問題描述

我正在使用 Asp.net Identity (OWIN) 構建一個 ASP.NET MVC 5 網站，并希望同時支持傳統的用戶名/密碼身份驗證以及針對 Azure Active Directory 的身份驗證.此應用不需要針對 Microsoft ID (Live ID)、Facebook、Twitter 或任何其他外部提供商進行身份驗證.我發現的最接近的 SO 問題是:如何在 ASP.NET MVC 上同時執行 Azure Active Directory 單點登錄和表單身份驗證

I'm building an ASP.NET MVC 5 web site using Asp.net Identity (OWIN) and want to support both traditional username/password authentication as well as authentication against Azure Active Directory. This app does not need to authenticate against Microsoft IDs (Live IDs), Facebook, Twitter or any of the other external providers. The closest SO question I found is this one: How to do both Azure Active Directory Single Sign On and Forms Authentications on ASP.NET MVC

我查看了使用 VS 2015 中的個人用戶帳戶"選項以及工作和學校帳戶"選項創建項目時創建的示例.我的身份驗證單獨運行良好；只有當我嘗試將它們結合起來時才會遇到問題.

I've looked at the samples that get created when you create a project using the "Individual User Accounts" option as well as the "Work and School Accounts" option in VS 2015. I have authentication working well individually; it's only when I try to combine them that I'm running into problems.

在我的 Startup_Auth.cs 文件中，我正在像這樣配置 OWIN:

In my Startup_Auth.cs file, I am configuring OWIN like this:

    public void ConfigureAuth(IAppBuilder app)
    {

        app.SetDefaultSignInAsAuthenticationType(CookieAuthenticationDefaults.AuthenticationType);

        //app.UseCookieAuthentication(new CookieAuthenticationOptions { });

        app.UseCookieAuthentication(new CookieAuthenticationOptions
        {
            AuthenticationType = DefaultAuthenticationTypes.ExternalCookie,
            LoginPath = new PathString("/account/sign-in")
        });

        app.UseOpenIdConnectAuthentication(
            new OpenIdConnectAuthenticationOptions
            {
                ClientId = clientId,
                Authority = authority,
                TokenValidationParameters = new System.IdentityModel.Tokens.TokenValidationParameters
                {
                    ValidateIssuer = false,
                },
                Notifications = new OpenIdConnectAuthenticationNotifications()
                {
                    SecurityTokenValidated = (context) => 
                    {
                        return Task.FromResult(0);
                    },
                    AuthorizationCodeReceived = (context) =>
                    {
                        return Task.FromResult(0);
                    },
                    AuthenticationFailed = (context) =>
                    {
                        context.OwinContext.Response.Redirect("/Home/Error");
                        context.HandleResponse(); // Suppress the exception
                        return Task.FromResult(0);
                    }
                }
            }
        );
    }  

此配置適用于密碼身份驗證，但不適用于 AAD 身份驗證.要啟用 AAD 身份驗證，我需要注釋掉設置 AuthenticationType 的行

This configuration works for password authentication, but doesn't work for AAD authentication. To enable AAD authentication I need to either comment out the line setting the AuthenticationType

AuthenticationType = DefaultAuthenticationTypes.ExternalCookie,

或者，只設置沒有值的 CookieAuthentication.

Or, just set CookieAuthentication with no values.

app.UseCookieAuthentication(new CookieAuthenticationOptions { });

我猜想有一個相對簡單的方法來解決這個問題，并且會很感激一些關于從哪里開始尋找的想法.

I'd guess that there is a relatively simple approach to this and would appreciate some ideas on where to start looking.

推薦答案

我搜索了微軟的例子.所有這些看起來都像您的解決方案.看這里:

I searched examples from Microsoft. And all of them look like your solution. Look here:

1. WebApp-WSFederation-DotNet
2. WebApp-MultiTenant-OpenIdConnect-DotNet
3. WebApp-OpenIDConnect-DotNet

另一個例子是這里 WindowsAzureActiveDirectoryBearerAuthenticationOptions

這篇關于使用密碼和 Azure Active Directory 身份驗證的 Asp.net Identity的文章就介紹到這了，希望我們推薦的答案對大家有所幫助，也希望大家多多支持html5模板網！