0

我可能处理这完全不正确,但我使用 OpenID 和 MS Azure 来验证我的用户,然后我检查以确保用户在 OpenID 中间件的通知中有一个用户帐户,如果找不到用户,我抛出一个安全异常。如何返回您无权访问此应用程序类型页面。我只是错过了钩子吗?

这是示例: https ://gist.github.com/phillipsj/3200ddda158eddac74ca

4

1 回答 1

1

您可以在通知中使用 try...catch,类似于以下内容:

SecurityTokenValidated = (context) =>
{
   try
   {
       // retriever caller data from the incoming principal
       var username = context.AuthenticationTicket.Identity.FindFirst(ClaimTypes.Name).Value.Split('@')[0];
       var database = DependencyResolver.Current.GetService(typeof (IDatabase)) as IDatabase;
       var employee = database.Query(new GetEmployeeByUsername(username));

       if (employee == null)
       {
          throw new SecurityTokenValidationException();
       }
         // I add my custom claims here
         context.AuthenticationTicket.Identity.AddClaims(claims);
         return Task.FromResult(0);
   }
   catch (SecurityTokenValidationException ex)
   {
       context.HandleResponse();   // This will skip executing rest of the code in the middleware
       context.Response.Redirect(....);
       return Task.FromResult(0);
   }
}
于 2015-03-10T21:46:59.997 回答