在线时间:8:00-16:00
迪恩网络APP
随时随地掌握行业动态
扫描二维码
关注迪恩网络微信公众号
题记:在ASP.NET 5中虽然继续可以沿用ASP.NET Identity来做验证授权,不过也可以很容易集成支持标准协议的第三方服务,比如Azure Active Directory。 其实,在ASP.NET 5中集成AzureAD,利用其进行验证和授权,是非常简单的。因为:首先Azure Active Directory提供了OAuth2.0、OpenId Connect 1.0、SAML和WS-Federation 1.2标准协议接口;其次微软在ASP.NET 5中移植了集成OpenId Connect的OWIN中间件。所以,只要在ASP.NET 5项目中引用"Microsoft.AspNet.Authentication.OpenIdConnect"这个包,并正确配置AzureAD的连接信息,就可以很容易的进行集成。 大致步骤如下: 1,在config.json文件中添加AzureAD的配置信息: "AzureAd": { "ClientId": "[Enter the clientId of your application as obtained from portal, e.g. ba74781c2-53c2-442a-97c2-3d60re42f403]", "Tenant": "[Enter the name of your tenant, e.g. contoso.onmicrosoft.com]", "AadInstance": "https://login.microsoftonline.com/{0}", // This is the public instance of Azure AD "PostLogoutRedirectUri": https://localhost:44322/ } 2,修改project.json,引入OpenIdConnect的中间件: "Microsoft.AspNet.Authentication.OpenIdConnect": "1.0.0-*" 3,在Startup中的ConfigureServices方法里面添加: // OpenID Connect Authentication Requires Cookie Auth services.Configure<ExternalAuthenticationOptions>(options => { options.SignInScheme = CookieAuthenticationDefaults.AuthenticationScheme; }); 4,在Startup中的Configure方法里面添加: // Configure the OWIN Pipeline to use Cookie Authentication app.UseCookieAuthentication(options => { // By default, all middleware are passive/not automatic. Making cookie middleware automatic so that it acts on all the messages. options.AutomaticAuthentication = true; }); // Configure the OWIN Pipeline to use OpenId Connect Authentication app.UseOpenIdConnectAuthentication(options => { options.ClientId = Configuration.Get("AzureAd:ClientId"); options.Authority = String.Format(Configuration.Get("AzureAd:AadInstance"), Configuration.Get("AzureAd:Tenant")); options.PostLogoutRedirectUri = Configuration.Get("AzureAd:PostLogoutRedirectUri"); options.Notifications = new OpenIdConnectAuthenticationNotifications { AuthenticationFailed = OnAuthenticationFailed, }; }); 5,Startup的OnAuthenticationFailed方法为: private Task OnAuthenticationFailed(AuthenticationFailedNotification<OpenIdConnectMessage, OpenIdConnectAuthenticationOptions> notification) { notification.HandleResponse(); notification.Response.Redirect("/Home/Error?message=" + notification.Exception.Message); return Task.FromResult(0); } 6,添加一个名为AccountController的Controller: public class AccountController : Controller { // GET: /Account/Login [HttpGet] public IActionResult Login() { if (Context.User == null || !Context.User.Identity.IsAuthenticated) return new ChallengeResult(OpenIdConnectAuthenticationDefaults.AuthenticationScheme, new AuthenticationProperties { RedirectUri = "/" }); return RedirectToAction("Index", "Home"); } // GET: /Account/LogOff [HttpGet] public IActionResult LogOff() { if (Context.User.Identity.IsAuthenticated) { Context.Authentication.SignOut(CookieAuthenticationDefaults.AuthenticationScheme); Context.Authentication.SignOut(OpenIdConnectAuthenticationDefaults.AuthenticationScheme); } return RedirectToAction("Index", "Home"); } } 以上代码也可以到我Fork的完整示例项目中找到:https://github.com/heavenwing/WebApp-OpenIdConnect-AspNet5 【更新:2015-07-16】 app.UseOpenIdConnectAuthentication(options => { options.AutomaticAuthentication = true; }); 具体见:https://github.com/aspnet/Security/issues/357#issuecomment-120834369 以上所述就是本文的全部内容了,希望大家能够喜欢。 |
请发表评论