在成功验证后,我想检索ID Token可以通过 GET/POST 请求将其发送到另一个应用程序的内容。
场景如下:
- 使用不同 url (*.domain.com) 的多个 Web 应用程序
- 所有应用程序都需要针对 Azure Active Directory 进行身份验证
- URL 太多,无法将它们全部作为 redirect_url(每个主机名都需要一个)
- 想法是有一个“登录”应用程序(login.domain.com)来处理登录,然后将 ID 令牌转发到 *.domain.com 应用程序(使用状态字段中的 URL)
- *.domain.com 然后验证 ID 令牌并授权用户
使用 Microsoft.AspNetCore.Authentication.OpenIdConnect,我无法弄清楚如何检索 ID 令牌以便正确转发它。
我已经为 ASP.NET Core 1.0 Web 应用程序使用了 VS2015 模板并正确配置了身份验证(这有效)
现在我需要以某种方式获得令牌,但我不知道如何。
app.UseOpenIdConnectAuthentication(new OpenIdConnectOptions()
{
ClientId = Configuration["Authentication:AzureAd:ClientId"],
Authority = Configuration["Authentication:AzureAd:AADInstance"] + "Common",
CallbackPath = Configuration["Authentication:AzureAd:CallbackPath"],
TokenValidationParameters = new TokenValidationParameters
{
// Instead of using the default validation (validating against a single issuer value, as we do in line of business apps),
// we inject our own multitenant validation logic
ValidateIssuer = false,
// If the app is meant to be accessed by entire organizations, add your issuer validation logic here.
//IssuerValidator = (issuer, securityToken, validationParameters) => {
// if (myIssuerValidationLogic(issuer)) return issuer;
//}
},
Events = new OpenIdConnectEvents
{
OnTicketReceived = (context) =>
{
// If your authentication logic is based on users then add your logic here
return Task.FromResult(0);
},
OnAuthenticationFailed = (context) =>
{
context.Response.Redirect("/Home/Error");
context.HandleResponse(); // Suppress the exception
return Task.FromResult(0);
},
// If your application needs to do authenticate single users, add your user validation below.
//OnTokenValidated = (context) =>
//{
// return myUserValidationLogic(context.Ticket.Principal);
//}
}
});
我想我应该能够在OnTicketReceived使用TicketReceivedContext?