OWIN openid连接外部登录不执行指定的回调url
我正在使用owin openid connect身份验证提供程序托管在一个单独的域身份验证。认证过程很好地工作。我能够在身份服务器成功登录后查看受限制的页面。OWIN openid连接外部登录不执行指定的回调url
但我希望外部身份服务器返回到“account/SignInCallback”控制器操作,以便我可以执行与成员帐户相关的几行代码。在浏览器的网络活动中,它显示“302 Found”为“account/SignInCallback”,但它不会触及连接到它的断点。它直接进入请求启动网址,例如“帐号/仪表板”。
有没有一种方法可以强制系统在登录后返回特定的url,即使请求url是不同的?
public class AccountController : BaseController
{
public AccountController() : base()
{
}
[Authorize]
public ActionResult Dashboard()
{
return View();
}
[HttpPost]
[AllowAnonymous]
public ActionResult SignInCallback()
{
if (User.Identity.IsAuthenticated)
{
// Read claims and execute member specific codes
}
return View();
}
[AllowAnonymous]
public ActionResult Unauthorized()
{
return View();
}
}
启动类如下:
public sealed class Startup
{
public void Configuration(IAppBuilder app)
{
string ClientCallbackUri = @"https://client.local/account/SignInCallback";
string IdServBaseUri = @"https://idm.website.com/core";
string TokenEndpoint = @"https://idm.website.com/core/connect/token";
string UserInfoEndpoint = @"https://idm.website.com/core/connect/userinfo";
string ClientId = @"WebPortalDemo";
string ClientSecret = @"aG90apW2+DbX1wVnwwLD+eu17g3vPRIg7p1OnzT14TE=";
JwtSecurityTokenHandler.InboundClaimTypeMap = new Dictionary<string, string>();
app.UseCookieAuthentication(new CookieAuthenticationOptions
{
AuthenticationType = "Cookies"
});
app.UseOpenIdConnectAuthentication(new OpenIdConnectAuthenticationOptions
{
ClientId = ClientId,
Authority = IdServBaseUri,
RedirectUri = ClientCallbackUri,
PostLogoutRedirectUri = ClientUri,
ResponseType = "code id_token token",
Scope = "openid profile roles",
TokenValidationParameters = new TokenValidationParameters
{
NameClaimType = "name",
RoleClaimType = "role"
},
SignInAsAuthenticationType = "Cookies",
Notifications = new OpenIdConnectAuthenticationNotifications
{
AuthorizationCodeReceived = async n =>
{
// use the code to get the access and refresh token
var tokenClient = new TokenClient(
TokenEndpoint,
ClientId,
ClientSecret);
var tokenResponse = await tokenClient.RequestAuthorizationCodeAsync(n.Code, n.RedirectUri);
if (tokenResponse.IsError)
{
throw new Exception(tokenResponse.Error);
}
// use the access token to retrieve claims from userinfo
var userInfoClient = new UserInfoClient(UserInfoEndpoint);
var userInfoResponse = await userInfoClient.GetAsync(tokenResponse.AccessToken);
// create new identity
var id = new ClaimsIdentity(n.AuthenticationTicket.Identity.AuthenticationType);
//id.AddClaims(userInfoResponse.GetClaimsIdentity().Claims);
id.AddClaims(userInfoResponse.Claims);
id.AddClaim(new Claim("access_token", tokenResponse.AccessToken));
id.AddClaim(new Claim("expires_at", DateTime.Now.AddSeconds(tokenResponse.ExpiresIn).ToLocalTime().ToString()));
id.AddClaim(new Claim("refresh_token", tokenResponse.RefreshToken));
id.AddClaim(new Claim("id_token", n.ProtocolMessage.IdToken));
id.AddClaim(new Claim("sid", n.AuthenticationTicket.Identity.FindFirst("sid").Value));
n.AuthenticationTicket = new AuthenticationTicket(
new ClaimsIdentity(id.Claims, n.AuthenticationTicket.Identity.AuthenticationType, "name", "role"),
n.AuthenticationTicket.Properties);
}
}
});
}
}
它看起来你需要的是设置
n.AuthenticationTicket.Properties.RedirectUri = n.RedirectUri;
在AuthorizationCodeReceived
委托
个人身份验证模板通过启用AutomaticChallenge上的Cookie中间件而不是其它验证的中间件(OIDC在这种情况下)做到这一点。 Cookie将其重定向到一个AccountController登录页面,然后他们选择auth方法,执行auth重定向,返回到帐户控制器以进行您想要添加的额外步骤,然后通过重定向回原始页面完成。
这里是一个模板ASP.NET核心的更高版本: https://github.com/aspnet/Templates/blob/rel/1.0.5/src/Rules/StarterWeb/IndividualAuth/Controllers/AccountController.cs https://github.com/aspnet/Templates/blob/rel/1.0.5/src/Rules/StarterWeb/IndividualAuth/Startup.cs
注意这在很大程度上是由身份管理的框架,但它不是必需的。