C# ASP.NET WebForms在Azure Active Directory身份验证后读取IDToken
我有一个旧的webformsasp.net web应用程序,它基于Identity 2.0本地身份验证,我必须升级该身份验证,以允许在公司的Azure Active Directory中注册的外部用户进行身份验证 我能够运行挑战并在用户在Microsoft上进行身份验证后在网页上找回用户,但我无法读取用户的任何信息。例如,我想知道他们的电子邮件,以便让他们进入我的应用程序或注册为新用户。 我希望令牌中包含此信息,但如何在服务器端访问它 这是我的密码:C# ASP.NET WebForms在Azure Active Directory身份验证后读取IDToken,c#,asp.net,azure,azure-active-directory,openid,C#,Asp.net,Azure,Azure Active Directory,Openid,我有一个旧的webformsasp.net web应用程序,它基于Identity 2.0本地身份验证,我必须升级该身份验证,以允许在公司的Azure Active Directory中注册的外部用户进行身份验证 我能够运行挑战并在用户在Microsoft上进行身份验证后在网页上找回用户,但我无法读取用户的任何信息。例如,我想知道他们的电子邮件,以便让他们进入我的应用程序或注册为新用户。 我希望令牌中包含此信息,但如何在服务器端访问它 这是我的密码: public partial cla
public partial class Startup {
public void ConfigureAuth(IAppBuilder app)
{
app.UseCookieAuthentication(new CookieAuthenticationOptions
{
AuthenticationType = DefaultAuthenticationTypes.ApplicationCookie,
LoginPath = new PathString("/Account/Login"),
Provider = new CookieAuthenticationProvider
{
OnValidateIdentity = SecurityStampValidator.OnValidateIdentity<ApplicationUserManager,User>(
validateInterval: TimeSpan.FromSeconds(120),
regenerateIdentity: (manager, user) => user.GenerateUserIdentityAsync(manager)),
OnApplyRedirect = ctx =>
{
ctx.Response.Redirect(ctx.RedirectUri);
}
}
});
app.UseExternalSignInCookie(DefaultAuthenticationTypes.ExternalCookie);
app.SetDefaultSignInAsAuthenticationType(CookieAuthenticationDefaults.AuthenticationType);
app.UseOpenIdConnectAuthentication(
new OpenIdConnectAuthenticationOptions
{
ClientId = "xxxxxxx-xxxx-xxxx-xxxxxxxxx",
Authority = "https://login.windows.net/xxxxxxx-xxxx-xxxx-xxxxxxxxx",
PostLogoutRedirectUri = "https://localhost:44364/testlogin.aspx",
Scope = OpenIdConnectScope.OpenIdProfile,
// ResponseType is set to request the id_token - which contains basic information about the signed-in user
ResponseType = OpenIdConnectResponseType.IdToken,
// ValidateIssuer set to false to allow personal and work accounts from any organization to sign in to your application
// To only allow users from a single organizations, set ValidateIssuer to true and 'tenant' setting in web.config to the tenant name
// To allow users from only a list of specific organizations, set ValidateIssuer to true and use ValidIssuers parameter
TokenValidationParameters = new TokenValidationParameters()
{
ValidateIssuer = false
},
// OpenIdConnectAuthenticationNotifications configures OWIN to send notification of failed authentications to OnAuthenticationFailed method
Notifications = new OpenIdConnectAuthenticationNotifications
{
AuthenticationFailed = OnAuthenticationFailed
}
}
);
}
private Task OnAuthenticationFailed(AuthenticationFailedNotification<OpenIdConnectMessage, OpenIdConnectAuthenticationOptions> context)
{
context.HandleResponse();
context.Response.Redirect("~/TestLogin.aspx?ErrorMessage=" + context.Exception.Message);
return Task.FromResult(0);
}
}
最后,在TestLogin.aspx页面中,我尝试阅读有关登录用户的信息:
if (Request.IsAuthenticated) //Always False!
{
Label1.Text = System.Security.Claims.ClaimsPrincipal.Current.FindFirst("name").Value;
}
var userClaims = System.Security.Claims.ClaimsPrincipal.Current;
if (userClaims != null) //It's not null but there is no information about the email of the logged in user
{
Label1.Text += userClaims?.FindFirst("name")?.Value; //It's empty
}
如何读取active directory在ID令牌中返回的声明
更新
如果我删除cookie身份验证中的选项,Azure Active Directory将正常工作,但我无法再登录本地用户:
app.UseCookieAuthentication(new CookieAuthenticationOptions
{
AuthenticationType = DefaultAuthenticationTypes.ApplicationCookie,
LoginPath = new PathString("/Account/Login"),
Provider = new CookieAuthenticationProvider
{
OnValidateIdentity = SecurityStampValidator.OnValidateIdentity<ApplicationUserManager,User>(
validateInterval: TimeSpan.FromSeconds(120),
regenerateIdentity: (manager, user) => user.GenerateUserIdentityAsync(manager)),
OnApplyRedirect = ctx =>
{
ctx.Response.Redirect(ctx.RedirectUri);
}
}
});
有没有办法让这两种方法都起作用?您是否尝试使用以下代码
var userClaims=User.Identity as System.Security.Claims.ClaimsIdentity;Label1.Text=userClaims?.FindFirst(“name”)?.Value代码>?@JimXu无任何内容。它总是空的。你说的本地用户是什么意思?保存在应用程序数据库的AspNetUsers表中的用户
app.UseCookieAuthentication(new CookieAuthenticationOptions
{
AuthenticationType = DefaultAuthenticationTypes.ApplicationCookie,
LoginPath = new PathString("/Account/Login"),
Provider = new CookieAuthenticationProvider
{
OnValidateIdentity = SecurityStampValidator.OnValidateIdentity<ApplicationUserManager,User>(
validateInterval: TimeSpan.FromSeconds(120),
regenerateIdentity: (manager, user) => user.GenerateUserIdentityAsync(manager)),
OnApplyRedirect = ctx =>
{
ctx.Response.Redirect(ctx.RedirectUri);
}
}
});
app.UseCookieAuthentication(new CookieAuthenticationOptions());