Asp.NET 4.7.2 多个 Owin 身份验证提供程序
Asp.NET 4.7.2 Multiple Owin Auth Providers
是否可以在同一个应用程序中使用两个 OpenIdConnect 提供商?我需要为两个不同的组登录,第一个是拥有有效 Azure AD 帐户的员工,第二个是没有 Azure AD 帐户的客户。我知道要使用的端点,并且已经使用 .NET Core 处理包含此功能的应用程序,但我无法在 .NET 4.7.2
中成功实现此功能
在我的 start.auth.cs 文件中,我一直在尝试添加这样的提供商
app.UseOpenIdConnectAuthentication(CustomerOptions());
app.UseOpenIdConnectAuthentication(EmployeeOptions());
private static OpenIdConnectAuthenticationOptions EmployeeOptions() =>
new OpenIdConnectAuthenticationOptions
{
ClientId = ClientId,
Authority = authority,
RedirectUri = RedirectUri,
ClientSecret = ClientSecret,
PostLogoutRedirectUri = RedirectUri,
Scope = OpenIdConnectScope.OpenIdProfile,
// ResponseType is set to request the id_token - which contains basic information about the signed-in user
ResponseType = OpenIdConnectResponseType.CodeIdToken,
// ValidateIssuer set to false to allow personal and work accounts from any organization to sign in to your application
// To only allow users from a single organizations, set ValidateIssuer to true and 'tenant' setting in web.config to the tenant name
// To allow users from only a list of specific organizations, set ValidateIssuer to true and use ValidIssuers parameter
TokenValidationParameters = new TokenValidationParameters()
{
ValidateIssuer = false // This is a simplification
},
// OpenIdConnectAuthenticationNotifications configures OWIN to send notification of failed authentications to OnAuthenticationFailed method
Notifications = new OpenIdConnectAuthenticationNotifications
{
AuthenticationFailed = OnAuthenticationFailed,
SecurityTokenValidated = OnAdSecurityTokenValidated
}
};
其中 ...Options 方法具有特定于每个端点的 OpenIdConnectAuthenticationOptions。如果我只使用其中一种方法,我可以在应用程序中进行身份验证,但是当我尝试添加这两种方法时,身份验证将仅使用最后添加的客户端。
调用方法的代码是:
1. 调用 Azure AD 提供程序
HttpContext.GetOwinContext().Authentication.Challenge(
new AuthenticationProperties { RedirectUri = "/" },
OpenIdConnectAuthenticationDefaults.AuthenticationType);
致电客户提供商
var properties = new AuthenticationProperties { RedirectUri = "/" };
var scheme = "schemeName";
HttpContext.GetOwinContext().Authentication.Challenge(properties, scheme);
如何调用适当的身份验证提供程序?
谢谢
我在更新 OpenIdConnectAuthenticationOptions 时忽略了设置身份验证类型参数,所以我在添加第二个身份验证提供程序时覆盖了默认设置。
app.UseOpenIdConnectAuthentication(CustomerOptions());
app.UseOpenIdConnectAuthentication(EmployeeOptions());
private static OpenIdConnectAuthenticationOptions EmployeeOptions() =>
new OpenIdConnectAuthenticationOptions("employeeAuthenticationType")
{
ClientId = ClientId,
Authority = authority,
RedirectUri = RedirectUri,
ClientSecret = ClientSecret,
PostLogoutRedirectUri = RedirectUri,
Scope = OpenIdConnectScope.OpenIdProfile,
// ResponseType is set to request the id_token - which contains basic information about the signed-in user
ResponseType = OpenIdConnectResponseType.CodeIdToken,
// ValidateIssuer set to false to allow personal and work accounts from any organization to sign in to your application
// To only allow users from a single organizations, set ValidateIssuer to true and 'tenant' setting in web.config to the tenant name
// To allow users from only a list of specific organizations, set ValidateIssuer to true and use ValidIssuers parameter
TokenValidationParameters = new TokenValidationParameters()
{
ValidateIssuer = false // This is a simplification
},
// OpenIdConnectAuthenticationNotifications configures OWIN to send notification of failed authentications to OnAuthenticationFailed method
Notifications = new OpenIdConnectAuthenticationNotifications
{
AuthenticationFailed = OnAuthenticationFailed,
SecurityTokenValidated = OnAdSecurityTokenValidated
}
};
您需要通过OpenIdConnectAuthenticationOptions.AuthenticationType 属性为每个认证中间件设置不同的方案,并在Challenge(...)方法中传递您要认证的方案。
是否可以在同一个应用程序中使用两个 OpenIdConnect 提供商?我需要为两个不同的组登录,第一个是拥有有效 Azure AD 帐户的员工,第二个是没有 Azure AD 帐户的客户。我知道要使用的端点,并且已经使用 .NET Core 处理包含此功能的应用程序,但我无法在 .NET 4.7.2
中成功实现此功能在我的 start.auth.cs 文件中,我一直在尝试添加这样的提供商
app.UseOpenIdConnectAuthentication(CustomerOptions());
app.UseOpenIdConnectAuthentication(EmployeeOptions());
private static OpenIdConnectAuthenticationOptions EmployeeOptions() =>
new OpenIdConnectAuthenticationOptions
{
ClientId = ClientId,
Authority = authority,
RedirectUri = RedirectUri,
ClientSecret = ClientSecret,
PostLogoutRedirectUri = RedirectUri,
Scope = OpenIdConnectScope.OpenIdProfile,
// ResponseType is set to request the id_token - which contains basic information about the signed-in user
ResponseType = OpenIdConnectResponseType.CodeIdToken,
// ValidateIssuer set to false to allow personal and work accounts from any organization to sign in to your application
// To only allow users from a single organizations, set ValidateIssuer to true and 'tenant' setting in web.config to the tenant name
// To allow users from only a list of specific organizations, set ValidateIssuer to true and use ValidIssuers parameter
TokenValidationParameters = new TokenValidationParameters()
{
ValidateIssuer = false // This is a simplification
},
// OpenIdConnectAuthenticationNotifications configures OWIN to send notification of failed authentications to OnAuthenticationFailed method
Notifications = new OpenIdConnectAuthenticationNotifications
{
AuthenticationFailed = OnAuthenticationFailed,
SecurityTokenValidated = OnAdSecurityTokenValidated
}
};
其中 ...Options 方法具有特定于每个端点的 OpenIdConnectAuthenticationOptions。如果我只使用其中一种方法,我可以在应用程序中进行身份验证,但是当我尝试添加这两种方法时,身份验证将仅使用最后添加的客户端。
调用方法的代码是: 1. 调用 Azure AD 提供程序
HttpContext.GetOwinContext().Authentication.Challenge(
new AuthenticationProperties { RedirectUri = "/" },
OpenIdConnectAuthenticationDefaults.AuthenticationType);
致电客户提供商
var properties = new AuthenticationProperties { RedirectUri = "/" }; var scheme = "schemeName"; HttpContext.GetOwinContext().Authentication.Challenge(properties, scheme);
如何调用适当的身份验证提供程序?
谢谢
我在更新 OpenIdConnectAuthenticationOptions 时忽略了设置身份验证类型参数,所以我在添加第二个身份验证提供程序时覆盖了默认设置。
app.UseOpenIdConnectAuthentication(CustomerOptions());
app.UseOpenIdConnectAuthentication(EmployeeOptions());
private static OpenIdConnectAuthenticationOptions EmployeeOptions() =>
new OpenIdConnectAuthenticationOptions("employeeAuthenticationType")
{
ClientId = ClientId,
Authority = authority,
RedirectUri = RedirectUri,
ClientSecret = ClientSecret,
PostLogoutRedirectUri = RedirectUri,
Scope = OpenIdConnectScope.OpenIdProfile,
// ResponseType is set to request the id_token - which contains basic information about the signed-in user
ResponseType = OpenIdConnectResponseType.CodeIdToken,
// ValidateIssuer set to false to allow personal and work accounts from any organization to sign in to your application
// To only allow users from a single organizations, set ValidateIssuer to true and 'tenant' setting in web.config to the tenant name
// To allow users from only a list of specific organizations, set ValidateIssuer to true and use ValidIssuers parameter
TokenValidationParameters = new TokenValidationParameters()
{
ValidateIssuer = false // This is a simplification
},
// OpenIdConnectAuthenticationNotifications configures OWIN to send notification of failed authentications to OnAuthenticationFailed method
Notifications = new OpenIdConnectAuthenticationNotifications
{
AuthenticationFailed = OnAuthenticationFailed,
SecurityTokenValidated = OnAdSecurityTokenValidated
}
};
您需要通过OpenIdConnectAuthenticationOptions.AuthenticationType 属性为每个认证中间件设置不同的方案,并在Challenge(...)方法中传递您要认证的方案。