Warning: file_get_contents(/data/phpspider/zhask/data//catemap/8/mysql/65.json): failed to open stream: No such file or directory in /data/phpspider/zhask/libs/function.php on line 167

Warning: Invalid argument supplied for foreach() in /data/phpspider/zhask/libs/tag.function.php on line 1116

Notice: Undefined index: in /data/phpspider/zhask/libs/function.php on line 180

Warning: array_chunk() expects parameter 1 to be array, null given in /data/phpspider/zhask/libs/function.php on line 181
具有.NET核心Web API的OAuth Angular SPA代码授权_Angular_Authentication_Asp.net Core_Oauth_Azure Active Directory - Fatal编程技术网
Fatal编程技术网
  • angular/
  • 具有.NET核心Web API的OAuth Angular SPA代码授权

具有.NET核心Web API的OAuth Angular SPA代码授权

angular authentication asp.net-core oauth azure-active-directory

具有.NET核心Web API的OAuth Angular SPA代码授权,angular,authentication,asp.net-core,oauth,azure-active-directory,Angular,Authentication,Asp.net Core,Oauth,Azure Active Directory,目前正在我们的.NET核心Web API中实现AzureAD身份验证。这需要与Angular 7前端交互,与另一个域上的API交互 在以前用PHP编写的应用程序迭代中,我们的身份验证流程是: 前端将未经身份验证的用户重定向到,但在此基础上,没有多少运气得到同样的想法 [HttpGet(nameof(Login))] [AllowAnonymous] public IActionResult Login() { return Challenge(new AuthenticationProp

目前正在我们的.NET核心Web API中实现AzureAD身份验证。这需要与Angular 7前端交互,与另一个域上的API交互

在以前用PHP编写的应用程序迭代中,我们的身份验证流程是:

  • 前端将未经身份验证的用户重定向到
    ,但在此基础上,没有多少运气得到同样的想法
    

    [HttpGet(nameof(Login))]
[AllowAnonymous]
public IActionResult Login()
{
    return Challenge(new AuthenticationProperties
    {
        RedirectUri = "/api/auth/postcallback"
    }, "azuread");
}

    

    [HttpGet(nameof(PostCallback))]
[Authorize]
public IActionResult PostCallback()
{
    var tokenHandler = new JwtSecurityTokenHandler();
    var key = Encoding.ASCII.GetBytes(_configuration["Tokens:Key"]);

    var tokenDescriptor = new SecurityTokenDescriptor
    {
        Subject = new ClaimsIdentity(HttpContext.User.Claims),
        Expires = DateTime.UtcNow.AddHours(6),
        SigningCredentials = new SigningCredentials(new SymmetricSecurityKey(key), SecurityAlgorithms.HmacSha512Signature)
    };

    var token = tokenHandler.CreateToken(tokenDescriptor);

    return new JsonResult(new { token = tokenHandler.WriteToken(token) });
}

    

    var auth = services.AddAuthentication(CookieAuthenticationDefaults.AuthenticationScheme);
auth.AddCookie();

auth.AddJwtBearer(opt =>
{
    opt.TokenValidationParameters = new TokenValidationParameters
    {
        ValidateIssuerSigningKey = true,
        IssuerSigningKey = signingKey,

        ClockSkew = TimeSpan.FromHours(6),
        ValidateLifetime = true
    };
});

auth.AddOAuth("azuread", opt =>
{
    opt.ClientId = Configuration["Auth:ClientId"];
    opt.ClientSecret = Configuration["Auth:ClientSecret"];

    opt.CallbackPath = "/api/auth/callback";

    opt.AuthorizationEndpoint = Configuration["Auth:AuthEndpoint"];
    opt.TokenEndpoint = Configuration["Auth:TokenEndpoint"];
    opt.UserInformationEndpoint = Configuration["Auth:UserInformationEndpoint"];

    // claims/scopes/events removed from here
});

    

    [HttpGet(nameof(Callback))]
[AllowAnonymous]
public async Task<IActionResult> Callback()
{
    var result = await HttpContext.AuthenticateAsync();

    await HttpContext.SignInAsync(result.Principal);

    if(!result.Succeeded)
    {
        return Unauthorized();
    }

    var tokenHandler = new JwtSecurityTokenHandler();
    var key = Encoding.ASCII.GetBytes(_configuration["Tokens:Key"]);

    var tokenDescriptor = new SecurityTokenDescriptor
    {
        Subject = new ClaimsIdentity(HttpContext.User.Claims),
        Expires = DateTime.UtcNow.AddHours(6),
        SigningCredentials = new SigningCredentials(new SymmetricSecurityKey(key), SecurityAlgorithms.HmacSha512Signature)
    };

    var token = tokenHandler.CreateToken(tokenDescriptor);

    return new JsonResult(new { token = tokenHandler.WriteToken(token) });
}