我有一个使用 STS 进行身份验证的 .Net 核心网站。AuthenticationBuilder.AddWsFederation()
我在我的启动中添加了调用:
services.AddAuthentication(sharedOptions =>
{
sharedOptions.DefaultScheme = CookieAuthenticationDefaults.AuthenticationScheme;
})
.AddWsFederation("WsFederation", options =>
{
options.CorrelationCookie.SameSite = SameSiteMode.None;
options.CorrelationCookie.SecurePolicy = CookieSecurePolicy.Always;
options.SkipUnrecognizedRequests = true;
options.MetadataAddress = wsFedearationSection.MetadataAddress;
options.Wtrealm = wsFedearationSection.Wtrealm;
options.Wreply = wsFedearationSection.Wreply;
options.CallbackPath = "/authhandler";
options.RemoteSignOutPath = options.CallbackPath;
options.Events.OnRedirectToIdentityProvider = ctx =>
{
ctx.ProtocolMessage.Wreq = "XML GOES HERE"
if (ctx?.ProtocolMessage != null)
ctx.ProtocolMessage.Wfresh = "0";
return Task.CompletedTask;
};
options.TokenValidationParameters = new TokenValidationParameters
{
ValidAudience = options.Wtrealm,
ValidateAudience = true,
ValidateLifetime = true,
};
})
问题是我必须指定不同wreq
的查询字符串参数,具体取决于用户是想以自然人身份还是法人身份登录,例如:
&wreq=<trust:RequestSecurityToken xmlns:trust="http://docs.oasis-open.org/ws-sx/ws-trust/200512"><auth:AdditionalContext xmlns:auth="http://docs.oasis-open.org/wsfed/authorization/200706"><auth:ContextItem Name="http://[domain]/schema/identity/claims/grantor"><auth:Value /></auth:ContextItem></auth:AdditionalContext>
据我了解,这就是ctx.ProtocolMessage.Wreq
它的用途。有什么想法可以动态设置该值吗?