Fatal编程技术网
  • azure/
  • Azure Umbraco 7.6的Active Directory身份验证陷入了重新定向循环

Azure Umbraco 7.6的Active Directory身份验证陷入了重新定向循环

azure authentication active-directory umbraco

Azure Umbraco 7.6的Active Directory身份验证陷入了重新定向循环,azure,authentication,active-directory,owin,umbraco,Azure,Authentication,Active Directory,Owin,Umbraco,我目前正在使用一个Umbraco库来扩展身份验证的可能性,并使用Active Directory启用后台身份验证 安装库并阅读下面的博客文章后,我能够显示一个外部登录按钮,通过Active Directory进行身份验证,并向Umbraco数据库添加用户和外部登录 然后以连续循环的方式将您发送回/umbraco登录页面。如本文所述 有人面对这个问题并解决了吗?或者有什么有用的建议 正在使用的代码 public static void ConfigureBackOfficeAzureAc

我目前正在使用一个Umbraco库来扩展身份验证的可能性,并使用Active Directory启用后台身份验证

安装库并阅读下面的博客文章后,我能够显示一个外部登录按钮,通过Active Directory进行身份验证,并向Umbraco数据库添加用户和外部登录

然后以连续循环的方式将您发送回/umbraco登录页面。如本文所述

有人面对这个问题并解决了吗?或者有什么有用的建议

正在使用的代码

   public static void ConfigureBackOfficeAzureActiveDirectoryAuth(this IAppBuilder app,
          string tenant, string clientId, string postLoginRedirectUri, Guid issuerId,
          string caption = "Active Directory", string style = "btn-microsoft", string icon = "fa-windows")
    {
        var authority = string.Format(
            CultureInfo.InvariantCulture,
            "https://login.microsoftonline.com/{0}",
            tenant);

        var adOptions = new OpenIdConnectAuthenticationOptions
        {
            SignInAsAuthenticationType = Constants.Security.BackOfficeExternalAuthenticationType,
            ClientId = clientId,
            Authority = authority,
            RedirectUri = postLoginRedirectUri,
            AuthenticationMode = AuthenticationMode.Passive,
            Notifications = new OpenIdConnectAuthenticationNotifications
            {
                AuthorizationCodeReceived = async context =>
                {
                    if (System.Diagnostics.Debugger.IsAttached)
                        System.Diagnostics.Debugger.Break();

                    var userService = ApplicationContext.Current.Services.UserService;

                    var stuff = (List<Claim>)context.JwtSecurityToken.Claims;

                    var email = stuff.FirstOrDefault(x => x.Type == "unique_name").Value;
                    var issuer = stuff.FirstOrDefault(x => x.Type == "iss").Value;
                    var providerKey = stuff.FirstOrDefault(x => x.Type == "sub").Value;
                    var name = stuff.FirstOrDefault(x => x.Type == "name").Value;

                    var userManager = context.OwinContext.GetUserManager<BackOfficeUserManager>();

                    var user = userService.GetByEmail(email);

                    if (user == null)
                    {
                        var writerUserType = userService.GetUserTypeByName("writer");
                        user = userService.CreateUserWithIdentity(email, email, writerUserType);
                    }

                    var identity = await userManager.FindByEmailAsync(email);
                    if (identity.Logins.All(x => x.ProviderKey != providerKey))
                    {
                        identity.Logins.Add(new IdentityUserLogin(issuer, providerKey, user.Id));
                        identity.Name = name;

                        var result = userManager.Update(identity);
                    }
                },
            }
        };

        adOptions.ForUmbracoBackOffice(style, icon);
        adOptions.Caption = caption;

        //Need to set the auth type as the issuer path
        adOptions.AuthenticationType = string.Format(
            CultureInfo.InvariantCulture,
            "https://sts.windows.net/{0}/",
            issuerId);

        adOptions.SetExternalSignInAutoLinkOptions(new ExternalSignInAutoLinkOptions(autoLinkExternalAccount: true));

        app.UseOpenIdConnectAuthentication(adOptions);
    }

public static void ConfigureBackOfficeAzureActiveDirectoryAuth(此IAppBuilder应用程序,
字符串租户、字符串clientId、字符串PostLoginDirectUri、Guid issuerId、,
string caption=“Active Directory”,string style=“btn microsoft”,string icon=“fa windows”)
{
var authority=string.Format(
CultureInfo.InvariantCulture,
"https://login.microsoftonline.com/{0}",
承租人);
var adOptions=新的OpenIdConnectAuthenticationOptions
{
SignInAsAuthenticationType=Constants.Security.BackOfficeExternalAuthenticationType,
ClientId=ClientId,
权威=权威,
RedirectUri=postLoginRedirectUri,
AuthenticationMode=AuthenticationMode.Passive,
通知=新的OpenIdConnectAuthenticationNotifications
{
AuthorizationCodeReceived=异步上下文=>
{
if(System.Diagnostics.Debugger.IsAttached)
System.Diagnostics.Debugger.Break();
var userService=ApplicationContext.Current.Services.userService;
var stuff=(List)context.JwtSecurityToken.Claims;
var email=stuff.FirstOrDefault(x=>x.Type==“unique_name”).Value;
var issuer=stuff.FirstOrDefault(x=>x.Type==“iss”).Value;
var providerKey=stuff.FirstOrDefault(x=>x.Type==“sub”).Value;
var name=stuff.FirstOrDefault(x=>x.Type==“name”).Value;
var userManager=context.OwinContext.GetUserManager();
var user=userService.GetByEmail(电子邮件);
if(user==null)
{
var writerUserType=userService.GetUserTypeByName(“writer”);
user=userService.CreateUserWithIdentity(电子邮件、电子邮件、writerUserType);
}
var identity=await userManager.findbyemailsync(电子邮件);
if(identity.Logins.All(x=>x.ProviderKey!=ProviderKey))
{
identity.Logins.Add(新IdentityUserLogin(issuer、providerKey、user.Id));
identity.Name=名称;
var result=userManager.Update(标识);
}
},
}
};
采用。ForUmbracoBackOffice(样式、图标);
收养。字幕=字幕;
//需要将身份验证类型设置为颁发者路径
adOptions.AuthenticationType=string.Format(
CultureInfo.InvariantCulture,
"https://sts.windows.net/{0}/",
发行人ID);
setexternalsignationalinkoptions(新的externalsignationalinkoptions(autoLinkExternalAccount:true));
app.UseOpenIdConnectAuthentication(采用);
}
您是否收到任何错误消息?您可以使用Fiddler捕获请求以进行检查。通过Fiddler未出现任何错误。我们已经试过了,但这不是一个坏建议。我没有通过创建一个新项目并从头安装所有组件来修复这个问题。更新:问题在于使用Redis缓存。你解决了这个问题吗?如果不介意,您是否介意分享有关如何使用Redis缓存的代码以及根本原因?我注意到,使用AD登录会定期停止工作(循环会使其再次工作)。你看到了吗@杰瑟顿