C# ASP.NET WebForms在Azure Active Directory身份验证后读取IDToken_C#_Asp.net_Azure_Azure Active Directory_Openid

C# ASP.NET WebForms在Azure Active Directory身份验证后读取IDToken

c# asp.net azure azure-active-directory openid

C# ASP.NET WebForms在Azure Active Directory身份验证后读取IDToken,c#,asp.net,azure,azure-active-directory,openid,C#,Asp.net,Azure,Azure Active Directory,Openid,我有一个旧的webformsasp.net web应用程序，它基于Identity 2.0本地身份验证，我必须升级该身份验证，以允许在公司的Azure Active Directory中注册的外部用户进行身份验证我能够运行挑战并在用户在Microsoft上进行身份验证后在网页上找回用户，但我无法读取用户的任何信息。例如，我想知道他们的电子邮件，以便让他们进入我的应用程序或注册为新用户。我希望令牌中包含此信息，但如何在服务器端访问它这是我的密码： public partial cla

我有一个旧的webformsasp.net web应用程序，它基于Identity 2.0本地身份验证，我必须升级该身份验证，以允许在公司的Azure Active Directory中注册的外部用户进行身份验证

我能够运行挑战并在用户在Microsoft上进行身份验证后在网页上找回用户，但我无法读取用户的任何信息。例如，我想知道他们的电子邮件，以便让他们进入我的应用程序或注册为新用户。我希望令牌中包含此信息，但如何在服务器端访问它

这是我的密码：

    public partial class Startup {
        public void ConfigureAuth(IAppBuilder app)
        {

            app.UseCookieAuthentication(new CookieAuthenticationOptions
            {
                AuthenticationType = DefaultAuthenticationTypes.ApplicationCookie,
                LoginPath = new PathString("/Account/Login"),
                Provider = new CookieAuthenticationProvider
                {
                    OnValidateIdentity = SecurityStampValidator.OnValidateIdentity<ApplicationUserManager,User>(
                    validateInterval: TimeSpan.FromSeconds(120),
                    regenerateIdentity: (manager, user) => user.GenerateUserIdentityAsync(manager)),
                    OnApplyRedirect = ctx =>
                    {
                       ctx.Response.Redirect(ctx.RedirectUri);                      
                    }
                }
            });
            app.UseExternalSignInCookie(DefaultAuthenticationTypes.ExternalCookie);

            app.SetDefaultSignInAsAuthenticationType(CookieAuthenticationDefaults.AuthenticationType);           

            app.UseOpenIdConnectAuthentication(
            new OpenIdConnectAuthenticationOptions
            {
                ClientId = "xxxxxxx-xxxx-xxxx-xxxxxxxxx",
                Authority = "https://login.windows.net/xxxxxxx-xxxx-xxxx-xxxxxxxxx",
                PostLogoutRedirectUri = "https://localhost:44364/testlogin.aspx",
                Scope = OpenIdConnectScope.OpenIdProfile,
                // ResponseType is set to request the id_token - which contains basic information about the signed-in user
                ResponseType = OpenIdConnectResponseType.IdToken,
                // ValidateIssuer set to false to allow personal and work accounts from any organization to sign in to your application
                // To only allow users from a single organizations, set ValidateIssuer to true and 'tenant' setting in web.config to the tenant name
                // To allow users from only a list of specific organizations, set ValidateIssuer to true and use ValidIssuers parameter 
                TokenValidationParameters = new TokenValidationParameters()
                {
                    ValidateIssuer = false
                },
                // OpenIdConnectAuthenticationNotifications configures OWIN to send notification of failed authentications to OnAuthenticationFailed method
                Notifications = new OpenIdConnectAuthenticationNotifications
                {
                    AuthenticationFailed = OnAuthenticationFailed
                }

            }
            );

        }

        private Task OnAuthenticationFailed(AuthenticationFailedNotification<OpenIdConnectMessage, OpenIdConnectAuthenticationOptions> context)
        {
            context.HandleResponse();
            context.Response.Redirect("~/TestLogin.aspx?ErrorMessage=" + context.Exception.Message);
            return Task.FromResult(0);
        }
    }

最后，在TestLogin.aspx页面中，我尝试阅读有关登录用户的信息：

if (Request.IsAuthenticated) //Always False!
{
    Label1.Text = System.Security.Claims.ClaimsPrincipal.Current.FindFirst("name").Value;
}

var userClaims = System.Security.Claims.ClaimsPrincipal.Current;
if (userClaims != null) //It's not null but there is no information about the email of the logged in user
{
    Label1.Text += userClaims?.FindFirst("name")?.Value; //It's empty
}

如何读取active directory在ID令牌中返回的声明
更新
如果我删除cookie身份验证中的选项，Azure Active Directory将正常工作，但我无法再登录本地用户：

app.UseCookieAuthentication(new CookieAuthenticationOptions { AuthenticationType = DefaultAuthenticationTypes.ApplicationCookie, LoginPath = new PathString("/Account/Login"), Provider = new CookieAuthenticationProvider { OnValidateIdentity = SecurityStampValidator.OnValidateIdentity<ApplicationUserManager,User>( validateInterval: TimeSpan.FromSeconds(120), regenerateIdentity: (manager, user) => user.GenerateUserIdentityAsync(manager)), OnApplyRedirect = ctx => { ctx.Response.Redirect(ctx.RedirectUri); } } });

有没有办法让这两种方法都起作用？
您是否尝试使用以下代码
var userClaims=User.Identity as System.Security.Claims.ClaimsIdentity；Label1.Text=userClaims？.FindFirst（“name”）？.Value？@JimXu无任何内容。它总是空的。你说的本地用户是什么意思？保存在应用程序数据库的AspNetUsers表中的用户 app.UseCookieAuthentication(new CookieAuthenticationOptions { AuthenticationType = DefaultAuthenticationTypes.ApplicationCookie, LoginPath = new PathString("/Account/Login"), Provider = new CookieAuthenticationProvider { OnValidateIdentity = SecurityStampValidator.OnValidateIdentity<ApplicationUserManager,User>( validateInterval: TimeSpan.FromSeconds(120), regenerateIdentity: (manager, user) => user.GenerateUserIdentityAsync(manager)), OnApplyRedirect = ctx => { ctx.Response.Redirect(ctx.RedirectUri); } } }); app.UseCookieAuthentication(new CookieAuthenticationOptions());