Asp.net mvc Azure广告在登录问题后，在Web浏览器（Chrome、Firefox）中声明为空_Asp.net Mvc_Azure_Cookies_Azure Active Directory_Claims Based Identity

Asp.net mvc Azure广告在登录问题后，在Web浏览器（Chrome、Firefox）中声明为空

asp.net-mvc azure cookies azure-active-directory

Asp.net mvc Azure广告在登录问题后，在Web浏览器（Chrome、Firefox）中声明为空,asp.net-mvc,azure,cookies,azure-active-directory,claims-based-identity,Asp.net Mvc,Azure,Cookies,Azure Active Directory,Claims Based Identity,从Azure AD登录后，我获得了基于声明的身份，例如用户名、Logi Email null，并且在浏览器Chrome、Firefox中验证也是错误的，但在Microsoft Edge中没有。这通常是随机发生的，当我注销并重新登录Chrome浏览器时，用户身份验证在调试模式下显示为false，声明为null。让我知道问题所在，我已经研究过了，但没有结果注意-AddAuthentication（）.AddOpenIdConnect适用于asp.netcore，其中我使用的是asp.net mvc

从Azure AD登录后，我获得了基于声明的身份，例如用户名、Logi Email null，并且在浏览器Chrome、Firefox中验证也是错误的，但在Microsoft Edge中没有。这通常是随机发生的，当我注销并重新登录Chrome浏览器时，用户身份验证在调试模式下显示为false，声明为null。让我知道问题所在，我已经研究过了，但没有结果

注意-AddAuthentication（）.AddOpenIdConnect适用于asp.netcore，其中我使用的是asp.net mvc 5

   app.UseOpenIdConnectAuthentication(
            new OpenIdConnectAuthenticationOptions
            {
                // AuthenticationMode = AuthenticationMode.Passive,
                ClientId = ClientId,
                Authority = AuthenticationConfig.Authority,
                RedirectUri = AuthenticationConfig.RedirectUri,
                PostLogoutRedirectUri = AuthenticationConfig.PostLogoutRedirectUri,
                Scope = AuthenticationConfig.BasicSignInScopes,
                ResponseType = OpenIdConnectResponseType.IdToken,
                TokenValidationParameters = new TokenValidationParameters() { ValidateIssuer = false, NameClaimType = "name" },   //this.BuildTokenValidationParameters(),
                Notifications = new OpenIdConnectAuthenticationNotifications()
                {
                    RedirectToIdentityProvider = (context) =>
                    {
                        // This ensures that the address used for sign in and sign out is picked up dynamically from the request
                        // this allows you to deploy your app (to Azure Web Sites, for example)without having to change settings
                        // Remember that the base URL of the address used here must be provisioned in Azure AD beforehand.
                        string appRedirectUri = string.Format("{0}://{1}{2}", context.Request.Scheme, (context.Request.Host.ToString() + context.Request.PathBase), AuthenticationConfig.RedirectUriAbsolutePath);
                        string postLogOutRedirectUri = string.Format("{0}://{1}{2}", context.Request.Scheme, (context.Request.Host.ToString() + context.Request.PathBase), "/Dashboard/Index");
                        context.ProtocolMessage.RedirectUri = appRedirectUri;
                        context.ProtocolMessage.PostLogoutRedirectUri = postLogOutRedirectUri;
                        return Task.FromResult(0);
                    },
                    SecurityTokenValidated = (context) =>
                    {
                        // retrieve caller data from the incoming principal
                        //string issuer = context.AuthenticationTicket.Identity.FindFirst("iss").Value;
                        //string Upn = context.AuthenticationTicket.Identity.FindFirst(ClaimTypes.Name).Value;
                        //string tenantId = context.AuthenticationTicket.Identity.FindFirst("http://schemas.microsoft.com/identity/claims/tenantid").Value;

                        //if (
                        //     //the caller comes from an admin-consented, recorded issuer
                        //    (this.db.Tenants.FirstOrDefault(a => ((a.IssValue == issuer) && (a.AdminConsented))) == null)
                        //            // the caller is recorded in the db of users who went through the individual on-boarding
                        //            && (this.db.Users.FirstOrDefault(b => ((b.UPN == Upn) && (b.TenantID == tenantId))) == null)
                        //            )
                        //           // the caller was neither from a trusted issuer or a registered user -throw to block the authentication flow
                        //            throw new UnauthorizedAccessException("Please use the Sign-up link to sign -up for the ToDo list application.");

                        return Task.FromResult(0);
                    },
                    AuthorizationCodeReceived = (context) =>
                    {
                        //var code = context.Code;
                        //ClientCredential credential = new ClientCredential(ClientId, AppKey);
                        //string tenantId = context.AuthenticationTicket.Identity.FindFirst("http://schemas.microsoft.com/identity/claims/tenantid").Value;
                        //string signedInUserId = context.AuthenticationTicket.Identity.FindFirst(ClaimTypes.NameIdentifier).Value;

                        //AuthenticationContext authContext = new AuthenticationContext(AadInstance + tenantId, new ADALTokenCache(signedInUserId));

                        //// The following operation fetches a token for Microsoft graph and caches it in the token cache
                        //AuthenticationResult result = authContext.AcquireTokenByAuthorizationCodeAsync(
                        //    code, new Uri(HttpContext.Current.Request.Url.GetLeftPart(UriPartial.Path)), credential, GraphResourceId).Result;

                        return Task.FromResult(0);
                    },
                    AuthenticationFailed = (context) =>
                    {
                        context.Response.Redirect("/Error/ShowError?signIn=true&errorMessage=" + context.Exception.Message);
                        context.HandleResponse(); // Suppress the exception
                        return Task.FromResult(0);
                    }
                },
                SignInAsAuthenticationType = "Cookies"
            });
    }

所以经过一周的研究。Startup.Auth.cs中的以下代码解决了我的问题。参考：

app.UseCookieAuthentication(new CookieAuthenticationOptions
        {
            CookieManager = new SystemWebCookieManager()
        });