Asp.net Identity using password and Azure Active Directory authentication(使用密码和 Azure Active Directory 身份验证的 Asp.net Identity)
问题描述
我正在使用 Asp.net Identity (OWIN) 构建一个 ASP.NET MVC 5 网站,并希望同时支持传统的用户名/密码身份验证以及针对 Azure Active Directory 的身份验证.此应用不需要针对 Microsoft ID (Live ID)、Facebook、Twitter 或任何其他外部提供商进行身份验证.我发现的最接近的 SO 问题是:如何在 ASP.NET MVC 上同时执行 Azure Active Directory 单点登录和表单身份验证
I'm building an ASP.NET MVC 5 web site using Asp.net Identity (OWIN) and want to support both traditional username/password authentication as well as authentication against Azure Active Directory. This app does not need to authenticate against Microsoft IDs (Live IDs), Facebook, Twitter or any of the other external providers. The closest SO question I found is this one: How to do both Azure Active Directory Single Sign On and Forms Authentications on ASP.NET MVC
我查看了使用 VS 2015 中的个人用户帐户"选项以及工作和学校帐户"选项创建项目时创建的示例.我的身份验证单独运行良好;只有当我尝试将它们结合起来时才会遇到问题.
I've looked at the samples that get created when you create a project using the "Individual User Accounts" option as well as the "Work and School Accounts" option in VS 2015. I have authentication working well individually; it's only when I try to combine them that I'm running into problems.
在我的 Startup_Auth.cs 文件中,我正在像这样配置 OWIN:
In my Startup_Auth.cs file, I am configuring OWIN like this:
public void ConfigureAuth(IAppBuilder app)
{
app.SetDefaultSignInAsAuthenticationType(CookieAuthenticationDefaults.AuthenticationType);
//app.UseCookieAuthentication(new CookieAuthenticationOptions { });
app.UseCookieAuthentication(new CookieAuthenticationOptions
{
AuthenticationType = DefaultAuthenticationTypes.ExternalCookie,
LoginPath = new PathString("/account/sign-in")
});
app.UseOpenIdConnectAuthentication(
new OpenIdConnectAuthenticationOptions
{
ClientId = clientId,
Authority = authority,
TokenValidationParameters = new System.IdentityModel.Tokens.TokenValidationParameters
{
ValidateIssuer = false,
},
Notifications = new OpenIdConnectAuthenticationNotifications()
{
SecurityTokenValidated = (context) =>
{
return Task.FromResult(0);
},
AuthorizationCodeReceived = (context) =>
{
return Task.FromResult(0);
},
AuthenticationFailed = (context) =>
{
context.OwinContext.Response.Redirect("/Home/Error");
context.HandleResponse(); // Suppress the exception
return Task.FromResult(0);
}
}
}
);
}
此配置适用于密码身份验证,但不适用于 AAD 身份验证.要启用 AAD 身份验证,我需要注释掉设置 AuthenticationType 的行
This configuration works for password authentication, but doesn't work for AAD authentication. To enable AAD authentication I need to either comment out the line setting the AuthenticationType
AuthenticationType = DefaultAuthenticationTypes.ExternalCookie,
或者,只设置没有值的 CookieAuthentication.
Or, just set CookieAuthentication with no values.
app.UseCookieAuthentication(new CookieAuthenticationOptions { });
我猜想有一个相对简单的方法来解决这个问题,并且会很感激一些关于从哪里开始寻找的想法.
I'd guess that there is a relatively simple approach to this and would appreciate some ideas on where to start looking.
推荐答案
我搜索了微软的例子.所有这些看起来都像您的解决方案.看这里:
I searched examples from Microsoft. And all of them look like your solution. Look here:
- WebApp-WSFederation-DotNet
- WebApp-MultiTenant-OpenIdConnect-DotNet
- WebApp-OpenIDConnect-DotNet
另一个例子是这里 WindowsAzureActiveDirectoryBearerAuthenticationOptions
这篇关于使用密码和 Azure Active Directory 身份验证的 Asp.net Identity的文章就介绍到这了,希望我们推荐的答案对大家有所帮助,也希望大家多多支持编程学习网!
本文标题为:使用密码和 Azure Active Directory 身份验证的 Asp.ne
- MoreLinq maxBy vs LINQ max + where 2022-01-01
- 良好实践:如何重用 .csproj 和 .sln 文件来为 CI 创建 2022-01-01
- 在哪里可以找到使用中的C#/XML文档注释的好例子? 2022-01-01
- 如何用自己压缩一个 IEnumerable 2022-01-01
- C# 中多线程网络服务器的模式 2022-01-01
- C#MongoDB使用Builders查找派生对象 2022-09-04
- 输入按键事件处理程序 2022-01-01
- Web Api 中的 Swagger .netcore 3.1,使用 swagger UI 设置日期时间格式 2022-01-01
- 带有服务/守护程序应用程序的 Microsoft Graph CSharp SDK 和 OneDrive for Business - 配额方面返回 null 2022-01-01
- WebMatrix WebSecurity PasswordSalt 2022-01-01
