0

设置 Windows 身份验证的文档在这里: https ://docs.identityserver.io/en/latest/topics/windows.html

但是我不知道如何配置该Callback()行中提到的方法,RedirectUri = Url.Action("Callback"),或者我什至不应该使用它。

我尝试手动重定向回https://<client:port>/auth-callback我的角度应用程序的路线,但出现错误:

Error: No state in response
    at UserManager.processSigninResponse (oidc-client.js:8308)

有人有建议的Callback方法,我可以使用 code + pkce 与 SPA 一起使用吗?我试过搜索谷歌,但目前没有使用 Windows 身份验证的示例应用程序,而且确实存在的应用程序很旧。

4

1 回答 1

1

看一下ExternalLoginCallback方法。我还在下面粘贴了截至 2020 年 10 月 26 日的代码版本,以供将来参考,以防回购消失。

    /// <summary>
    /// Post processing of external authentication
    /// </summary>
    [HttpGet]
    public async Task<IActionResult> ExternalLoginCallback()
    {
        // read external identity from the temporary cookie
        var result = await HttpContext.AuthenticateAsync(IdentityConstants.ExternalScheme);
        if (result?.Succeeded != true)
        {
            throw new Exception("External authentication error");
        }

        // lookup our user and external provider info
        var (user, provider, providerUserId, claims) = await FindUserFromExternalProviderAsync(result);
        if (user == null)
        {
            // this might be where you might initiate a custom workflow for user registration
            // in this sample we don't show how that would be done, as our sample implementation
            // simply auto-provisions new external user
            user = await AutoProvisionUserAsync(provider, providerUserId, claims);
        }

        // this allows us to collect any additonal claims or properties
        // for the specific prtotocols used and store them in the local auth cookie.
        // this is typically used to store data needed for signout from those protocols.
        var additionalLocalClaims = new List<Claim>();
        additionalLocalClaims.AddRange(claims);

        var localSignInProps = new AuthenticationProperties();
        ProcessLoginCallbackForOidc(result, additionalLocalClaims, localSignInProps);
        ProcessLoginCallbackForWsFed(result, additionalLocalClaims, localSignInProps);
        ProcessLoginCallbackForSaml2p(result, additionalLocalClaims, localSignInProps);

        // issue authentication cookie for user
        // we must issue the cookie maually, and can't use the SignInManager because
        // it doesn't expose an API to issue additional claims from the login workflow
        var principal = await _signInManager.CreateUserPrincipalAsync(user);
        additionalLocalClaims.AddRange(principal.Claims);

        var name = principal.FindFirst(JwtClaimTypes.Name)?.Value ?? user.Id;
        await _events.RaiseAsync(new UserLoginSuccessEvent(provider, providerUserId, user.Id, name));

        // issue authentication cookie for user
        var isuser = new IdentityServerUser(principal.GetSubjectId())
        {
            DisplayName = name,
            IdentityProvider = provider,
            AdditionalClaims = additionalLocalClaims
        };

        await HttpContext.SignInAsync(isuser, localSignInProps);

        // delete temporary cookie used during external authentication
        await HttpContext.SignOutAsync(IdentityConstants.ExternalScheme);

        // validate return URL and redirect back to authorization endpoint or a local page
        var returnUrl = result.Properties.Items["returnUrl"];
        if (_interaction.IsValidReturnUrl(returnUrl) || Url.IsLocalUrl(returnUrl))
        {
            return Redirect(returnUrl);
        }

        return Redirect("~/");
    }
于 2020-10-26T17:33:36.593 回答