久久久久久久av_日韩在线中文_看一级毛片视频_日本精品二区_成人深夜福利视频_武道仙尊动漫在线观看

使用 Authentication.AzureAD.UI 庫(kù)時(shí)實(shí)現(xiàn) OpenIdConnectOp

Implementing OpenIdConnectOptions Events when using Authentication.AzureAD.UI Library(使用 Authentication.AzureAD.UI 庫(kù)時(shí)實(shí)現(xiàn) OpenIdConnectOptions 事件)
本文介紹了使用 Authentication.AzureAD.UI 庫(kù)時(shí)實(shí)現(xiàn) OpenIdConnectOptions 事件的處理方法,對(duì)大家解決問(wèn)題具有一定的參考價(jià)值,需要的朋友們下面隨著小編來(lái)一起學(xué)習(xí)吧!

問(wèn)題描述

限時(shí)送ChatGPT賬號(hào)..

我一直在使用從示例創(chuàng)建的庫(kù),允許我使用 Azure Active Directory 對(duì) .NET 核心 Web 應(yīng)用程序進(jìn)行身份驗(yàn)證,并利用各種 OpenIdConnectOptions 事件(例如 OnTokenValidated) 向主體添加某些聲明,并將該數(shù)據(jù)添加到類似身份的數(shù)據(jù)庫(kù)中,以便 API 可以根據(jù)其令牌對(duì)調(diào)用者進(jìn)行基于策略的確定.

I have been using a library I created from samples allowing me to authenticate a .NET core web app with Azure Active Directory and to take advantage of the various OpenIdConnectOptions events (e.g. OnTokenValidated) to add certain claims to the principal as well as add that data to an identity-like database so that APIs can make policy-based determinations of the caller based on their token.

但我寧愿使用 Microsoft.AspNetCore.Authentication.AzureAD.UI NuGet 包而不是我的自定義變體,我只是不確定如何訪問(wèn)和訪問(wèn) OpenIdConnectOptions.

But I would just rather use the Microsoft.AspNetCore.Authentication.AzureAD.UI NuGet package than my customized variation, I am just not sure how to reach in and access the event on the OpenIdConnectOptions.

我不知道這是否無(wú)法完成,或者我只是沒(méi)有足夠的依賴注入處理來(lái)弄清楚如何做到這一點(diǎn).

I don't know if it's not something that can be done, or I just haven't got enough of a handle on dependency injection to figure out how to do that.

或者我應(yīng)該考慮在流程的不同部分添加聲明等?

Or should I consider adding claims, etc. in a different part of the process?

public static AuthenticationBuilder AddAzureAD(
    this AuthenticationBuilder builder,
    string scheme,
    string openIdConnectScheme,
    string cookieScheme,
    string displayName,
    Action<AzureADOptions> configureOptions) {

    AddAdditionalMvcApplicationParts(builder.Services);
    builder.AddPolicyScheme(scheme, displayName, o => {
        o.ForwardDefault = cookieScheme;
        o.ForwardChallenge = openIdConnectScheme;
    });

    builder.Services.Configure(
        TryAddOpenIDCookieSchemeMappings(scheme, openIdConnectScheme, cookieScheme));

    builder.Services.TryAddSingleton<IConfigureOptions<AzureADOptions>, AzureADOptionsConfiguration>();

    // They put in their custom OpenIdConnect configuration, but I can't see how to get at the events.
    builder.Services.TryAddSingleton<IConfigureOptions<OpenIdConnectOptions>, OpenIdConnectOptionsConfiguration>();

    builder.Services.TryAddSingleton<IConfigureOptions<CookieAuthenticationOptions>, CookieOptionsConfiguration>();

    builder.Services.Configure(scheme, configureOptions);

    builder.AddOpenIdConnect(openIdConnectScheme, null, o => { });
    builder.AddCookie(cookieScheme, null, o => { });

    return builder;
}

推薦答案

我在這里聚會(huì)可能有點(diǎn)晚了,但我遇到了同樣的問(wèn)題,發(fā)現(xiàn) AzureAD 身份驗(yàn)證中間件的文檔很少.在此處為遇到相同問(wèn)題的其他人添加解決方案.

I might be a little late to the party here, but I've come across the same issue and found that the AzureAD authentication middleware is very sparsely documented. Adding the solution here for others struggling with the same question.

正如您在問(wèn)題的代碼片段底部看到的那樣,AzureAD 提供程序?qū)嶋H上依賴于 OpenIdConnectCookie 身份驗(yàn)證提供程序,而不是自行實(shí)現(xiàn)任何身份驗(yàn)證邏輯.

As you can see at the bottom of the code snippet in the question, the AzureAD provider actually relies on OpenIdConnect and Cookie auth providers under the hoods, and does not implement any authentication logic itself.

為此,添加了兩個(gè)額外的身份驗(yàn)證方案,分別使用定義為 AzureADDefaults.OpenIdSchemeAzureADDefaults.CookieScheme 的名稱.

To accomplish this, two additional authentication schemes are added, using the names defined as AzureADDefaults.OpenIdScheme and AzureADDefaults.CookieScheme, respectively.

(雖然使用 AddAzureAD(this Microsoft.AspNetCore.Authentication.AuthenticationBuilder builder, string scheme, string openIdConnectScheme, string cookieScheme, string displayName, ActionconfigureOptions) 重載).

這反過(guò)來(lái)又允許使用上面的方案名稱配置有效的 OpenIdConnectOptionsCookieAuthenticationOptions,包括訪問(wèn) OpenIdConnectEvents.

That, in turn, allows to configure the effective OpenIdConnectOptions and CookieAuthenticationOptions by using the scheme names from above, including access to OpenIdConnectEvents.

查看這個(gè)完整的例子:

        services.AddAuthentication(AzureADDefaults.AuthenticationScheme)
            .AddAzureAD(options => Configuration.Bind("AzureAd", options));

        services.Configure<OpenIdConnectOptions>(AzureADDefaults.OpenIdScheme, options =>
        {
            options.Events = new OpenIdConnectEvents
            {
                OnRedirectToIdentityProvider = async ctxt =>
                {
                    // Invoked before redirecting to the identity provider to authenticate. This can be used to set ProtocolMessage.State
                    // that will be persisted through the authentication process. The ProtocolMessage can also be used to add or customize
                    // parameters sent to the identity provider.
                    await Task.Yield();
                },
                OnMessageReceived = async ctxt =>
                {
                    // Invoked when a protocol message is first received.
                    await Task.Yield();
                },
                OnTicketReceived = async ctxt =>
                {
                    // Invoked after the remote ticket has been received.
                    // Can be used to modify the Principal before it is passed to the Cookie scheme for sign-in.
                    // This example removes all 'groups' claims from the Principal (assuming the AAD app has been configured
                    // with "groupMembershipClaims": "SecurityGroup"). Group memberships can be checked here and turned into
                    // roles, to be persisted in the cookie.
                    if (ctxt.Principal.Identity is ClaimsIdentity identity)
                    {
                        ctxt.Principal.FindAll(x => x.Type == "groups")
                            .ToList()
                            .ForEach(identity.RemoveClaim);
                    }                        
                    await Task.Yield();
                },
            };
        });

        services.Configure<CookieAuthenticationOptions>(AzureADDefaults.CookieScheme, options =>
        {
            options.Events = new CookieAuthenticationEvents
            {
                // ...
            };
        });

這篇關(guān)于使用 Authentication.AzureAD.UI 庫(kù)時(shí)實(shí)現(xiàn) OpenIdConnectOptions 事件的文章就介紹到這了,希望我們推薦的答案對(duì)大家有所幫助,也希望大家多多支持html5模板網(wǎng)!

【網(wǎng)站聲明】本站部分內(nèi)容來(lái)源于互聯(lián)網(wǎng),旨在幫助大家更快的解決問(wèn)題,如果有圖片或者內(nèi)容侵犯了您的權(quán)益,請(qǐng)聯(lián)系我們刪除處理,感謝您的支持!

相關(guān)文檔推薦

ASP.NET Core authenticating with Azure Active Directory and persisting custom Claims across requests(ASP.NET Core 使用 Azure Active Directory 進(jìn)行身份驗(yàn)證并跨請(qǐng)求保留自定義聲明)
ASP.NET Core 2.0 Web API Azure Ad v2 Token Authorization not working(ASP.NET Core 2.0 Web API Azure Ad v2 令牌授權(quán)不起作用)
ASP Core Azure Active Directory Login use roles(ASP Core Azure Active Directory 登錄使用角色)
How do I get Azure AD OAuth2 Access Token and Refresh token for Daemon or Server to C# ASP.NET Web API(如何獲取守護(hù)進(jìn)程或服務(wù)器到 C# ASP.NET Web API 的 Azure AD OAuth2 訪問(wèn)令牌和刷新令牌) - IT屋-程序員軟件開(kāi)發(fā)技
.Net Core 2.0 - Get AAD access token to use with Microsoft Graph(.Net Core 2.0 - 獲取 AAD 訪問(wèn)令牌以與 Microsoft Graph 一起使用)
Azure KeyVault Active Directory AcquireTokenAsync timeout when called asynchronously(異步調(diào)用時(shí) Azure KeyVault Active Directory AcquireTokenAsync 超時(shí))
主站蜘蛛池模板: 成人国产精品免费观看视频 | 日韩精品一 | 国产美女h视频 | 刘亦菲国产毛片bd | 天天操操| 日日夜夜精品视频 | 美女黄18岁以下禁止观看 | 欧美一级毛片久久99精品蜜桃 | 久久精品一级 | 欧美精品片 | 国产在线看片 | 亚洲一区二区三区免费在线 | 久久国产精品免费一区二区三区 | 成人综合在线视频 | 免费观看黄色一级片 | 国产亚洲区 | 欧美区在线观看 | 亚洲国产一区二区三区在线观看 | 国产成人精品一区二区三区视频 | 特级做a爰片毛片免费看108 | 99热99| 亚洲成人精品一区二区 | 免费一级黄色录像 | 国产高清在线观看 | 久草院线 | 日本三级播放 | 国产99免费| 色视频在线免费观看 | 免费久久网 | 在线视频中文字幕 | 一区在线观看 | 91麻豆精品国产91久久久久久久久 | av一二三区 | 农村真人裸体丰满少妇毛片 | 成人久久18免费 | 久精品视频| 伊人网站在线 | 情侣酒店偷拍一区二区在线播放 | 国产精品久久久久久 | 日本人麻豆 | 精品国产一区三区 |