ASP.NET Web APP和Web API中的Azure AD Open ID Connect OAuth 2.0无限重定向循环

debugcn 发表于 Dev

shubham mahore

ASP.NET Web应用程序可从任何Azure Active Directory（Azure AD）实例登录个人帐户以及工作和学校帐户。

OWIN中间件NuGet软件包

Install-Package Microsoft.Owin.Security.OpenIdConnect
Install-Package Microsoft.Owin.Security.Cookies
Install-Package Microsoft.Owin.Host.SystemWeb

OWIN启动类OWIN中间件使用启动类，该启动类在托管进程初始化时运行。在此快速入门中，位于根文件夹中的startup.cs文件。以下代码显示了此快速入门使用的参数

public void Configuration(IAppBuilder app)
{
    app.SetDefaultSignInAsAuthenticationType(CookieAuthenticationDefaults.AuthenticationType);

    app.UseCookieAuthentication(new CookieAuthenticationOptions());
    app.UseOpenIdConnectAuthentication(
        new OpenIdConnectAuthenticationOptions
        {
            // Sets the ClientId, authority, RedirectUri as obtained from web.config
            ClientId = clientId,
            Authority = authority,
            RedirectUri = redirectUri,
            // PostLogoutRedirectUri is the page that users will be redirected to after sign-out. In this case, it is using the home page
            PostLogoutRedirectUri = redirectUri,
            Scope = OpenIdConnectScope.OpenIdProfile,
            // ResponseType is set to request the id_token - which contains basic information about the signed-in user
            ResponseType = OpenIdConnectResponseType.IdToken,
            // ValidateIssuer set to false to allow personal and work accounts from any organization to sign in to your application
            // To only allow users from a single organizations, set ValidateIssuer to true and 'tenant' setting in web.config to the tenant name
            // To allow users from only a list of specific organizations, set ValidateIssuer to true and use ValidIssuers parameter
            TokenValidationParameters = new TokenValidationParameters()
            {
                ValidateIssuer = false // Simplification (see note below)
            },
            // OpenIdConnectAuthenticationNotifications configures OWIN to send notification of failed authentications to OnAuthenticationFailed method
            Notifications = new OpenIdConnectAuthenticationNotifications
            {
                AuthenticationFailed = OnAuthenticationFailed
            }
        }
    );
}

ASP.NET MVC / Web API

//You can force a user to sign in by requesting an authentication challenge in your controller:
public void SignIn()
{
    if (!Request.IsAuthenticated)
    {
        HttpContext.GetOwinContext().Authentication.Challenge(
            new AuthenticationProperties{ RedirectUri = "/" },
            OpenIdConnectAuthenticationDefaults.AuthenticationType);
    }
}

ASP.NET Web表单：

 protected void Login_click(object sender, EventArgs e)
        {
            if (!Request.IsAuthenticated)
            {
                HttpContext.Current.GetOwinContext().Authentication.Challenge(
                    new AuthenticationProperties { RedirectUri = "/" },
                    OpenIdConnectAuthenticationDefaults.AuthenticationType);
            }
        }

shubham mahore

该问题已在ASP.NET核心和用于ASP.NET的新版Katana Owin中得到修复。若要解决此问题，您可以升级您的应用程序以使用ASP.NET Core。如果必须继续使用ASP.NET，请执行以下操作：

将应用程序的Microsoft.Owin.Host.SystemWeb软件包至少更新为3.1.0.0版，并修改代码以使用新的cookie管理器类之一，例如以下内容：

app.UseCookieAuthentication(new CookieAuthenticationOptions 
{ 
    AuthenticationType = "Cookies", 
    CookieManager = new Microsoft.Owin.Host.SystemWeb.SystemWebChunkingCookieManager() 
});

本文收集自互联网，转载请注明来源。

如有侵权，请联系[email protected] 删除。