Asp.net core Nopokta集成
我有以下资料:Asp.net core Nopokta集成,asp.net-core,asp.net-core-mvc,openid,nopcommerce,okta,Asp.net Core,Asp.net Core Mvc,Openid,Nopcommerce,Okta,我有以下资料: Okta身份管理,带自定义身份验证服务器 .net核心web应用程序 .net核心web api应用程序 Nopcommerce 4.2 web应用程序 所有都在Azure应用程序服务中运行。我构建的web应用程序和api应用程序配合得非常好。web应用程序将身份验证承载令牌传递给API,API使用Aspnetcore.Okta中间件对其进行验证 然而,我现在需要把我的Nopcommerce应用程序带到这个领域。我花了3天的时间尝试构建一个插件——即使是一个基本上什么都不做的
- Okta身份管理,带自定义身份验证服务器
- .net核心web应用程序
- .net核心web api应用程序
- Nopcommerce 4.2 web应用程序
你认为这是最好的方法吗?或者我应该按照1-4中相同的步骤,除了在4之后,将用户发送回Nopcomm站点,并在查询字符串中使用令牌,然后在Nopcomm端手动验证它?我想我会分享我的测试结果,因为它发现了一些我真的没有想到的事情。也许你们中的大多数人都知道这些事情,但对我来说,它们确实很棘手 我学到的第一件重要的事情是,你必须明确你的应用程序问题的挑战类型。如果您是自托管登录页面,则需要使用:
services.AddAuthentication(options =>
{
options.DefaultAuthenticateScheme = CookieAuthenticationDefaults.AuthenticationScheme;
options.DefaultSignInScheme = CookieAuthenticationDefaults.AuthenticationScheme;
options.DefaultChallengeScheme = CookieAuthenticationDefaults.AuthenticationScheme;
})
如果您正在使用Okta(或其他openId提供商)登录页面,则需要发出不同类型的质询:
builder.Services.AddAuthentication(options =>
{
options.DefaultAuthenticateScheme = CookieAuthenticationDefaults.AuthenticationScheme;
options.DefaultSignInScheme = CookieAuthenticationDefaults.AuthenticationScheme;
options.DefaultChallengeScheme = OpenIdConnectDefaults.AuthenticationScheme;
})
我学到的是,如果您在ASP.NET核心应用程序中使用OpenID Connect,并且您自托管登录页面,那么流程有点像这样:
var oktaMvcOptions = new OktaMvcOptions()
{
OktaDomain = oktaDomain,
ClientId = clientId,
ClientSecret = clientSecret,
Scope = new List<string> { "openid", "profile", "email", "address", "groups" },
AuthorizationServerId = authServerId,
GetClaimsFromUserInfoEndpoint = true
};
services.Configure<CookiePolicyOptions>(options =>
{
// This lambda determines whether user consent for non-essential cookies is needed for a given request.
options.CheckConsentNeeded = context => true;
options.MinimumSameSitePolicy = SameSiteMode.None;
});
CloudStorageAccount storageAccount = CloudStorageAccount.Parse(storageConnectionString);
CloudBlobClient blobClient = storageAccount.CreateCloudBlobClient();
CloudBlobContainer container = blobClient.GetContainerReference(storageContainerName);
var blob = container.GetBlockBlobReference("somefilename.xml");
services.AddDataProtection().SetApplicationName("somesharedappname").PersistKeysToAzureBlobStorage(blob);
services.AddAuthentication(options =>
{
options.DefaultAuthenticateScheme = CookieAuthenticationDefaults.AuthenticationScheme;
options.DefaultSignInScheme = CookieAuthenticationDefaults.AuthenticationScheme;
options.DefaultChallengeScheme = CookieAuthenticationDefaults.AuthenticationScheme;
})
.AddCookie(options =>
{
options.LoginPath = new PathString("/Account/SignIn");
options.Cookie.Name = "somesharedcookiename";
})
.AddOktaMvc(oktaMvcOptions);
var-oktaMvcOptions=new-oktaMvcOptions()
{
Oktomain=Oktomain,
ClientId=ClientId,
ClientSecret=ClientSecret,
范围=新列表{“openid”、“profile”、“email”、“address”、“groups”},
AuthorizationServerId=authServerId,
GetClaimsFromUserInfoEndpoint=true
};
配置(选项=>
{
//此lambda确定给定请求是否需要非必要cookie的用户同意。
options.checkApprovered=context=>true;
options.MinimumSameSitePolicy=SameSiteMode.None;
});
CloudStorageAccount-storageAccount=CloudStorageAccount.Parse(storageConnectionString);
CloudBlobClient blobClient=storageAccount.CreateCloudBlobClient();
CloudBlobContainer container=blobClient.GetContainerReference(storageContainerName);
var blob=container.GetBlockBlobReference(“somefilename.xml”);
services.AddDataProtection();
services.AddAuthentication(选项=>
{
options.DefaultAuthenticateScheme=CookieAuthenticationDefaults.AuthenticationScheme;
options.defaultsignnscheme=CookieAuthenticationDefaults.AuthenticationScheme;
options.DefaultChallengeScheme=CookieAuthenticationDefaults.AuthenticationScheme;
}
var oktaMvcOptions = new OktaMvcOptions()
{
OktaDomain = oktaDomain,
ClientId = clientId,
ClientSecret = clientSecret,
Scope = new List<string> { "openid", "profile", "email", "address", "groups" },
AuthorizationServerId = authServerId,
GetClaimsFromUserInfoEndpoint = true
};
services.Configure<CookiePolicyOptions>(options =>
{
// This lambda determines whether user consent for non-essential cookies is needed for a given request.
options.CheckConsentNeeded = context => true;
options.MinimumSameSitePolicy = SameSiteMode.None;
});
CloudStorageAccount storageAccount = CloudStorageAccount.Parse(storageConnectionString);
CloudBlobClient blobClient = storageAccount.CreateCloudBlobClient();
CloudBlobContainer container = blobClient.GetContainerReference(storageContainerName);
var blob = container.GetBlockBlobReference("somefilename.xml");
services.AddDataProtection().SetApplicationName("somesharedappname").PersistKeysToAzureBlobStorage(blob);
services.AddAuthentication(options =>
{
options.DefaultAuthenticateScheme = CookieAuthenticationDefaults.AuthenticationScheme;
options.DefaultSignInScheme = CookieAuthenticationDefaults.AuthenticationScheme;
options.DefaultChallengeScheme = CookieAuthenticationDefaults.AuthenticationScheme;
})
.AddCookie(options =>
{
options.LoginPath = new PathString("/Account/SignIn");
options.Cookie.Name = "somesharedcookiename";
})
.AddOktaMvc(oktaMvcOptions);