在 MVC 6 中将 [Authorize] 与 OpenIdConnect 一起使用会导致立即出现空 401 响应
Using [Authorize] with OpenIdConnect in MVC 6 results in immediate empty 401 response
我正在尝试将 Azure AD 身份验证添加到我的 ASP.NET 5 MVC 6 应用程序中,并遵循此 example on GitHub。如果我将推荐的代码放入操作方法中,一切正常:
Context.Response.Challenge(
new AuthenticationProperties { RedirectUri = "/" },
OpenIdConnectAuthenticationDefaults.AuthenticationType);
但是,如果我尝试改用 [Authorize] 属性,我会立即收到空的 401 响应。
如何使 [Authorize] 正确重定向到 Azure AD?
我的配置如下:
public void ConfigureServices(IServiceCollection services) {
...
services.Configure<ExternalAuthenticationOptions>(options => {
options.SignInScheme = CookieAuthenticationDefaults.AuthenticationScheme;
});
...
}
public void Configure(IApplicationBuilder app, IHostingEnvironment env, ILoggerFactory loggerFactory) {
...
app.UseCookieAuthentication(options => {
options.AutomaticAuthentication = true;
});
app.UseOpenIdConnectAuthentication(options => {
options.ClientId = Configuration.Get("AzureAd:ClientId");
options.Authority = String.Format(Configuration.Get("AzureAd:AadInstance"), Configuration.Get("AzureAd:Tenant"));
options.RedirectUri = "https://localhost:44300";
options.PostLogoutRedirectUri = Configuration.Get("AzureAd:PostLogoutRedirectUri");
options.Notifications = new OpenIdConnectAuthenticationNotifications {
AuthenticationFailed = OnAuthenticationFailed
};
});
...
}
要在访问受保护资源时(即捕获 401 响应时)自动将用户重定向到 AAD,最好的选择是启用 automatic 模式:
app.UseOpenIdConnectAuthentication(options => {
options.AutomaticAuthentication = true;
options.ClientId = Configuration.Get("AzureAd:ClientId");
options.Authority = String.Format(Configuration.Get("AzureAd:AadInstance"), Configuration.Get("AzureAd:Tenant"));
options.RedirectUri = "https://localhost:44300";
options.PostLogoutRedirectUri = Configuration.Get("AzureAd:PostLogoutRedirectUri");
options.Notifications = new OpenIdConnectAuthenticationNotifications {
AuthenticationFailed = OnAuthenticationFailed
};
});
我正在尝试将 Azure AD 身份验证添加到我的 ASP.NET 5 MVC 6 应用程序中,并遵循此 example on GitHub。如果我将推荐的代码放入操作方法中,一切正常:
Context.Response.Challenge(
new AuthenticationProperties { RedirectUri = "/" },
OpenIdConnectAuthenticationDefaults.AuthenticationType);
但是,如果我尝试改用 [Authorize] 属性,我会立即收到空的 401 响应。
如何使 [Authorize] 正确重定向到 Azure AD?
我的配置如下:
public void ConfigureServices(IServiceCollection services) {
...
services.Configure<ExternalAuthenticationOptions>(options => {
options.SignInScheme = CookieAuthenticationDefaults.AuthenticationScheme;
});
...
}
public void Configure(IApplicationBuilder app, IHostingEnvironment env, ILoggerFactory loggerFactory) {
...
app.UseCookieAuthentication(options => {
options.AutomaticAuthentication = true;
});
app.UseOpenIdConnectAuthentication(options => {
options.ClientId = Configuration.Get("AzureAd:ClientId");
options.Authority = String.Format(Configuration.Get("AzureAd:AadInstance"), Configuration.Get("AzureAd:Tenant"));
options.RedirectUri = "https://localhost:44300";
options.PostLogoutRedirectUri = Configuration.Get("AzureAd:PostLogoutRedirectUri");
options.Notifications = new OpenIdConnectAuthenticationNotifications {
AuthenticationFailed = OnAuthenticationFailed
};
});
...
}
要在访问受保护资源时(即捕获 401 响应时)自动将用户重定向到 AAD,最好的选择是启用 automatic 模式:
app.UseOpenIdConnectAuthentication(options => {
options.AutomaticAuthentication = true;
options.ClientId = Configuration.Get("AzureAd:ClientId");
options.Authority = String.Format(Configuration.Get("AzureAd:AadInstance"), Configuration.Get("AzureAd:Tenant"));
options.RedirectUri = "https://localhost:44300";
options.PostLogoutRedirectUri = Configuration.Get("AzureAd:PostLogoutRedirectUri");
options.Notifications = new OpenIdConnectAuthenticationNotifications {
AuthenticationFailed = OnAuthenticationFailed
};
});