Azure Umbraco 7.6的Active Directory身份验证陷入了重新定向循环
我目前正在使用一个Umbraco库来扩展身份验证的可能性,并使用Active Directory启用后台身份验证 安装库并阅读下面的博客文章后,我能够显示一个外部登录按钮,通过Active Directory进行身份验证,并向Umbraco数据库添加用户和外部登录 然后以连续循环的方式将您发送回/umbraco登录页面。如本文所述 有人面对这个问题并解决了吗?或者有什么有用的建议 正在使用的代码Azure Umbraco 7.6的Active Directory身份验证陷入了重新定向循环,azure,authentication,active-directory,owin,umbraco,Azure,Authentication,Active Directory,Owin,Umbraco,我目前正在使用一个Umbraco库来扩展身份验证的可能性,并使用Active Directory启用后台身份验证 安装库并阅读下面的博客文章后,我能够显示一个外部登录按钮,通过Active Directory进行身份验证,并向Umbraco数据库添加用户和外部登录 然后以连续循环的方式将您发送回/umbraco登录页面。如本文所述 有人面对这个问题并解决了吗?或者有什么有用的建议 正在使用的代码 public static void ConfigureBackOfficeAzureAc
public static void ConfigureBackOfficeAzureActiveDirectoryAuth(this IAppBuilder app,
string tenant, string clientId, string postLoginRedirectUri, Guid issuerId,
string caption = "Active Directory", string style = "btn-microsoft", string icon = "fa-windows")
{
var authority = string.Format(
CultureInfo.InvariantCulture,
"https://login.microsoftonline.com/{0}",
tenant);
var adOptions = new OpenIdConnectAuthenticationOptions
{
SignInAsAuthenticationType = Constants.Security.BackOfficeExternalAuthenticationType,
ClientId = clientId,
Authority = authority,
RedirectUri = postLoginRedirectUri,
AuthenticationMode = AuthenticationMode.Passive,
Notifications = new OpenIdConnectAuthenticationNotifications
{
AuthorizationCodeReceived = async context =>
{
if (System.Diagnostics.Debugger.IsAttached)
System.Diagnostics.Debugger.Break();
var userService = ApplicationContext.Current.Services.UserService;
var stuff = (List<Claim>)context.JwtSecurityToken.Claims;
var email = stuff.FirstOrDefault(x => x.Type == "unique_name").Value;
var issuer = stuff.FirstOrDefault(x => x.Type == "iss").Value;
var providerKey = stuff.FirstOrDefault(x => x.Type == "sub").Value;
var name = stuff.FirstOrDefault(x => x.Type == "name").Value;
var userManager = context.OwinContext.GetUserManager<BackOfficeUserManager>();
var user = userService.GetByEmail(email);
if (user == null)
{
var writerUserType = userService.GetUserTypeByName("writer");
user = userService.CreateUserWithIdentity(email, email, writerUserType);
}
var identity = await userManager.FindByEmailAsync(email);
if (identity.Logins.All(x => x.ProviderKey != providerKey))
{
identity.Logins.Add(new IdentityUserLogin(issuer, providerKey, user.Id));
identity.Name = name;
var result = userManager.Update(identity);
}
},
}
};
adOptions.ForUmbracoBackOffice(style, icon);
adOptions.Caption = caption;
//Need to set the auth type as the issuer path
adOptions.AuthenticationType = string.Format(
CultureInfo.InvariantCulture,
"https://sts.windows.net/{0}/",
issuerId);
adOptions.SetExternalSignInAutoLinkOptions(new ExternalSignInAutoLinkOptions(autoLinkExternalAccount: true));
app.UseOpenIdConnectAuthentication(adOptions);
}
public static void ConfigureBackOfficeAzureActiveDirectoryAuth(此IAppBuilder应用程序,
字符串租户、字符串clientId、字符串PostLoginDirectUri、Guid issuerId、,
string caption=“Active Directory”,string style=“btn microsoft”,string icon=“fa windows”)
{
var authority=string.Format(
CultureInfo.InvariantCulture,
"https://login.microsoftonline.com/{0}",
承租人);
var adOptions=新的OpenIdConnectAuthenticationOptions
{
SignInAsAuthenticationType=Constants.Security.BackOfficeExternalAuthenticationType,
ClientId=ClientId,
权威=权威,
RedirectUri=postLoginRedirectUri,
AuthenticationMode=AuthenticationMode.Passive,
通知=新的OpenIdConnectAuthenticationNotifications
{
AuthorizationCodeReceived=异步上下文=>
{
if(System.Diagnostics.Debugger.IsAttached)
System.Diagnostics.Debugger.Break();
var userService=ApplicationContext.Current.Services.userService;
var stuff=(List)context.JwtSecurityToken.Claims;
var email=stuff.FirstOrDefault(x=>x.Type==“unique_name”).Value;
var issuer=stuff.FirstOrDefault(x=>x.Type==“iss”).Value;
var providerKey=stuff.FirstOrDefault(x=>x.Type==“sub”).Value;
var name=stuff.FirstOrDefault(x=>x.Type==“name”).Value;
var userManager=context.OwinContext.GetUserManager();
var user=userService.GetByEmail(电子邮件);
if(user==null)
{
var writerUserType=userService.GetUserTypeByName(“writer”);
user=userService.CreateUserWithIdentity(电子邮件、电子邮件、writerUserType);
}
var identity=await userManager.findbyemailsync(电子邮件);
if(identity.Logins.All(x=>x.ProviderKey!=ProviderKey))
{
identity.Logins.Add(新IdentityUserLogin(issuer、providerKey、user.Id));
identity.Name=名称;
var result=userManager.Update(标识);
}
},
}
};
采用。ForUmbracoBackOffice(样式、图标);
收养。字幕=字幕;
//需要将身份验证类型设置为颁发者路径
adOptions.AuthenticationType=string.Format(
CultureInfo.InvariantCulture,
"https://sts.windows.net/{0}/",
发行人ID);
setexternalsignationalinkoptions(新的externalsignationalinkoptions(autoLinkExternalAccount:true));
app.UseOpenIdConnectAuthentication(采用);
}
您是否收到任何错误消息?您可以使用Fiddler捕获请求以进行检查。通过Fiddler未出现任何错误。我们已经试过了,但这不是一个坏建议。我没有通过创建一个新项目并从头安装所有组件来修复这个问题。更新:问题在于使用Redis缓存。你解决了这个问题吗?如果不介意,您是否介意分享有关如何使用Redis缓存的代码以及根本原因?我注意到,使用AD登录会定期停止工作(循环会使其再次工作)。你看到了吗@杰瑟顿