Azure身份验证和OAuth身份验证
问题描述:
我必须找到问题的解决方案。所以我正在开发网站,我坚持认证。首先,我们使用Azure Active Directory进行用户存储。所以我找到了WebApp-WebAPI-OpenIDConnect-DotNet,并使它适合我的需求。到目前为止它工作正常。但现在我还必须实施外部登录(facebook,twitter等)。因此,我评论了以前的所有工作,以便我处理此任务。我不得不重写一些UserManager和UserStore类,但它已经可以工作了。我可以登录Facebook。但是现在,当我需要将这两个登录名一起加入时,它们不起作用。看起来,他们在框架内发生冲突。 Facebook登录需要app.UseExternalSignInCookie(DefaultAuthenticationTypes.ExternalCookie);
,但当我打开此功能时,天蓝色登录将停止工作。如果我评论这一点,天蓝色的登录工程,Facebook没有。任何人都可以给我一些帮助解决这个问题吗?我会提供我Startup.Auth.cs
Azure身份验证和OAuth身份验证
using System;
using Owin;
using Microsoft.Owin.Security;
using Microsoft.Owin.Security.Cookies;
using Microsoft.Owin.Security.OpenIdConnect;
using System.Configuration;
using System.Globalization;
using Microsoft.AspNet.Identity;
using Microsoft.Owin;
using Microsoft.AspNet.Identity.Owin;
using ClearRoadmapWeb.LoginProviderHelpers;
using Microsoft.Owin.Security.Facebook;
using System.Collections.Generic;
namespace ClearRoadmapWeb
{
public partial class Startup
{
private static string clientId = ConfigurationManager.AppSettings["ida:ClientId"];
private static string aadInstance = ConfigurationManager.AppSettings["ida:AADInstance"];
private static string tenant = ConfigurationManager.AppSettings["ida:Tenant"];
private static string postLogoutRedirectUri = ConfigurationManager.AppSettings["ida:PostLogoutRedirectUri"];
string authority = String.Format(CultureInfo.InvariantCulture, aadInstance, tenant);
public void ConfigureAuth(IAppBuilder app)
{
app.SetDefaultSignInAsAuthenticationType(DefaultAuthenticationTypes.ExternalCookie);
app.UseCookieAuthentication(new CookieAuthenticationOptions());
app.SetDefaultSignInAsAuthenticationType(CookieAuthenticationDefaults.AuthenticationType);
app.UseCookieAuthentication(new CookieAuthenticationOptions());
app.UseOpenIdConnectAuthentication(
new OpenIdConnectAuthenticationOptions
{
ClientId = clientId,
Authority = authority,
PostLogoutRedirectUri = postLogoutRedirectUri
}
);
app.CreatePerOwinContext<AzureIdentityUserManager>(AzureIdentityUserManager.Create); //For Faceook
app.CreatePerOwinContext<AzureIdentitySignInManager>(AzureIdentitySignInManager.Create); //For Facebook
#region FacebookOptions
//app.UseExternalSignInCookie(DefaultAuthenticationTypes.ExternalCookie);
FacebookAuthenticationOptions facebookOptions = new FacebookAuthenticationOptions()
{
AppId = "fb appId",
AppSecret = "fb appSecret"
};
facebookOptions.Scope.Add("email");
facebookOptions.Provider = new FacebookAuthenticationProvider()
{
OnAuthenticated = async context =>
{
foreach (var x in context.User)
{
context.Identity.AddClaim(new System.Security.Claims.Claim(x.Key, x.Value.ToString()));
}
//Get the access token from FB and store it in the database and use FacebookC# SDK to get more information about the user
context.Identity.AddClaim(new System.Security.Claims.Claim("FacebookAccessToken", context.AccessToken));
}
};
#endregion
app.UseFacebookAuthentication(facebookOptions);
}
}
}
答
默认情况下OpenIdConnect认证模式是有效的。这意味着oidc将总是尝试处理授权。对我来说,适用于在控制器方法中发出直接挑战,如下所示:
HttpContext.GetOwinContext()。Authentication.Challenge(“FaceBook”);
这是编码Startup_Auth如后:
public void Configure(IAppBuilder app)
{
CookieAuthenticationExtensions.UseCookieAuthentication(
app,
new CookieAuthenticationOptions
{
AuthenticationType = "FaceBook",
});
FacebookAuthenticationExtensions.UseFacebookAuthentication(
app,
new Microsoft.Owin.Security.Facebook.FacebookAuthenticationOptions
{
AppId = "...",
AppSecret = "...",
AuthenticationType = "FaceBook",
SignInAsAuthenticationType = "FaceBook",
});
CookieAuthenticationExtensions.UseCookieAuthentication(
app,
new CookieAuthenticationOptions
{
AuthenticationType = "OpenIdConnect",
});
OpenIdConnectAuthenticationExtensions.UseOpenIdConnectAuthentication(
app,
new Microsoft.Owin.Security.OpenIdConnect.OpenIdConnectAuthenticationOptions
{
AuthenticationType = "OpenIdConnect",
AuthenticationMode = Microsoft.Owin.Security.AuthenticationMode.Passive,
ClientId = "...",
Authority = "...",
SignInAsAuthenticationType = "OpenIdConnect"
});
你需要确保当你想AAD和FB之间“开关”的身份,你清除注销现有的身份或清除当前饼干。
OpenID的工作,但对于脸谱,我不得不改变''FaceBook“'到'”Facebook“'。但后来,在Facebook登录后,它将我循环到'https:// localhost:44300/Account/ExternalLogin?provider = Facebook&error = access_denied&error = access_denied ...&error = access_denied ...'(每次添加'&error = access_denied' ) – Wish 2014-12-08 08:11:00