ASP.NETCore中的多重身份驗證-有解無憂

我的專案的身份驗證（Cookie）設定如下，

        services.AddAuthentication(options =>
        {
            options.DefaultAuthenticateScheme = CookieAuthenticationDefaults.AuthenticationScheme;
            options.DefaultScheme = CookieAuthenticationDefaults.AuthenticationScheme;
            options.DefaultChallengeScheme = CookieAuthenticationDefaults.AuthenticationScheme;
        })
            .AddCookie(options =>
            {
                options.ClaimsIssuer = "xxx.admin";
                options.Cookie.HttpOnly = true;
                options.Cookie.SecurePolicy = CookieSecurePolicy.SameAsRequest;
                options.LoginPath = "/Login/Index/";
                options.AccessDeniedPath = "/Account/Unauthorized/";
                options.Cookie.SameSite = SameSiteMode.Strict;
            });

我在不同的專案中配置了第二個身份驗證選項（OpenIdConnect），如下所示，

         services.AddRazorPages().AddMvcOptions(options =>
        {
            var policy = new AuthorizationPolicyBuilder().RequireAuthenticatedUser().Build();
            options.Filters.Add(new AuthorizeFilter(policy));
        }).AddMicrosoftIdentityUI();

        services.AddAuthentication(OpenIdConnectDefaults.AuthenticationScheme).AddMicrosoftIdentityWebApp(options =>
        {
            Configuration.Bind("AzureActiveDirectoryConnection", options);

            options.Events ??= new OpenIdConnectEvents();
            options.Events.OnTokenValidated  = OnTokenValidated;
            options.Events.OnTicketReceived  = OnTicketReceived;
            //options.Events.OnRedirectToIdentityProvider  = OnRedirectToIdentityProvider;
        });

現在，我需要將它們組合起來以在我的應用程式中支持多種身份驗證型別。我怎樣才能做到這一點？

uj5u.com熱心網友回復：

步驟1：

將兼容Microsoft.Identity.Web的Microsoft.Identity.Web.UINuGet 包添加到您的專案中。

第2步：

在方法之后添加以下行.AddCookie(options => ..)。

.Services.AddAuthentication(OpenIdConnectDefaults.AuthenticationScheme)
.AddMicrosoftIdentityWebApp(Configuration.GetSection("AzureActiveDirectoryConnection"), "OpenIdConnect", "_Cookies", true);

services.Configure<OpenIdConnectOptions>(OpenIdConnectDefaults.AuthenticationScheme, options => {

    options.Events ??= new OpenIdConnectEvents();
    options.Events.OnTokenValidated  = OnTokenValidated;
    options.Events.OnTicketReceived  = OnTicketReceived;
    options.Events.OnRedirectToIdentityProvider  = OnRedirectToIdentityProvider;
});

// This is for Azure AD SignIn and SignOut buttons' functions
services.AddRazorPages().AddMvcOptions(options => { }).AddMicrosoftIdentityUI();

// We say "I have multiple authentication schemes" to the app here
services.AddAuthorization(options =>
{
    var defaultAuthorizationPolicyBuilder = new AuthorizationPolicyBuilder(CookieAuthenticationDefaults.AuthenticationScheme, OpenIdConnectDefaults.AuthenticationScheme);
    defaultAuthorizationPolicyBuilder = defaultAuthorizationPolicyBuilder.RequireAuthenticatedUser();
    options.DefaultPolicy = defaultAuthorizationPolicyBuilder.Build();
});

簡而言之，您在此處添加第二個身份驗證選項并指定您需要的事件并系結來自 AppSettings 檔案的 Azure AD clientId、tenantId 等，例如：

"AzureActiveDirectoryConnection": {
  "Instance": "https://login.microsoftonline.com/",
  "Domain": "YourDomainName.onmicrosoft.com",
  "TenantId": "YourTenantId",
  "ClientId": "YourClientId",
  "CallbackPath": "/signin-oidc",
  "SignedOutCallbackPath ": "/signout-oidc"
}

轉載請註明出處，本文鏈接：https://www.uj5u.com/ruanti/411674.html

標籤：

上一篇：如何使用SWR根據登錄狀態有條件地獲取用戶資料？

下一篇：System.InvalidOperationException:'已經有一個打開的DataReader與此Connection關聯，必須先關閉