Authentication 除了Cookie身份验证方案之外,如何添加身份验证处理程序?
我已将AddOpenIdConnect添加到我的ASP.NET Core 3.1 Razor应用程序的ConfigureServices方法中。AddOpenIdConnect用于配置执行OpenIDConnect协议的处理程序,以从身份提供程序获取令牌。但我不想将令牌存储在cookies中,而是存储在内存或数据库中。 你知道如何做到这一点吗 我在starup.cs中添加了身份验证处理程序,如下所示Authentication 除了Cookie身份验证方案之外,如何添加身份验证处理程序?,authentication,.net-core,oauth-2.0,openid-connect,Authentication,.net Core,Oauth 2.0,Openid Connect,我已将AddOpenIdConnect添加到我的ASP.NET Core 3.1 Razor应用程序的ConfigureServices方法中。AddOpenIdConnect用于配置执行OpenIDConnect协议的处理程序,以从身份提供程序获取令牌。但我不想将令牌存储在cookies中,而是存储在内存或数据库中。 你知道如何做到这一点吗 我在starup.cs中添加了身份验证处理程序,如下所示 services.AddAuthentication(options =>
services.AddAuthentication(options =>
{
options.DefaultAuthenticateScheme =
CookieAuthenticationDefaults.AuthenticationScheme;
options.DefaultSignInScheme = CookieAuthenticationDefaults.AuthenticationScheme;
options.DefaultChallengeScheme = OpenIdConnectDefaults.AuthenticationScheme;
}).AddCookie()
.AddOpenIdConnect(options =>
{
options.ClientId = Configuration.GetValue<string>("Okta:ClientId");
options.ClientSecret = Configuration.GetValue<string>("Okta:ClientSecret");
options.Authority = $"{Configuration.GetValue<string>
("Okta:Authorization")}";
options.CallbackPath = "/api/callback";
options.SignedOutCallbackPath = "/api/signout-callback";
options.ResponseType = "code";
options.SaveTokens = true;
options.UseTokenLifetime = false;
options.GetClaimsFromUserInfoEndpoint = true;
options.Scope.Add("openid");
options.Scope.Add("profile");
options.Scope.Add("email");
options.Scope.Add("offline_access");
options.TokenValidationParameters = new TokenValidationParameters
{
NameClaimType = "name",
RoleClaimType = "role"
};
options.Events = new OpenIdConnectEvents()
{
OnUserInformationReceived = context =>
{
string rawAccessToken = context.ProtocolMessage.AccessToken;
string rawIdToken = context.ProtocolMessage.IdToken;
string rawRefreshToken = context.ProtocolMessage.RefreshToken;
var handler = new JwtSecurityTokenHandler();
var accessToken = handler.ReadJwtToken(rawAccessToken);
var idToken = handler.ReadJwtToken(rawIdToken);
// do something with the JWTs
var userClaims = new List<Claim>()
{
new Claim("accessToken",rawAccessToken),
new Claim("idToken", rawIdToken)
// new Claim("refreshToken", rawRefreshToken)
};
var userIdentity = new ClaimsIdentity(userClaims, "Okta Identity");
var userPrincipal = new ClaimsPrincipal(new[] { userIdentity });
context.Principal = userPrincipal;
return Task.CompletedTask;
},
};
});
services.AddHttpClient();
services.AddAuthorization();
services.AddControllersWithViews();
services.AddAuthentication(选项=>
{
options.DefaultAuthenticateScheme=
CookieAuthenticationDefaults.AuthenticationScheme;
options.defaultsignnscheme=CookieAuthenticationDefaults.AuthenticationScheme;
options.DefaultChallengeScheme=OpenIdConnectDefaults.AuthenticationScheme;
}).AddCookie()
.AddOpenIdConnect(选项=>
{
options.ClientId=Configuration.GetValue(“Okta:ClientId”);
options.ClientSecret=Configuration.GetValue(“Okta:ClientSecret”);
options.Authority=$“{Configuration.GetValue
(“Okta:授权”)};
options.CallbackPath=“/api/callback”;
options.SignedOutCallbackPath=“/api/signout callback”;
options.ResponseType=“code”;
options.SaveTokens=true;
options.UseTokenLifetime=false;
options.GetClaimsFromUserInfoEndpoint=true;
options.Scope.Add(“openid”);
选项。范围。添加(“配置文件”);
选项。范围。添加(“电子邮件”);
options.Scope.Add(“脱机访问”);
options.TokenValidationParameters=新的TokenValidationParameters
{
NameClaimType=“name”,
RoleClaimType=“角色”
};
options.Events=new OpenIdConnectEvents()
{
OnUserInformation Received=上下文=>
{
字符串rawAccessToken=context.ProtocolMessage.AccessToken;
字符串rawIdToken=context.ProtocolMessage.IdToken;
字符串rawrefreshttoken=context.ProtocolMessage.refreshttoken;
var handler=新的JwtSecurityTokenHandler();
var accessToken=handler.ReadJwtToken(rawAccessToken);
var idToken=handler.ReadJwtToken(rawIdToken);
//对JWTs做些什么
var userClaims=新列表()
{
新索赔(“accessToken”,rawAccessToken),
新索赔(“idToken”,rawIdToken)
//新索赔(“refreshToken”,rawRefreshToken)
};
var userIdentity=新的索赔实体(userClaims,“Okta标识”);
var userPrincipal=newclaimsprincipal(new[]{userIdentity});
context.Principal=userPrincipal;
返回Task.CompletedTask;
},
};
});
services.AddHttpClient();
services.AddAuthorization();
services.AddControllersWithViews();
你知道我该怎么做吗