C# 使用手动加载的凭据登录到ASP.NET标识
我创建了一个非常简单的SSO解决方案。在目标应用程序中,我可以在请求开始时成功加载凭据 不过,我会使用它们登录,并让ASP.NET Identity处理所有未来请求的凭据(使用普通的cookie中间件) 我的第一次尝试是在cookie中间件中使用applyredirect:C# 使用手动加载的凭据登录到ASP.NET标识,c#,asp.net,asp.net-identity-2,C#,Asp.net,Asp.net Identity 2,我创建了一个非常简单的SSO解决方案。在目标应用程序中,我可以在请求开始时成功加载凭据 不过,我会使用它们登录,并让ASP.NET Identity处理所有未来请求的凭据(使用普通的cookie中间件) 我的第一次尝试是在cookie中间件中使用applyredirect: var provider = new CookieAuthenticationProvider(); provider.OnApplyRedirect = ctx => { if (ctx.Request.Qu
var provider = new CookieAuthenticationProvider();
provider.OnApplyRedirect = ctx =>
{
if (ctx.Request.Query["s"] != null)
{
var ticket = LoadTicket(ctx.Request.Query["s"]);
var uri = RemoveQueryStringByKey(ctx.Request.Uri.ToString(), "s");
ticket.Properties.IsPersistent = true;
ctx.OwinContext.Authentication.SignIn(ticket.Properties, ticket.Identity);
ctx.Response.Redirect(uri);
return;
}
}
未为下一个请求加载凭据:((cookie中间件已重定向到登录页)
我的第二次尝试是创建一个完整的身份验证中间件并加载凭据,然后使用Context.authentication.sign(ticket.Properties,ticket.Identity);
进行登录
public class SingleSignOnAuthenticationHandler : AuthenticationHandler<AuthenticationOptions>
{
protected override Task<AuthenticationTicket> AuthenticateCoreAsync()
{
var sessionIdentifier = Request.Query["s"];
if (sessionIdentifier == null)
return Task.FromResult<AuthenticationTicket>(null);
var ticket = LoadTicket(sessionIdentifier);
if (ticket == null)
return Task.FromResult<AuthenticationTicket>(null);
Context.Authentication.SignIn(ticket.Properties, ticket.Identity);
return Task.FromResult(new AuthenticationTicket(ticket.Identity, ticket.Properties));
}
}
…所以这里也需要一样:
public class SingleSignOnAuthenticationHandler : AuthenticationHandler<AuthenticationOptions>
{
protected override Task<AuthenticationTicket> AuthenticateCoreAsync()
{
var sessionIdentifier = Request.Query["s"];
if (sessionIdentifier == null)
return Task.FromResult<AuthenticationTicket>(null);
var ticket = LoadTicket(sessionIdentifier);
if (ticket == null)
return Task.FromResult<AuthenticationTicket>(null);
ticket.Properties.IsPersistent = true;
// ** LOOK HERE **
//new identity, but with the correct authentication type
var identity = new ClaimsIdentity(ticket.Identity.Claims, "ApplicationCookie", ClaimTypes.Name, ClaimTypes.Role);
Context.Authentication.SignIn(ticket.Properties, identity);
return Task.FromResult(new AuthenticationTicket(identity, ticket.Properties));
}
}
公共类SingleSignonaAuthenticationHandler:AuthenticationHandler
{
受保护的覆盖任务AuthenticateCoreAsync()
{
var sessionIdentifier=Request.Query[“s”];
if(sessionIdentifier==null)
返回Task.FromResult(空);
var票证=装载票证(会话标识符);
如果(票证==null)
返回Task.FromResult(空);
ticket.Properties.ispersist=true;
//**看这里**
//新标识,但具有正确的身份验证类型
var identity=newclaimsidentity(ticket.identity.Claims,“applicationcokie”,ClaimTypes.Name,ClaimTypes.Role);
Context.Authentication.SignIn(ticket.Properties,identity);
返回Task.FromResult(新的AuthenticationTicket(identity,ticket.Properties));
}
}
这样看来现在可以了。但是我的客户端使用WebApi从后端获取信息。应用程序cookie似乎不用于ASP.NET WebApi,即使它在同一个web项目中
那么,如何让WebApi加载相同的cookie呢?hmm这是一个很难的要求,通常我不会将两者混合使用
public class SingleSignOnAuthenticationHandler : AuthenticationHandler<AuthenticationOptions>
{
protected override Task<AuthenticationTicket> AuthenticateCoreAsync()
{
var sessionIdentifier = Request.Query["s"];
if (sessionIdentifier == null)
return Task.FromResult<AuthenticationTicket>(null);
var ticket = LoadTicket(sessionIdentifier);
if (ticket == null)
return Task.FromResult<AuthenticationTicket>(null);
ticket.Properties.IsPersistent = true;
// ** LOOK HERE **
//new identity, but with the correct authentication type
var identity = new ClaimsIdentity(ticket.Identity.Claims, "ApplicationCookie", ClaimTypes.Name, ClaimTypes.Role);
Context.Authentication.SignIn(ticket.Properties, identity);
return Task.FromResult(new AuthenticationTicket(identity, ticket.Properties));
}
}