C# 代码授权流-为什么它的行为像隐式流?
我有一个Startup.cs,它基本上来自MS项目模板。这应该是使用Azure Active Directory进行身份验证的授权代码流。但它抛出一个带有以下消息的execption,该消息表示它试图成为一个隐式的身份验证流。但是为什么呢?如何强制验证代码流?有一个有效的例子吗 我用ASP.NETMVC(不是核心),4.xxxx之类的。最近的一次。还有奥文 我得到这个错误:当我调试时,它不会执行“AuthorizationCodeReceived” 当前代码:C# 代码授权流-为什么它的行为像隐式流?,c#,asp.net,C#,Asp.net,我有一个Startup.cs,它基本上来自MS项目模板。这应该是使用Azure Active Directory进行身份验证的授权代码流。但它抛出一个带有以下消息的execption,该消息表示它试图成为一个隐式的身份验证流。但是为什么呢?如何强制验证代码流?有一个有效的例子吗 我用ASP.NETMVC(不是核心),4.xxxx之类的。最近的一次。还有奥文 我得到这个错误:当我调试时,它不会执行“AuthorizationCodeReceived” 当前代码: public vo
public void Configuration(IAppBuilder app)
{
string clientId = WebConfigurationManager.AppSettings["ClientId"];
string authority = "https://login.microsoftonline.com/" + WebConfigurationManager.AppSettings["Tenant"] + "/v2.0";
string appKey = WebConfigurationManager.AppSettings["ClientSecret"];
app.SetDefaultSignInAsAuthenticationType(CookieAuthenticationDefaults.AuthenticationType);
app.UseCookieAuthentication(new CookieAuthenticationOptions());
app.UseOpenIdConnectAuthentication(
new OpenIdConnectAuthenticationOptions
{
// Sets the ClientId, authority, RedirectUri as obtained from web.config
ClientId = clientId,
Authority = authority,
RedirectUri = WebConfigurationManager.AppSettings["RedirectUri"],
// PostLogoutRedirectUri is the page that users will be redirected to after sign-out. In this case, it is using the home page
PostLogoutRedirectUri = WebConfigurationManager.AppSettings["RedirectUri"],
//Scope = OpenIdConnectScope.OpenIdProfile,
// ResponseType is set to request the id_token - which contains basic information about the signed-in user
//ResponseType = OpenIdConnectResponseType.IdToken,
// ValidateIssuer set to false to allow personal and work accounts from any organization to sign in to your application
// To only allow users from a single organizations, set ValidateIssuer to true and 'tenant' setting in web.config to the tenant name
// To allow users from only a list of specific organizations, set ValidateIssuer to true and use ValidIssuers parameter
TokenValidationParameters = new TokenValidationParameters()
{
ValidateIssuer = false // Simplification (see note below)
},
// OpenIdConnectAuthenticationNotifications configures OWIN to send notification of failed authentications to OnAuthenticationFailed method
Notifications = new OpenIdConnectAuthenticationNotifications
{
AuthenticationFailed = OnAuthenticationFailed,
// If there is a code in the OpenID Connect response, redeem it for an access token and refresh token, and store those away.
AuthorizationCodeReceived = (context) =>
{
var code = context.Code;
ClientCredential credential = new ClientCredential(clientId, appKey);
string signedInUserID = context.AuthenticationTicket.Identity.FindFirst(ClaimTypes.NameIdentifier).Value;
AuthenticationContext authContext = new AuthenticationContext(authority, null);
AuthenticationResult result = authContext.AcquireTokenByAuthorizationCodeAsync(
code, new Uri(HttpContext.Current.Request.Url.GetLeftPart(UriPartial.Path)), credential, graphResourceId).Result;
return Task.FromResult(0);
}
}
}
);
}
private Task OnAuthenticationFailed(AuthenticationFailedNotification<OpenIdConnectMessage, OpenIdConnectAuthenticationOptions> arg)
{
throw new NotImplementedException();
}`enter code here`
public void配置(IAppBuilder应用程序)
{
字符串clientId=WebConfigurationManager.AppSettings[“clientId”];
字符串权限=”https://login.microsoftonline.com/“+WebConfiguration Manager.AppSettings[“租户”]+”/v2.0”;
字符串appKey=WebConfigurationManager.AppSettings[“ClientSecret”];
app.SetDefaultSignInAsAuthenticationType(CookieAuthenticationDefaults.AuthenticationType);
app.UseCookieAuthentication(新的CookieAuthenticationOptions());
app.UseOpenIdConnectAuthentication(
新的OpenIdConnectAuthenticationOptions
{
//设置从web.config获取的ClientId、authority和重定向URI
ClientId=ClientId,
权威=权威,
RedirectUri=WebConfiguration Manager.AppSettings[“RedirectUri”],
//PostLogoutRedirectUri是用户注销后将重定向到的页面。在本例中,它使用的是主页
PostLogoutRedirectUri=WebConfiguration Manager.AppSettings[“RedirectUri”],
//Scope=OpenIdConnectScope.OpenIdProfile,
//ResponseType设置为请求id_令牌,该令牌包含有关登录用户的基本信息
//ResponseType=OpenIdConnectResponseType.IdToken,
//ValidateIssuer设置为false以允许任何组织的个人帐户和工作帐户登录到您的应用程序
//要仅允许来自单个组织的用户,请将validateisuer设置为true,并将web.config中的“租户”设置设置为租户名称
//若要仅允许来自特定组织列表的用户,请将ValidateIssuer设置为true并使用ValidIssuers参数
TokenValidationParameters=新的TokenValidationParameters()
{
validateisuer=false//简化(见下面的注释)
},
//OpenIdConnectAuthenticationNotifications将OWIN配置为向OnAuthenticationFailed方法发送身份验证失败的通知
通知=新的OpenIdConnectAuthenticationNotifications
{
AuthenticationFailed=OnAuthenticationFailed,
//如果OpenID Connect响应中有代码,请将其兑换为访问令牌和刷新令牌,并将其存储起来。
AuthorizationCodeReceived=(上下文)=>
{
var code=context.code;
ClientCredential=新的ClientCredential(clientId,appKey);
string signedInUserID=context.AuthenticationTicket.Identity.FindFirst(ClaimTypes.NameIdentifier).Value;
AuthenticationContext authContext=新的AuthenticationContext(authority,null);
AuthenticationResult=authContext.AcquireTokenByAuthorizationCodeAsync(
代码,新Uri(HttpContext.Current.Request.Url.GetLeftPart(UriPartial.Path)),凭证,graphResourceId);
返回Task.FromResult(0);
}
}
}
);
}
身份验证的专用任务失败(AuthenticationFailedNotification参数)
{
抛出新的NotImplementedException();
}`在这里输入代码`