久久久久久久av_日韩在线中文_看一级毛片视频_日本精品二区_成人深夜福利视频_武道仙尊动漫在线观看

使用 Authentication.AzureAD.UI 庫(kù)時(shí)實(shí)現(xiàn) OpenIdConnectOp

Implementing OpenIdConnectOptions Events when using Authentication.AzureAD.UI Library(使用 Authentication.AzureAD.UI 庫(kù)時(shí)實(shí)現(xiàn) OpenIdConnectOptions 事件)
本文介紹了使用 Authentication.AzureAD.UI 庫(kù)時(shí)實(shí)現(xiàn) OpenIdConnectOptions 事件的處理方法,對(duì)大家解決問(wèn)題具有一定的參考價(jià)值,需要的朋友們下面隨著小編來(lái)一起學(xué)習(xí)吧!

問(wèn)題描述

限時(shí)送ChatGPT賬號(hào)..

我一直在使用從示例創(chuàng)建的庫(kù),允許我使用 Azure Active Directory 對(duì) .NET 核心 Web 應(yīng)用程序進(jìn)行身份驗(yàn)證,并利用各種 OpenIdConnectOptions 事件(例如 OnTokenValidated) 向主體添加某些聲明,并將該數(shù)據(jù)添加到類似身份的數(shù)據(jù)庫(kù)中,以便 API 可以根據(jù)其令牌對(duì)調(diào)用者進(jìn)行基于策略的確定.

I have been using a library I created from samples allowing me to authenticate a .NET core web app with Azure Active Directory and to take advantage of the various OpenIdConnectOptions events (e.g. OnTokenValidated) to add certain claims to the principal as well as add that data to an identity-like database so that APIs can make policy-based determinations of the caller based on their token.

但我寧愿使用 Microsoft.AspNetCore.Authentication.AzureAD.UI NuGet 包而不是我的自定義變體,我只是不確定如何訪問(wèn)和訪問(wèn) OpenIdConnectOptions.

But I would just rather use the Microsoft.AspNetCore.Authentication.AzureAD.UI NuGet package than my customized variation, I am just not sure how to reach in and access the event on the OpenIdConnectOptions.

我不知道這是否無(wú)法完成,或者我只是沒(méi)有足夠的依賴注入處理來(lái)弄清楚如何做到這一點(diǎn).

I don't know if it's not something that can be done, or I just haven't got enough of a handle on dependency injection to figure out how to do that.

或者我應(yīng)該考慮在流程的不同部分添加聲明等?

Or should I consider adding claims, etc. in a different part of the process?

public static AuthenticationBuilder AddAzureAD(
    this AuthenticationBuilder builder,
    string scheme,
    string openIdConnectScheme,
    string cookieScheme,
    string displayName,
    Action<AzureADOptions> configureOptions) {

    AddAdditionalMvcApplicationParts(builder.Services);
    builder.AddPolicyScheme(scheme, displayName, o => {
        o.ForwardDefault = cookieScheme;
        o.ForwardChallenge = openIdConnectScheme;
    });

    builder.Services.Configure(
        TryAddOpenIDCookieSchemeMappings(scheme, openIdConnectScheme, cookieScheme));

    builder.Services.TryAddSingleton<IConfigureOptions<AzureADOptions>, AzureADOptionsConfiguration>();

    // They put in their custom OpenIdConnect configuration, but I can't see how to get at the events.
    builder.Services.TryAddSingleton<IConfigureOptions<OpenIdConnectOptions>, OpenIdConnectOptionsConfiguration>();

    builder.Services.TryAddSingleton<IConfigureOptions<CookieAuthenticationOptions>, CookieOptionsConfiguration>();

    builder.Services.Configure(scheme, configureOptions);

    builder.AddOpenIdConnect(openIdConnectScheme, null, o => { });
    builder.AddCookie(cookieScheme, null, o => { });

    return builder;
}

推薦答案

我在這里聚會(huì)可能有點(diǎn)晚了,但我遇到了同樣的問(wèn)題,發(fā)現(xiàn) AzureAD 身份驗(yàn)證中間件的文檔很少.在此處為遇到相同問(wèn)題的其他人添加解決方案.

I might be a little late to the party here, but I've come across the same issue and found that the AzureAD authentication middleware is very sparsely documented. Adding the solution here for others struggling with the same question.

正如您在問(wèn)題的代碼片段底部看到的那樣,AzureAD 提供程序?qū)嶋H上依賴于 OpenIdConnectCookie 身份驗(yàn)證提供程序,而不是自行實(shí)現(xiàn)任何身份驗(yàn)證邏輯.

As you can see at the bottom of the code snippet in the question, the AzureAD provider actually relies on OpenIdConnect and Cookie auth providers under the hoods, and does not implement any authentication logic itself.

為此,添加了兩個(gè)額外的身份驗(yàn)證方案,分別使用定義為 AzureADDefaults.OpenIdSchemeAzureADDefaults.CookieScheme 的名稱.

To accomplish this, two additional authentication schemes are added, using the names defined as AzureADDefaults.OpenIdScheme and AzureADDefaults.CookieScheme, respectively.

(雖然使用 AddAzureAD(this Microsoft.AspNetCore.Authentication.AuthenticationBuilder builder, string scheme, string openIdConnectScheme, string cookieScheme, string displayName, ActionconfigureOptions) 重載).

這反過(guò)來(lái)又允許使用上面的方案名稱配置有效的 OpenIdConnectOptionsCookieAuthenticationOptions,包括訪問(wèn) OpenIdConnectEvents.

That, in turn, allows to configure the effective OpenIdConnectOptions and CookieAuthenticationOptions by using the scheme names from above, including access to OpenIdConnectEvents.

查看這個(gè)完整的例子:

        services.AddAuthentication(AzureADDefaults.AuthenticationScheme)
            .AddAzureAD(options => Configuration.Bind("AzureAd", options));

        services.Configure<OpenIdConnectOptions>(AzureADDefaults.OpenIdScheme, options =>
        {
            options.Events = new OpenIdConnectEvents
            {
                OnRedirectToIdentityProvider = async ctxt =>
                {
                    // Invoked before redirecting to the identity provider to authenticate. This can be used to set ProtocolMessage.State
                    // that will be persisted through the authentication process. The ProtocolMessage can also be used to add or customize
                    // parameters sent to the identity provider.
                    await Task.Yield();
                },
                OnMessageReceived = async ctxt =>
                {
                    // Invoked when a protocol message is first received.
                    await Task.Yield();
                },
                OnTicketReceived = async ctxt =>
                {
                    // Invoked after the remote ticket has been received.
                    // Can be used to modify the Principal before it is passed to the Cookie scheme for sign-in.
                    // This example removes all 'groups' claims from the Principal (assuming the AAD app has been configured
                    // with "groupMembershipClaims": "SecurityGroup"). Group memberships can be checked here and turned into
                    // roles, to be persisted in the cookie.
                    if (ctxt.Principal.Identity is ClaimsIdentity identity)
                    {
                        ctxt.Principal.FindAll(x => x.Type == "groups")
                            .ToList()
                            .ForEach(identity.RemoveClaim);
                    }                        
                    await Task.Yield();
                },
            };
        });

        services.Configure<CookieAuthenticationOptions>(AzureADDefaults.CookieScheme, options =>
        {
            options.Events = new CookieAuthenticationEvents
            {
                // ...
            };
        });

這篇關(guān)于使用 Authentication.AzureAD.UI 庫(kù)時(shí)實(shí)現(xiàn) OpenIdConnectOptions 事件的文章就介紹到這了,希望我們推薦的答案對(duì)大家有所幫助,也希望大家多多支持html5模板網(wǎng)!

【網(wǎng)站聲明】本站部分內(nèi)容來(lái)源于互聯(lián)網(wǎng),旨在幫助大家更快的解決問(wèn)題,如果有圖片或者內(nèi)容侵犯了您的權(quán)益,請(qǐng)聯(lián)系我們刪除處理,感謝您的支持!

相關(guān)文檔推薦

ASP.NET Core authenticating with Azure Active Directory and persisting custom Claims across requests(ASP.NET Core 使用 Azure Active Directory 進(jìn)行身份驗(yàn)證并跨請(qǐng)求保留自定義聲明)
ASP.NET Core 2.0 Web API Azure Ad v2 Token Authorization not working(ASP.NET Core 2.0 Web API Azure Ad v2 令牌授權(quán)不起作用)
ASP Core Azure Active Directory Login use roles(ASP Core Azure Active Directory 登錄使用角色)
How do I get Azure AD OAuth2 Access Token and Refresh token for Daemon or Server to C# ASP.NET Web API(如何獲取守護(hù)進(jìn)程或服務(wù)器到 C# ASP.NET Web API 的 Azure AD OAuth2 訪問(wèn)令牌和刷新令牌) - IT屋-程序員軟件開(kāi)發(fā)技
.Net Core 2.0 - Get AAD access token to use with Microsoft Graph(.Net Core 2.0 - 獲取 AAD 訪問(wèn)令牌以與 Microsoft Graph 一起使用)
Azure KeyVault Active Directory AcquireTokenAsync timeout when called asynchronously(異步調(diào)用時(shí) Azure KeyVault Active Directory AcquireTokenAsync 超時(shí))
主站蜘蛛池模板: 久久精品一级 | 国产一区二区三区在线观看免费 | 亚洲第一在线视频 | 91福利网址| 日本一区二区影视 | 久久久久久国产精品mv | 中文字幕一区二区在线观看 | 丁香一区二区 | 国产精品久久久久久福利一牛影视 | 成人福利网 | 国产在线播 | 国产精品视频二区三区 | 在线欧美视频 | 麻豆毛片 | 日日夜夜精品视频 | 亚洲国产高清高潮精品美女 | 免费国产一区二区 | 欧美日韩中文国产一区发布 | 欧美激情区 | 婷婷不卡 | 天天影视网天天综合色在线播放 | 成人妇女免费播放久久久 | 一区二区三区四区电影视频在线观看 | 国产美女久久久 | 国产精品久久久久久久模特 | 日韩一区二区三区在线视频 | 久久国产一区二区 | 国产一级一级国产 | 97成人免费| 欧美一区二不卡视频 | 亚洲人精品午夜 | 91久久久久久久久久久久久 | 成人精品久久日伦片大全免费 | 熟女毛片 | 欧美成年人| xx视频在线观看 | 精品国产鲁一鲁一区二区张丽 | 日本精品一区二区在线观看 | 久热免费 | 亚洲成人第一页 | 在线观看视频一区 |