IdentityServer4 Windows身份验证缺少回调实现
安装Windows身份验证的文档如下所示: 但是我不知道如何配置IdentityServer4 Windows身份验证缺少回调实现,identityserver4,openid-connect,oidc-client-js,angular-auth-oidc-client,Identityserver4,Openid Connect,Oidc Client Js,Angular Auth Oidc Client,安装Windows身份验证的文档如下所示: 但是我不知道如何配置Callback()方法,该方法在RedirectUri=Url.Action(“Callback”),行中引用,或者我是否应该使用它 我尝试手动重定向回https:///auth-callback我的angular应用程序的路径,但我得到错误: Error: No state in response at UserManager.processSigninResponse (oidc-client.js:8308) 有人
Callback()
方法,该方法在RedirectUri=Url.Action(“Callback”),
行中引用,或者我是否应该使用它
我尝试手动重定向回https:///auth-callback
我的angular应用程序的路径,但我得到错误:
Error: No state in response
at UserManager.processSigninResponse (oidc-client.js:8308)
有人建议我使用code+pkce与SPA一起使用回调方法吗?我曾尝试搜索谷歌,但目前没有使用Windows身份验证的示例应用程序,而且确实存在的应用程序都是旧的。看看这个方法。我还粘贴了截至2020年10月26日的代码版本,以备将来回购协议失效时参考
/// <summary>
/// Post processing of external authentication
/// </summary>
[HttpGet]
public async Task<IActionResult> ExternalLoginCallback()
{
// read external identity from the temporary cookie
var result = await HttpContext.AuthenticateAsync(IdentityConstants.ExternalScheme);
if (result?.Succeeded != true)
{
throw new Exception("External authentication error");
}
// lookup our user and external provider info
var (user, provider, providerUserId, claims) = await FindUserFromExternalProviderAsync(result);
if (user == null)
{
// this might be where you might initiate a custom workflow for user registration
// in this sample we don't show how that would be done, as our sample implementation
// simply auto-provisions new external user
user = await AutoProvisionUserAsync(provider, providerUserId, claims);
}
// this allows us to collect any additonal claims or properties
// for the specific prtotocols used and store them in the local auth cookie.
// this is typically used to store data needed for signout from those protocols.
var additionalLocalClaims = new List<Claim>();
additionalLocalClaims.AddRange(claims);
var localSignInProps = new AuthenticationProperties();
ProcessLoginCallbackForOidc(result, additionalLocalClaims, localSignInProps);
ProcessLoginCallbackForWsFed(result, additionalLocalClaims, localSignInProps);
ProcessLoginCallbackForSaml2p(result, additionalLocalClaims, localSignInProps);
// issue authentication cookie for user
// we must issue the cookie maually, and can't use the SignInManager because
// it doesn't expose an API to issue additional claims from the login workflow
var principal = await _signInManager.CreateUserPrincipalAsync(user);
additionalLocalClaims.AddRange(principal.Claims);
var name = principal.FindFirst(JwtClaimTypes.Name)?.Value ?? user.Id;
await _events.RaiseAsync(new UserLoginSuccessEvent(provider, providerUserId, user.Id, name));
// issue authentication cookie for user
var isuser = new IdentityServerUser(principal.GetSubjectId())
{
DisplayName = name,
IdentityProvider = provider,
AdditionalClaims = additionalLocalClaims
};
await HttpContext.SignInAsync(isuser, localSignInProps);
// delete temporary cookie used during external authentication
await HttpContext.SignOutAsync(IdentityConstants.ExternalScheme);
// validate return URL and redirect back to authorization endpoint or a local page
var returnUrl = result.Properties.Items["returnUrl"];
if (_interaction.IsValidReturnUrl(returnUrl) || Url.IsLocalUrl(returnUrl))
{
return Redirect(returnUrl);
}
return Redirect("~/");
}
//
///外部身份验证的后处理
///
[HttpGet]
公共异步任务ExternalLoginCallback()
{
//从临时cookie读取外部标识
var result=await HttpContext.authenticateSync(IdentityConstants.ExternalScheme);
如果(结果?.successed!=真)
{
抛出新异常(“外部身份验证错误”);
}
//查找我们的用户和外部提供商信息
var(用户、提供者、提供者用户ID、索赔)=等待FindUserRomeExternalProviderAsync(结果);
if(user==null)
{
//这可能是您启动用户注册自定义工作流的地方
//在这个示例中,我们没有展示如何实现这一点,正如我们的示例实现一样
//简单地自动设置新的外部用户
user=await AutoProvisionUserAsync(提供者、提供者用户ID、声明);
}
//这允许我们收集任何额外的索赔或财产
//对于使用的特定prtotocols,请将其存储在本地身份验证cookie中。
//这通常用于存储从这些协议注销所需的数据。
var additionalLocalClaims=新列表();
additionalLocalClaims.AddRange(索赔);
var localSignInProps=新的AuthenticationProperties();
ProcessLoginCallbackForOidc(结果、附加本地声明、本地签名操作);
ProcessLoginCallbackForWsFed(结果、附加本地声明、本地签名操作);
ProcessLoginCallbackorsAML2P(结果、附加本地声明、本地签名操作);
//为用户颁发身份验证cookie
//我们必须以恶意方式发布cookie,并且不能使用SignInManager,因为
//它不会公开API以从登录工作流中发布附加声明
var principal=await _signInManager.CreateUserPrincipalAsync(用户);
additionalLocalClaims.AddRange(principal.Claims);
var name=principal.FindFirst(JwtClaimTypes.name)?.Value??user.Id;
wait_events.RaiseAsync(新userloginsAccessEvent(provider、providerUserId、user.Id、name));
//为用户颁发身份验证cookie
var isuser=new IdentityServerUser(principal.GetSubjectId())
{
DisplayName=name,
IdentityProvider=提供程序,
AdditionalClaims=additionalLocalClaims
};
等待HttpContext.SignInAsync(isuser,localSignInProps);
//删除外部身份验证期间使用的临时cookie
等待HttpContext.SignOutAsync(IdentityConstants.ExternalScheme);
//验证返回URL并重定向回授权端点或本地页面
var returnUrl=result.Properties.Items[“returnUrl”];
if(_interaction.IsValidReturnUrl(returnUrl)| | Url.IsLocalUrl(returnUrl))
{
返回重定向(returnUrl);
}
返回重定向(“~/”);
}