenticationTicket.Identity.FindFirst(ClaimTypes.Name).Value.Split('@')[0];
var database = DependencyResolver.Current.GetService(typeof (IDatabase)) as IDatabase;
var employee = database.Query(new GetEmployeeByUsername(username));
if (employee == null)
{
throw new SecurityTokenValidationException();
}
// I add my custom claims here
context.AuthenticationTicket.Identity.AddClaims(claims);
return Task.FromResult(0);
}
catch (SecurityTokenValidationException ex)
{
context.HandleResponse(); // This will skip executing rest of the code in the middleware
context.Response.Redirect(....);
return Task.FromResult(0);
}
}