Microsoft OpenIdConnect 欧文响应
Microsoft OpenIdConnect Owin Response
如果有一个非常明显的答案,我现在会道歉!
我有一个简单的测试项目,可以让用户使用 openid connect 和 azure 进行签名。登录和注销工作。
我不知道如何读取响应正文,以便确定登录用户是谁。
我猜我必须将某种异步处理程序添加到中间件才能接收响应,但我找不到有关如何执行此操作的任何示例。我的代码在 VB 中,但我对 C# 中的示例很满意,只是找不到任何示例。
有人可以给我一些说明如何收集响应的示例吗?
非常感谢,
麦克
我的代码如下。
signin.aspx
<%@ Page Title="" Language="VB" MasterPageFile="~/masterpage/MasterPage.master" AutoEventWireup="false" CodeFile="signin.aspx.vb" Inherits="signin" %>
<asp:Content ID="Content1" ContentPlaceHolderID="HeaderPlaceHolder" Runat="Server">
</asp:Content>
<asp:Content ID="Content2" ContentPlaceHolderID="FCKBodyTopPlaceHolder" Runat="Server">
</asp:Content>
<asp:Content ID="Content3" ContentPlaceHolderID="BodyPlaceHolder" Runat="Server">
<form runat="server" >
<div>
<asp:Button runat="server" ID="btnSignIn" Text="Sign In" />
<asp:Button runat="server" ID="btnSignOut" Text="Sign Out" />
</div>
</form>
</asp:Content>
signin.aspx.vb
Imports System
Imports System.IO
Imports System.Web
Imports Microsoft.Owin
Imports Microsoft.Owin.Security
Imports Microsoft.Owin.Security.Cookies
Imports Microsoft.Owin.Security.OpenIdConnect
Partial Class signin
Inherits System.Web.UI.Page
Private Sub signin2_Load(sender As Object, e As EventArgs) Handles Me.Load
If Not Request.IsAuthenticated Then
btnSignIn.Visible = True
btnSignOut.Visible = False
Else
btnSignIn.Visible = False
btnSignOut.Visible = True
End If
End Sub
Private Sub btnSignIn_Click(sender As Object, e As EventArgs) Handles btnSignIn.Click
If Not Request.IsAuthenticated Then
HttpContext.Current.GetOwinContext().Authentication.Challenge(New AuthenticationProperties, OpenIdConnectAuthenticationDefaults.AuthenticationType)
End If
End Sub
Private Sub btnSignOut_Click(sender As Object, e As EventArgs) Handles btnSignOut.Click
HttpContext.Current.GetOwinContext().Authentication.SignOut()
End Sub
End Class
startup.vb
Imports System
Imports System.Threading.Tasks
Imports Microsoft.Owin
Imports Owin
Imports Microsoft.IdentityModel.Protocols.OpenIdConnect
Imports Microsoft.IdentityModel.Tokens
Imports Microsoft.Owin.Security
Imports Microsoft.Owin.Security.Cookies
Imports Microsoft.Owin.Security.OpenIdConnect
Imports Microsoft.Owin.Security.Notifications
<Assembly: OwinStartup(GetType(WEBCOMLogin.Startup))>
Namespace WEBCOMLogin
Public Class Startup
Private clientId As String = System.Configuration.ConfigurationManager.AppSettings("ClientId")
Private redirectUri As String = System.Configuration.ConfigurationManager.AppSettings("RedirectUri")
Shared tenant As String = System.Configuration.ConfigurationManager.AppSettings("Tenant")
Private authority As String = String.Format(System.Globalization.CultureInfo.InvariantCulture, System.Configuration.ConfigurationManager.AppSettings("Authority"), tenant)
Public Sub Configuration(ByVal app As IAppBuilder)
app.SetDefaultSignInAsAuthenticationType(CookieAuthenticationDefaults.AuthenticationType)
app.UseCookieAuthentication(New CookieAuthenticationOptions())
app.UseOpenIdConnectAuthentication(New OpenIdConnectAuthenticationOptions With {
.ClientId = clientId,
.Authority = authority,
.RedirectUri = redirectUri,
.PostLogoutRedirectUri = redirectUri,
.Scope = OpenIdConnectScope.OpenIdProfile,
.ResponseType = OpenIdConnectResponseType.IdToken,
.ResponseMode = OpenIdConnectResponseMode.FormPost,
.Notifications = New OpenIdConnectAuthenticationNotifications With {
.AuthenticationFailed = AddressOf OnAuthenticationFailed
}
})
End Sub
Private Function OnAuthenticationFailed(ByVal context As AuthenticationFailedNotification(Of OpenIdConnectMessage, OpenIdConnectAuthenticationOptions)) As Task
context.HandleResponse()
context.Response.Redirect("/?errormessage=" & context.Exception.Message)
Return Task.FromResult(0)
End Function
End Class
End Namespace
编辑:
添加了索赔的屏幕截图
使用 OpenID Connect,用户详细信息会在 Id-token 中返回,而了解用户身份的最简单方法是查看 HttpContext.Current.User object。
您不应尝试从 headers 自行访问它。因为实际的令牌数据对您的浏览器永远不可见,而是由 OpenIDConnect 处理程序在后台检索。
如果有一个非常明显的答案,我现在会道歉!
我有一个简单的测试项目,可以让用户使用 openid connect 和 azure 进行签名。登录和注销工作。
我不知道如何读取响应正文,以便确定登录用户是谁。
我猜我必须将某种异步处理程序添加到中间件才能接收响应,但我找不到有关如何执行此操作的任何示例。我的代码在 VB 中,但我对 C# 中的示例很满意,只是找不到任何示例。
有人可以给我一些说明如何收集响应的示例吗?
非常感谢, 麦克
我的代码如下。
signin.aspx
<%@ Page Title="" Language="VB" MasterPageFile="~/masterpage/MasterPage.master" AutoEventWireup="false" CodeFile="signin.aspx.vb" Inherits="signin" %>
<asp:Content ID="Content1" ContentPlaceHolderID="HeaderPlaceHolder" Runat="Server">
</asp:Content>
<asp:Content ID="Content2" ContentPlaceHolderID="FCKBodyTopPlaceHolder" Runat="Server">
</asp:Content>
<asp:Content ID="Content3" ContentPlaceHolderID="BodyPlaceHolder" Runat="Server">
<form runat="server" >
<div>
<asp:Button runat="server" ID="btnSignIn" Text="Sign In" />
<asp:Button runat="server" ID="btnSignOut" Text="Sign Out" />
</div>
</form>
</asp:Content>
signin.aspx.vb
Imports System
Imports System.IO
Imports System.Web
Imports Microsoft.Owin
Imports Microsoft.Owin.Security
Imports Microsoft.Owin.Security.Cookies
Imports Microsoft.Owin.Security.OpenIdConnect
Partial Class signin
Inherits System.Web.UI.Page
Private Sub signin2_Load(sender As Object, e As EventArgs) Handles Me.Load
If Not Request.IsAuthenticated Then
btnSignIn.Visible = True
btnSignOut.Visible = False
Else
btnSignIn.Visible = False
btnSignOut.Visible = True
End If
End Sub
Private Sub btnSignIn_Click(sender As Object, e As EventArgs) Handles btnSignIn.Click
If Not Request.IsAuthenticated Then
HttpContext.Current.GetOwinContext().Authentication.Challenge(New AuthenticationProperties, OpenIdConnectAuthenticationDefaults.AuthenticationType)
End If
End Sub
Private Sub btnSignOut_Click(sender As Object, e As EventArgs) Handles btnSignOut.Click
HttpContext.Current.GetOwinContext().Authentication.SignOut()
End Sub
End Class
startup.vb
Imports System
Imports System.Threading.Tasks
Imports Microsoft.Owin
Imports Owin
Imports Microsoft.IdentityModel.Protocols.OpenIdConnect
Imports Microsoft.IdentityModel.Tokens
Imports Microsoft.Owin.Security
Imports Microsoft.Owin.Security.Cookies
Imports Microsoft.Owin.Security.OpenIdConnect
Imports Microsoft.Owin.Security.Notifications
<Assembly: OwinStartup(GetType(WEBCOMLogin.Startup))>
Namespace WEBCOMLogin
Public Class Startup
Private clientId As String = System.Configuration.ConfigurationManager.AppSettings("ClientId")
Private redirectUri As String = System.Configuration.ConfigurationManager.AppSettings("RedirectUri")
Shared tenant As String = System.Configuration.ConfigurationManager.AppSettings("Tenant")
Private authority As String = String.Format(System.Globalization.CultureInfo.InvariantCulture, System.Configuration.ConfigurationManager.AppSettings("Authority"), tenant)
Public Sub Configuration(ByVal app As IAppBuilder)
app.SetDefaultSignInAsAuthenticationType(CookieAuthenticationDefaults.AuthenticationType)
app.UseCookieAuthentication(New CookieAuthenticationOptions())
app.UseOpenIdConnectAuthentication(New OpenIdConnectAuthenticationOptions With {
.ClientId = clientId,
.Authority = authority,
.RedirectUri = redirectUri,
.PostLogoutRedirectUri = redirectUri,
.Scope = OpenIdConnectScope.OpenIdProfile,
.ResponseType = OpenIdConnectResponseType.IdToken,
.ResponseMode = OpenIdConnectResponseMode.FormPost,
.Notifications = New OpenIdConnectAuthenticationNotifications With {
.AuthenticationFailed = AddressOf OnAuthenticationFailed
}
})
End Sub
Private Function OnAuthenticationFailed(ByVal context As AuthenticationFailedNotification(Of OpenIdConnectMessage, OpenIdConnectAuthenticationOptions)) As Task
context.HandleResponse()
context.Response.Redirect("/?errormessage=" & context.Exception.Message)
Return Task.FromResult(0)
End Function
End Class
End Namespace
编辑: 添加了索赔的屏幕截图
使用 OpenID Connect,用户详细信息会在 Id-token 中返回,而了解用户身份的最简单方法是查看 HttpContext.Current.User object。
您不应尝试从 headers 自行访问它。因为实际的令牌数据对您的浏览器永远不可见,而是由 OpenIDConnect 处理程序在后台检索。