0

我有一个使用 STS 进行身份验证的 .Net 核心网站。AuthenticationBuilder.AddWsFederation()我在我的启动中添加了调用:

services.AddAuthentication(sharedOptions =>
            {
                sharedOptions.DefaultScheme = CookieAuthenticationDefaults.AuthenticationScheme;
            })
            .AddWsFederation("WsFederation", options =>
             {
                 options.CorrelationCookie.SameSite = SameSiteMode.None;
                 options.CorrelationCookie.SecurePolicy = CookieSecurePolicy.Always;
                 options.SkipUnrecognizedRequests = true;

                 options.MetadataAddress = wsFedearationSection.MetadataAddress;
                 options.Wtrealm = wsFedearationSection.Wtrealm;
                 options.Wreply = wsFedearationSection.Wreply;
                 options.CallbackPath = "/authhandler";
                 
                 options.RemoteSignOutPath = options.CallbackPath;
                 options.Events.OnRedirectToIdentityProvider = ctx =>
                 {
                     ctx.ProtocolMessage.Wreq = "XML GOES HERE"
                     if (ctx?.ProtocolMessage != null)
                         ctx.ProtocolMessage.Wfresh = "0";

                     return Task.CompletedTask;
                 };
                
                 options.TokenValidationParameters = new TokenValidationParameters
                 {
                     ValidAudience = options.Wtrealm,
                     ValidateAudience = true,
                     ValidateLifetime = true, 
                 };
             })

问题是我必须指定不同wreq的查询字符串参数,具体取决于用户是想以自然人身份还是法人身份登录,例如:

&wreq=<trust:RequestSecurityToken xmlns:trust="http://docs.oasis-open.org/ws-sx/ws-trust/200512"><auth:AdditionalContext xmlns:auth="http://docs.oasis-open.org/wsfed/authorization/200706"><auth:ContextItem Name="http://[domain]/schema/identity/claims/grantor"><auth:Value /></auth:ContextItem></auth:AdditionalContext>

据我了解,这就是ctx.ProtocolMessage.Wreq它的用途。有什么想法可以动态设置该值吗?

4

0 回答 0