Asp.net mvc Azure广告在登录问题后,在Web浏览器(Chrome、Firefox)中声明为空
从Azure AD登录后,我获得了基于声明的身份,例如用户名、Logi Email null,并且在浏览器Chrome、Firefox中验证也是错误的,但在Microsoft Edge中没有。这通常是随机发生的,当我注销并重新登录Chrome浏览器时,用户身份验证在调试模式下显示为false,声明为null。让我知道问题所在,我已经研究过了,但没有结果 注意-AddAuthentication().AddOpenIdConnect适用于asp.netcore,其中我使用的是asp.net mvc 5Asp.net mvc Azure广告在登录问题后,在Web浏览器(Chrome、Firefox)中声明为空,asp.net-mvc,azure,cookies,azure-active-directory,claims-based-identity,Asp.net Mvc,Azure,Cookies,Azure Active Directory,Claims Based Identity,从Azure AD登录后,我获得了基于声明的身份,例如用户名、Logi Email null,并且在浏览器Chrome、Firefox中验证也是错误的,但在Microsoft Edge中没有。这通常是随机发生的,当我注销并重新登录Chrome浏览器时,用户身份验证在调试模式下显示为false,声明为null。让我知道问题所在,我已经研究过了,但没有结果 注意-AddAuthentication().AddOpenIdConnect适用于asp.netcore,其中我使用的是asp.net mvc
app.UseOpenIdConnectAuthentication(
new OpenIdConnectAuthenticationOptions
{
// AuthenticationMode = AuthenticationMode.Passive,
ClientId = ClientId,
Authority = AuthenticationConfig.Authority,
RedirectUri = AuthenticationConfig.RedirectUri,
PostLogoutRedirectUri = AuthenticationConfig.PostLogoutRedirectUri,
Scope = AuthenticationConfig.BasicSignInScopes,
ResponseType = OpenIdConnectResponseType.IdToken,
TokenValidationParameters = new TokenValidationParameters() { ValidateIssuer = false, NameClaimType = "name" }, //this.BuildTokenValidationParameters(),
Notifications = new OpenIdConnectAuthenticationNotifications()
{
RedirectToIdentityProvider = (context) =>
{
// This ensures that the address used for sign in and sign out is picked up dynamically from the request
// this allows you to deploy your app (to Azure Web Sites, for example)without having to change settings
// Remember that the base URL of the address used here must be provisioned in Azure AD beforehand.
string appRedirectUri = string.Format("{0}://{1}{2}", context.Request.Scheme, (context.Request.Host.ToString() + context.Request.PathBase), AuthenticationConfig.RedirectUriAbsolutePath);
string postLogOutRedirectUri = string.Format("{0}://{1}{2}", context.Request.Scheme, (context.Request.Host.ToString() + context.Request.PathBase), "/Dashboard/Index");
context.ProtocolMessage.RedirectUri = appRedirectUri;
context.ProtocolMessage.PostLogoutRedirectUri = postLogOutRedirectUri;
return Task.FromResult(0);
},
SecurityTokenValidated = (context) =>
{
// retrieve caller data from the incoming principal
//string issuer = context.AuthenticationTicket.Identity.FindFirst("iss").Value;
//string Upn = context.AuthenticationTicket.Identity.FindFirst(ClaimTypes.Name).Value;
//string tenantId = context.AuthenticationTicket.Identity.FindFirst("http://schemas.microsoft.com/identity/claims/tenantid").Value;
//if (
// //the caller comes from an admin-consented, recorded issuer
// (this.db.Tenants.FirstOrDefault(a => ((a.IssValue == issuer) && (a.AdminConsented))) == null)
// // the caller is recorded in the db of users who went through the individual on-boarding
// && (this.db.Users.FirstOrDefault(b => ((b.UPN == Upn) && (b.TenantID == tenantId))) == null)
// )
// // the caller was neither from a trusted issuer or a registered user -throw to block the authentication flow
// throw new UnauthorizedAccessException("Please use the Sign-up link to sign -up for the ToDo list application.");
return Task.FromResult(0);
},
AuthorizationCodeReceived = (context) =>
{
//var code = context.Code;
//ClientCredential credential = new ClientCredential(ClientId, AppKey);
//string tenantId = context.AuthenticationTicket.Identity.FindFirst("http://schemas.microsoft.com/identity/claims/tenantid").Value;
//string signedInUserId = context.AuthenticationTicket.Identity.FindFirst(ClaimTypes.NameIdentifier).Value;
//AuthenticationContext authContext = new AuthenticationContext(AadInstance + tenantId, new ADALTokenCache(signedInUserId));
//// The following operation fetches a token for Microsoft graph and caches it in the token cache
//AuthenticationResult result = authContext.AcquireTokenByAuthorizationCodeAsync(
// code, new Uri(HttpContext.Current.Request.Url.GetLeftPart(UriPartial.Path)), credential, GraphResourceId).Result;
return Task.FromResult(0);
},
AuthenticationFailed = (context) =>
{
context.Response.Redirect("/Error/ShowError?signIn=true&errorMessage=" + context.Exception.Message);
context.HandleResponse(); // Suppress the exception
return Task.FromResult(0);
}
},
SignInAsAuthenticationType = "Cookies"
});
}
所以经过一周的研究。Startup.Auth.cs中的以下代码解决了我的问题。 参考:
app.UseCookieAuthentication(new CookieAuthenticationOptions
{
CookieManager = new SystemWebCookieManager()
});