使用 OpenIdConnect 时未填充 .Net 核心身份用户

Question

我正在将 OpenIdConnect 实现到 .Net Core 应用程序中，它将外部登录与存储在内部（默认身份）数据库中的用户相关联，并尝试登录。登录方法报告成功，但是未填充用户对象。登录过程是脚手架，所以都是样板文件，包括外部登录过程。

如果能帮助我理解我做错了什么，我将不胜感激。

services.AddAuthentication(options =>
        {
            options.DefaultScheme = CookieAuthenticationDefaults.AuthenticationScheme;
            options.DefaultChallengeScheme = OpenIdConnectDefaults.AuthenticationScheme;
            options.DefaultAuthenticateScheme = "oidc";
            options.DefaultSignInScheme = IdentityConstants.ExternalScheme;
        })
            .AddCookie()
            .AddOpenIdConnect(options =>
            {
                options.Authority = oauthSettings.Location.AbsoluteUri;
                options.RequireHttpsMetadata = false;
                options.ClientId = oauthSettings.ClientID;
                options.ClientSecret = oauthSettings.ClientSecret;
                options.ResponseType = "id_token token";

                options.Scope.Add("openid");
                options.Scope.Add("profile");
                options.Scope.Add("email");
            });

//In Login.cshtml.cs
 public async Task<IActionResult> OnPostAsync(string returnUrl = null)
    {
        returnUrl = returnUrl ?? Url.Content("~/");

        ExternalLogins = (await _signInManager.GetExternalAuthenticationSchemesAsync()).ToList();

        if (ModelState.IsValid)
        {
            // This doesn't count login failures towards account lockout
            // To enable password failures to trigger account lockout, set lockoutOnFailure: true
            var result = await _signInManager.PasswordSignInAsync(Input.Email, Input.Password, Input.RememberMe, lockoutOnFailure: false);
            if (result.Succeeded)
            {
                _logger.LogInformation("User logged in.");
                return LocalRedirect(returnUrl);
            }
            if (result.RequiresTwoFactor)
            {
                return RedirectToPage("./LoginWith2fa", new { ReturnUrl = returnUrl, RememberMe = Input.RememberMe });
            }
            if (result.IsLockedOut)
            {
                _logger.LogWarning("User account locked out.");
                return RedirectToPage("./Lockout");
            }
            else
            {
                ModelState.AddModelError(string.Empty, "Invalid login attempt.");
                return Page();
            }
        }

        // If we got this far, something failed, redisplay form
        return Page();
    }

编辑：我发现当我在 Startup 中删除 AddAuthentication 方法时，登录有效，但显然禁用了外部身份验证。关于添加 OpenIdConnect 的一些事情打破了登录过程。

Answer 1

为了解决这个问题，我在启动时做了以下操作：

services.AddAuthentication(options =>
    {
        options.DefaultScheme = CookieAuthenticationDefaults.AuthenticationScheme;
        options.DefaultChallengeScheme = OpenIdConnectDefaults.AuthenticationScheme;
        options.DefaultAuthenticateScheme = "oidc";
        options.DefaultSignInScheme = IdentityConstants.ExternalScheme;
    })
        .AddCookie()
        .AddOpenIdConnect(options =>
        {
            options.Authority = oauthSettings.Location.AbsoluteUri;
            options.RequireHttpsMetadata = false;
            options.ClientId = oauthSettings.ClientID;
            options.ClientSecret = oauthSettings.ClientSecret;
            options.ResponseType = "id_token token";

            options.Scope.Add("openid");
            options.Scope.Add("profile");
            options.Scope.Add("email");
        });

所以我将其保留为默认值并且它起作用了。我不是 100% 为什么。

使用 OpenIdConnect 时未填充 .Net 核心身份用户

.Net Core Identity User not populated when using OpenIdConnect

c#

asp.net-identity

openid-connect

asp.net-core