【发布时间】:2018-11-17 21:06:00
【问题描述】:
我正在尝试使用 OpenID Connect 构建 SSO(.net core) 服务,该服务将成为 Webforms 应用程序和服务提供者之间的一层。我创建了一些端点来检查用户是否经过身份验证并从服务中获取用户声明。当我从浏览器调用这些端点时,我能够得到正确的结果。但是,当我从网站(使用 HttpWebRequest)调用它们时。 User.Identity 始终为空。我的端点检查用户是否通过身份验证,如下所示:
[HttpGet]
[Route("IsAuthenticated")]
public IActionResult IsAuthenticated()
{
return Json(User.Identity.IsAuthenticated);
}
或者获取访问令牌:
[HttpGet]
[Route("access_token")]
public async Task<IActionResult> AccessToken()
{
var tokenResult = await HttpContext.GetTokenAsync("access_token");
return Json(tokenResult);
}
我的启动配置服务如下所示:
var OIDCConfiguration = new OIDCSettings()
{
Authority = Configuration["OIDCSettings:Authority"],
ClientId = Configuration["OIDCSettings:ClientId"],
ClientSecret = Configuration["OIDCSettings:ClientSecret"],
CallbackPath = Configuration["OIDCSettings:CallbackPath"],
UserInfoEndpoint = Configuration["OIDCSettings:UserInfoEndpoint"]
};
services.AddAuthentication(options => {
options.DefaultAuthenticateScheme = CookieAuthenticationDefaults.AuthenticationScheme;
options.DefaultSignInScheme = CookieAuthenticationDefaults.AuthenticationScheme;
options.DefaultChallengeScheme = "oidc";
})
.AddCookie(CookieAuthenticationDefaults.AuthenticationScheme)
.AddOpenIdConnect("oidc", options => {
options.Authority = OIDCConfiguration.Authority;
options.ClientId = OIDCConfiguration.ClientId;
options.ClientSecret = OIDCConfiguration.ClientSecret;
options.CallbackPath = new PathString(OIDCConfiguration.CallbackPath);
options.ResponseType = OpenIdConnectResponseType.Code;
options.GetClaimsFromUserInfoEndpoint = true;
options.Scope.Add("openid emailAddress");
options.AuthenticationMethod = OpenIdConnectRedirectBehavior.RedirectGet;
options.SaveTokens = true;
});
为了启动中间件,我正在使用 ChallengeResult 对象。
我是 OpenID Connect 和中间件架构的初学者,所以我不确定我缺少什么,或者我的架构是否正确。
【问题讨论】:
标签: c# .net-core asp.net-identity access-token openid-connect