目前,我已使用客户端 ID 和客户端密钥成功连接到 OpenId 提供程序现在,我的提供程序更改为使用 mTLS,因此他们不使用客户端密钥并使用证书(来自 X-CERT 标头)。我的问题是:如何将证书值(例如:“XXX”)传递给名为“X-CERT”的 http 标头?
authenticationBuilder.AddOpenIdConnect(options =>
{
options.ClientId = configuration["Authentication:OpenId:ClientId"];
options.Authority = configuration["Authentication:OpenId:Authority"];
options.SignedOutRedirectUri = configuration["App:WebSiteRootAddress"] + "Account/Logout";
options.ResponseType = OpenIdConnectResponseType.IdToken;
options.TokenValidationParameters = new TokenValidationParameters()
{
ValidateIssuer = bool.Parse(configuration["Authentication:OpenId:ValidateIssuer"])
};
options.Events.OnTokenValidated = context =>
{
var jsonClaimMappings = new List<JsonClaimMap>();
configuration.GetSection("Authentication:OpenId:ClaimsMapping").Bind(jsonClaimMappings);
context.AddMappedClaims(jsonClaimMappings);
return Task.FromResult(0);
};
var clientSecret = configuration["Authentication:OpenId:ClientSecret"];
if (!clientSecret.IsNullOrEmpty())
{
options.ClientSecret = clientSecret;
}
});
[HttpPost]
public ActionResult ExternalLogin(string provider, string returnUrl, string ss = "")
{
var redirectUrl = Url.Action(
"ExternalLoginCallback",
"Account",
new
{
ReturnUrl = returnUrl,
authSchema = provider,
ss = ss
});
var properties = _signInManager.ConfigureExternalAuthenticationProperties(provider, redirectUrl);
return Challenge(properties, provider);
}