我已经尝试解决这个问题两天了,并决定是时候寻求帮助了。这是设置:
使用以下软件包运行 Umbraco 7.5.6:
- UmbracoIdentity 5.0.0
- UmbracoCms.IdentityExtensions 1.0.0
- UmbracoCms.IdentityExtesnions.AzureActiveDirectory 1.0.0
我们也在运行 Thinktecture SSO 服务器
- 身份服务器3
以下是要求:
- 后台用户必须通过 AAD 或内部用户登录(此操作已完成且有效)
- 会员必须通过 Thinktecture SSO 服务器登录
- 如果成员不在主页上,则必须将他们重定向回成功登录后尝试访问的任何页面
这一切看起来都很简单,所以这是我到目前为止的代码。这是我为坚持 Owin 启动过程而编写的中间件:
public static IAppBuilder ConfigureFrontEndSsoAuth(this IAppBuilder app)
{
//var postLoginRedirectUrl = "";
var ssoOptions = new OpenIdConnectAuthenticationOptions
{
SignInAsAuthenticationType = CookieAuthenticationDefaults.AuthenticationType,
Authority = Config.SsoAuthority,
ClientId = Config.SsoClientId,
CallbackPath = new PathString("/umbraco/surface/UmbracoIdentityAccount/ExternalLoginCallback"),
RedirectUri = "http://bacp.dev/umbraco/surface/UmbracoIdentityAccount/ExternalLoginCallback",
ResponseType = Config.SsoResponseType,
Scope = Config.SsoScope,
AuthenticationMode = AuthenticationMode.Passive,
Notifications = new OpenIdConnectAuthenticationNotifications()
{
SecurityTokenValidated = async x =>
{
// Will deal with Claims soon
}
}
};
ssoOptions.Caption = "Member SSO";
ssoOptions.AuthenticationType = String.Format(CultureInfo.InvariantCulture, Config.SsoAuthority);
ssoOptions.SetExternalSignInAutoLinkOptions(new ExternalSignInAutoLinkOptions(autoLinkExternalAccount: true));
app.UseOpenIdConnectAuthentication(ssoOptions);
return app;
}
这是我的两个控制器方法:
[HttpPost]
[AllowAnonymous]
[ValidateAntiForgeryToken]
public ActionResult ExternalLogin(string provider, string returnUrl = null)
{
if (returnUrl.IsNullOrWhiteSpace())
{
returnUrl = Request.RawUrl;
}
// Request a redirect to the external login provider
return new ChallengeResult(provider,
Url.SurfaceAction<UmbracoIdentityAccountController>("ExternalLoginCallback", new { ReturnUrl = returnUrl }));
}
[HttpGet]
[HttpPost]
[AllowAnonymous]
public async Task<ActionResult> ExternalLoginCallback(string returnUrl = null)
{
if (String.IsNullOrEmpty(returnUrl))
{
returnUrl = "/";
}
var loginInfo = await OwinContext.Authentication.GetExternalLoginInfoAsync();
if (loginInfo == null)
{
//go home, invalid callback
return RedirectToLocal(returnUrl);
}
// Sign in the user with this external login provider if the user already has a login
var user = await UserManager.FindAsync(loginInfo.Login);
if (user != null)
{
await SignInAsync(user, isPersistent: false);
return RedirectToLocal(returnUrl);
}
else
{
// If the user does not have an account, then prompt the user to create an account
ViewBag.ReturnUrl = returnUrl;
ViewBag.LoginProvider = loginInfo.Login.LoginProvider;
return View("ExternalLoginConfirmation", new ExternalLoginConfirmationViewModel { Email = loginInfo.Email });
}
}
最后,视图上的登录操作:
<form action="/Umbraco/surface/UmbracoIdentityAccount/ExternalLogin" method="post">
@Html.AntiForgeryToken()
<input type="hidden" name="provider" value="@Config.SsoAuthority"/>
<input type="hidden" name="returnUrl" value="@Request.RawUrl"/>
<input type="submit" class="profile-summary__link" value="Login"/>
</form>
现在,这就是我迷路的地方,我要么只是错过了一些非常小的东西,要么是一些东西。以下步骤是手头的问题:
- Umbraco 页面加载
- 我可以点击重定向到 SSO 服务器的“登录”
- 如果我没有登录,我登录 | 如果我已登录,它会验证我的 cookie 并将我发回
- 它声称它正在将我发送到 ExternalLoginCallback 但如果我在控制器方法上放置一个断点,它永远不会命中。
- 然后它会尝试重定向回 ExternalLogin(不确定它是从哪里得到的)
任何帮助或建议都会很棒。