我在我的 asp.net mvc 应用程序中使用 OpenIdConnect 提供程序和 Owin/Katana 进行身份验证。OpenIdConnect 提供针对 Active Directory 对用户进行身份验证。一旦用户通过身份验证并将用户重定向到另一个视图,我想进行简单的授权检查。
app.UseOpenIdConnectAuthentication(new OpenIdConnectAuthenticationOptions()
{
Authority = "url",
Scope="scopes",
ResponseType = "response",
ClientId = "clientid",
SignInAsAuthenticationType = "Cookies",
Notifications = new OpenIdConnectAuthenticationNotifications()
{
SecurityTokenValidated = (context) =>
{
var identity = context.AuthenticationTicket.Identity;
var emailClaim = identity.Claims.Where(r => r.Type == ClaimTypes.Email).FirstOrDefault();
var user = dbContext.Users.Where(u=>u.Email==emailClaim.Value);
if (user != null)
{
//add user information to claims.
identity.AddClaim(new Claim(CustomClaimTypes.PersonId, user.Name.ToString()));
}
else
{
//redirect to a page
}
return Task.FromResult(0);
}
}
});
如果他不在我的数据库中,我该如何重定向用户。