C# IdentityServer4多个WSFederation提供程序导致异常
我被告知我将在这里描述的不是IdentityServer中的bug,因此我可能做错了什么: 这段代码可以工作,在中使用单个WSFederation实例作为标识提供程序 注册提供商:C# IdentityServer4多个WSFederation提供程序导致异常,c#,asp.net-core,.net-core,identityserver4,ws-federation,C#,Asp.net Core,.net Core,Identityserver4,Ws Federation,我被告知我将在这里描述的不是IdentityServer中的bug,因此我可能做错了什么: 这段代码可以工作,在中使用单个WSFederation实例作为标识提供程序 注册提供商: services.AddAuthentication() .AddWsFederation("WsFederation", options => { options.SignInScheme = IdentityServerCons
services.AddAuthentication()
.AddWsFederation("WsFederation", options =>
{
options.SignInScheme = IdentityServerConstants.ExternalCookieAuthenticationScheme;
options.Wtrealm = realm;
options.MetadataAddress = metadata;
options.Events.OnTicketReceived += OnTicketReceived;
})
/// <summary>
/// Transform the UPN-claim to the sub-claim to be compatible with IdentityServer4
/// </summary>
private async Task OnTicketReceived(TicketReceivedContext ticketReceivedContext)
{
var identity = ticketReceivedContext.Principal.Identities.First();
identity.AddClaim(new Claim("sub", ticketReceivedContext.Principal.FindFirstValue("http://schemas.xmlsoap.org/ws/2005/05/identity/claims/nameidentifier")));
}
services.AddAuthentication()
.AddWsFederation("WsFederation", options =>
{
options.SignInScheme = IdentityServerConstants.ExternalCookieAuthenticationScheme;
options.Wtrealm = realm;
options.MetadataAddress = metadata;
options.Events.OnTicketReceived += OnTicketReceived;
})
[HttpGet]
public async Task<IActionResult> ExternalLoginCallback()
{
// read external identity from the temporary cookie - I don't know how I could change which AuthenticationMiddleware gets called
var result = await HttpContext.AuthenticateAsync(IdentityServer4.IdentityServerConstants.ExternalCookieAuthenticationScheme);
[HttpGet]
公共异步任务ExternalLoginCallback()
{
//从临时cookie读取外部标识-我不知道如何更改调用哪个AuthenticationMiddleware
var result=wait HttpContext.authenticateSync(IdentityServer4.IdentityServerConstants.ExternalCookieAuthenticationScheme);
非常感谢您给我的任何建议。明白了-解决方案是为不同的提供商设置不同的回调路径:
services.AddAuthentication()
.AddWsFederation("WsFederation_LocalHost", "WsFederation_LocalHost", options =>
{
options.SignInScheme = IdentityServerConstants.ExternalCookieAuthenticationScheme;
options.Wtrealm = "urn:aspnetcorerp";
options.MetadataAddress = "http://localhost:5000/wsfederation";
options.Events.OnTicketReceived += OnWsFedTicketReceived;
options.RequireHttpsMetadata = false;
options.CallbackPath = "/signin-wsfed-localhost";
})
.AddWsFederation("WsFederation_SVN", "WsFederation_SVN", options =>
{
options.SignInScheme = IdentityServerConstants.ExternalCookieAuthenticationScheme;
options.Wtrealm = realm;
options.MetadataAddress = metadata;
options.Events.OnTicketReceived += OnWsFedTicketReceived;
options.CallbackPath = "/signin-wsfed-svn";
})
嘿,回拨路径可以是任何随机名称?如/signin wsfed svn random?只需要唯一?是的,您可以使用您选择的路径。非常感谢。这个答案对我帮助很大。很久以来一直在寻找解决方案。我尝试AllowUnsolicitedLogins为true,但似乎产生了问题,您认为AllowUnsolicitedLogins为true是否为alt我不知道这是否有帮助,但是除了你遇到的问题之外,这也会降低安全性,所以我不建议使用它。我也会一直使用那里的功能,而不是尝试实施变通方法,因为你可能会用它产生更多的安全问题。
[HttpGet]
public async Task<IActionResult> ExternalLoginCallback()
{
// read external identity from the temporary cookie - I don't know how I could change which AuthenticationMiddleware gets called
var result = await HttpContext.AuthenticateAsync(IdentityServer4.IdentityServerConstants.ExternalCookieAuthenticationScheme);
services.AddAuthentication()
.AddWsFederation("WsFederation_LocalHost", "WsFederation_LocalHost", options =>
{
options.SignInScheme = IdentityServerConstants.ExternalCookieAuthenticationScheme;
options.Wtrealm = "urn:aspnetcorerp";
options.MetadataAddress = "http://localhost:5000/wsfederation";
options.Events.OnTicketReceived += OnWsFedTicketReceived;
options.RequireHttpsMetadata = false;
options.CallbackPath = "/signin-wsfed-localhost";
})
.AddWsFederation("WsFederation_SVN", "WsFederation_SVN", options =>
{
options.SignInScheme = IdentityServerConstants.ExternalCookieAuthenticationScheme;
options.Wtrealm = realm;
options.MetadataAddress = metadata;
options.Events.OnTicketReceived += OnWsFedTicketReceived;
options.CallbackPath = "/signin-wsfed-svn";
})