Azure 身份验证和 OAuth 身份验证

【问题标题】:Azure authentication together with OAuth authenticationAzure 身份验证和 OAuth 身份验证
【发布时间】:2015-02-02 03:20:18
【问题描述】:

我必须找到解决问题的方法。所以我正在开发网站,我被身份验证困住了。首先,我们使用 Azure Active Directory 进行用户存储。所以我找到了WebApp-WebAPI-OpenIDConnect-DotNet,并让它满足我的需求。到目前为止它工作正常。但是现在我还必须实现外部登录(facebook、twitter 等)所以我在处理这个任务时注释掉了所有以前的工作。我不得不重写一些 UserManager 和 UserStore 类,但让它工作。我可以用脸书登录。但是现在,当我需要将这两个登录名连接在一起时,它们不起作用。看来,他们正在框架内制造冲突。 Facebook 登录需要app.UseExternalSignInCookie(DefaultAuthenticationTypes.ExternalCookie);,但在我打开它的那一刻,天蓝色登录停止工作。如果我对此发表评论,则天蓝色登录有效,而 Facebook 则无效。谁能帮我解决这个问题?我会提供我的Startup.Auth.cs

using System;
using Owin;
using Microsoft.Owin.Security;
using Microsoft.Owin.Security.Cookies;
using Microsoft.Owin.Security.OpenIdConnect;
using System.Configuration;
using System.Globalization;
using Microsoft.AspNet.Identity;
using Microsoft.Owin;
using Microsoft.AspNet.Identity.Owin;
using ClearRoadmapWeb.LoginProviderHelpers;
using Microsoft.Owin.Security.Facebook;
using System.Collections.Generic;

namespace ClearRoadmapWeb
{
    public partial class Startup
    {
        private static string clientId = ConfigurationManager.AppSettings["ida:ClientId"];
        private static string aadInstance = ConfigurationManager.AppSettings["ida:AADInstance"];
        private static string tenant = ConfigurationManager.AppSettings["ida:Tenant"];
        private static string postLogoutRedirectUri = ConfigurationManager.AppSettings["ida:PostLogoutRedirectUri"];

        string authority = String.Format(CultureInfo.InvariantCulture, aadInstance, tenant);

        public void ConfigureAuth(IAppBuilder app)
        {
            app.SetDefaultSignInAsAuthenticationType(DefaultAuthenticationTypes.ExternalCookie);
            app.UseCookieAuthentication(new CookieAuthenticationOptions());

            app.SetDefaultSignInAsAuthenticationType(CookieAuthenticationDefaults.AuthenticationType);

            app.UseCookieAuthentication(new CookieAuthenticationOptions());

            app.UseOpenIdConnectAuthentication(
                new OpenIdConnectAuthenticationOptions
                {
                    ClientId = clientId,
                    Authority = authority,
                    PostLogoutRedirectUri = postLogoutRedirectUri
                }
            );

            app.CreatePerOwinContext<AzureIdentityUserManager>(AzureIdentityUserManager.Create); //For Faceook
            app.CreatePerOwinContext<AzureIdentitySignInManager>(AzureIdentitySignInManager.Create); //For Facebook

            #region FacebookOptions
            //app.UseExternalSignInCookie(DefaultAuthenticationTypes.ExternalCookie);

            FacebookAuthenticationOptions facebookOptions = new FacebookAuthenticationOptions()
            {
                AppId = "fb appId",
                AppSecret = "fb appSecret"
            };
            facebookOptions.Scope.Add("email");
            facebookOptions.Provider = new FacebookAuthenticationProvider()
            {
                OnAuthenticated = async context =>
                {
                    foreach (var x in context.User)
                    {
                        context.Identity.AddClaim(new System.Security.Claims.Claim(x.Key, x.Value.ToString()));
                    }
                    //Get the access token from FB and store it in the database and use FacebookC# SDK to get more information about the user
                    context.Identity.AddClaim(new System.Security.Claims.Claim("FacebookAccessToken", context.AccessToken));
                }
            };

            #endregion
            app.UseFacebookAuthentication(facebookOptions);
        }
    }
}

【问题讨论】:

    标签: asp.net-mvc facebook azure asp.net-web-api owin


    【解决方案1】:

    默认情况下,OpenIdConnect 身份验证模式处于活动状态。这意味着 oidc 将始终尝试处理授权。对我有用的是在控制器方法内部发出直接挑战,例如:

    HttpContext.GetOwinContext().Authentication.Challenge("FaceBook");

    这是在将 Startup_Auth 编码为:

        public void Configure(IAppBuilder app)
    {
        CookieAuthenticationExtensions.UseCookieAuthentication(
            app,
            new CookieAuthenticationOptions
            {
                AuthenticationType = "FaceBook",
            });

        FacebookAuthenticationExtensions.UseFacebookAuthentication(
            app,
            new Microsoft.Owin.Security.Facebook.FacebookAuthenticationOptions
            {
                AppId = "...",
                AppSecret = "...",
                AuthenticationType = "FaceBook",
                SignInAsAuthenticationType = "FaceBook",
            });

        CookieAuthenticationExtensions.UseCookieAuthentication(
        app,
        new CookieAuthenticationOptions
        {
            AuthenticationType = "OpenIdConnect",
        });

        OpenIdConnectAuthenticationExtensions.UseOpenIdConnectAuthentication(
            app,
            new Microsoft.Owin.Security.OpenIdConnect.OpenIdConnectAuthenticationOptions
            {
                AuthenticationType = "OpenIdConnect",
                AuthenticationMode = Microsoft.Owin.Security.AuthenticationMode.Passive,
                ClientId = "...",
                Authority = "...",
                SignInAsAuthenticationType = "OpenIdConnect"
            });

    您需要确保在 AAD 和 FB 之间“切换”身份时,通过注销或清除当前 cookie 来清除现有身份。

    【讨论】:

    • OpenID 有效,但对于 facebook,我不得不将 "FaceBook" 更改为 "Facebook"。但是,在 Facebook 登录后,它会将我循环到 https://localhost:44300/Account/ExternalLogin?provider=Facebook&amp;error=access_denied&amp;error=access_denied...&amp;error=access_denied...(每次都添加 &amp;error=access_denied
    猜你喜欢
    • 2018-07-10
    • 1970-01-01
    • 2020-09-19
    • 1970-01-01
    • 2011-09-17
    • 1970-01-01
    • 1970-01-01
    • 2012-06-06
    • 2018-02-24
    相关资源
    最近更新 更多
    热门标签
    Java Python linux javascript Mysql C# Docker 算法 前端 SpringBoot Redis Vue spring 设计模式 .net core .net kubernetes c++ 数据库 数据结构 大数据 js 机器学习 微服务 Android Go 程序员 面试 JVM ASP.net core 云原生 人工智能 后端 PHP git CSS golang k8s Nginx Django mybatis 深度学习 多线程 React 架构 devops 爬虫 云计算 Spring Boot LeetCode