0

我的项目的身份验证(Cookie)设置如下,

        services.AddAuthentication(options =>
        {
            options.DefaultAuthenticateScheme = CookieAuthenticationDefaults.AuthenticationScheme;
            options.DefaultScheme = CookieAuthenticationDefaults.AuthenticationScheme;
            options.DefaultChallengeScheme = CookieAuthenticationDefaults.AuthenticationScheme;
        })
            .AddCookie(options =>
            {
                options.ClaimsIssuer = "xxx.admin";
                options.Cookie.HttpOnly = true;
                options.Cookie.SecurePolicy = CookieSecurePolicy.SameAsRequest;
                options.LoginPath = "/Login/Index/";
                options.AccessDeniedPath = "/Account/Unauthorized/";
                options.Cookie.SameSite = SameSiteMode.Strict;
            });

我在不同的项目中配置了第二个身份验证选项(OpenIdConnect),如下所示,

         services.AddRazorPages().AddMvcOptions(options =>
        {
            var policy = new AuthorizationPolicyBuilder().RequireAuthenticatedUser().Build();
            options.Filters.Add(new AuthorizeFilter(policy));
        }).AddMicrosoftIdentityUI();

        services.AddAuthentication(OpenIdConnectDefaults.AuthenticationScheme).AddMicrosoftIdentityWebApp(options =>
        {
            Configuration.Bind("AzureActiveDirectoryConnection", options);

            options.Events ??= new OpenIdConnectEvents();
            options.Events.OnTokenValidated += OnTokenValidated;
            options.Events.OnTicketReceived += OnTicketReceived;
            //options.Events.OnRedirectToIdentityProvider += OnRedirectToIdentityProvider;
        });

现在,我需要将它们组合起来以在我的应用程序中支持多种身份验证类型。我怎样才能做到这一点?

4

1 回答 1

0

步骤1:

将兼容Microsoft.Identity.WebMicrosoft.Identity.Web.UINuGet 包添加到您的项目中。

第2步:

在方法之后添加以下行.AddCookie(options => ..)

.Services.AddAuthentication(OpenIdConnectDefaults.AuthenticationScheme)
.AddMicrosoftIdentityWebApp(Configuration.GetSection("AzureActiveDirectoryConnection"), "OpenIdConnect", "_Cookies", true);

services.Configure<OpenIdConnectOptions>(OpenIdConnectDefaults.AuthenticationScheme, options => {

    options.Events ??= new OpenIdConnectEvents();
    options.Events.OnTokenValidated += OnTokenValidated;
    options.Events.OnTicketReceived += OnTicketReceived;
    options.Events.OnRedirectToIdentityProvider += OnRedirectToIdentityProvider;
});

// This is for Azure AD SignIn and SignOut buttons' functions
services.AddRazorPages().AddMvcOptions(options => { }).AddMicrosoftIdentityUI();

// We say "I have multiple authentication schemes" to the app here
services.AddAuthorization(options =>
{
    var defaultAuthorizationPolicyBuilder = new AuthorizationPolicyBuilder(CookieAuthenticationDefaults.AuthenticationScheme, OpenIdConnectDefaults.AuthenticationScheme);
    defaultAuthorizationPolicyBuilder = defaultAuthorizationPolicyBuilder.RequireAuthenticatedUser();
    options.DefaultPolicy = defaultAuthorizationPolicyBuilder.Build();
});

简而言之,您在此处添加第二个身份验证选项并指定您需要的事件并绑定来自 AppSettings 文件的 Azure AD clientId、tenantId 等,例如:

"AzureActiveDirectoryConnection": {
  "Instance": "https://login.microsoftonline.com/",
  "Domain": "YourDomainName.onmicrosoft.com",
  "TenantId": "YourTenantId",
  "ClientId": "YourClientId",
  "CallbackPath": "/signin-oidc",
  "SignedOutCallbackPath ": "/signout-oidc"
}
于 2022-01-13T11:11:16.717 回答