在AddOAuth OnCreatingTicket期间返回AuthenticateResult.Fail结果
我想使oAuth在OnCreatingTicket事件期间失败。我可以打电话。失败了,但它似乎没有任何作用。在工作流程中是否太晚了?我是否缺少一些实际处理故障的附加代码在AddOAuth OnCreatingTicket期间返回AuthenticateResult.Fail结果,oauth,asp.net-core,Oauth,Asp.net Core,我想使oAuth在OnCreatingTicket事件期间失败。我可以打电话。失败了,但它似乎没有任何作用。在工作流程中是否太晚了?我是否缺少一些实际处理故障的附加代码 services.AddAuthentication(CookieAuthenticationDefaults.AuthenticationScheme) .AddCookie().AddOAuth("schemename", SetOAuthOptions); private void SetOAuthOptions(O
services.AddAuthentication(CookieAuthenticationDefaults.AuthenticationScheme)
.AddCookie().AddOAuth("schemename", SetOAuthOptions);
private void SetOAuthOptions(OAuthOptions options)
{
options.ClientId = ...;
options.ClientSecret = ...;
options.CallbackPath = ...;
options.AuthorizationEndpoint = ...;
options.TokenEndpoint = ...;
options.Events = new OAuthEvents
{
OnCreatingTicket = async context => await AddIdentityClaimsAsync(context),
OnTicketReceived = ...
};
}
private async Task AddIdentityClaimsAsync(OAuthCreatingTicketContext context)
{
...
if(noAccess)
context.Fail("Sorry, you don't have access to the product.");
}
这就是我的结局: 启动时,在AddOAuth之后:
.AddScheme(BeareAuthHandler.DefaultSchemeName,…)
这将进入控制器:
[授权(AuthenticationSchemes=BeareAuthHandler.DefaultSchemeName)]
这是scheme类:似乎OAuthCreatingTicketContext.Fail最终不会影响身份验证调用最终返回的HandlerRequestResult。最后我不得不从OnCreatingTicket处理程序中抛出一个已知的异常,重写OAuthHandler.HandlerEmoteAuthenticationAsync以捕获它,并从那里调用HandlerRequestResult.Fail以引发异常
services.AddAuthentication(CookieAuthenticationDefaults.AuthenticationScheme)
.AddCookie().AddOAuth("schemename", SetOAuthOptions);
private void SetOAuthOptions(OAuthOptions options)
{
options.ClientId = ...;
options.ClientSecret = ...;
options.CallbackPath = ...;
options.AuthorizationEndpoint = ...;
options.TokenEndpoint = ...;
options.Events = new OAuthEvents
{
OnCreatingTicket = async context => await AddIdentityClaimsAsync(context),
OnTicketReceived = ...
};
}
private async Task AddIdentityClaimsAsync(OAuthCreatingTicketContext context)
{
...
if(noAccess)
throw new MyCustomException("Sorry, you don't have access to the product.");
}
// In OAuthHandler<T>
protected override async Task<HandleRequestResult> HandleRemoteAuthenticateAsync()
{
try
{
return await base.HandleRemoteAuthenticateAsync();
}
catch (MyCustomException e)
{
return HandleRequestResult.Fail(e);
}
}
services.AddAuthentication(CookieAuthenticationDefaults.AuthenticationScheme)
.AddCookie().AddOAuth(“schemename”,SetOAuthOptions);
专用void设置OAuthoOptions(OAuthoOptions选项)
{
options.ClientId=。。。;
options.ClientSecret=。。。;
options.CallbackPath=。。。;
options.AuthorizationEndpoint=。。。;
options.TokenEndpoint=。。。;
options.Events=新的OAuthEvents
{
OnCreatingTicket=async context=>Wait AddIdentityClaimsAsync(上下文),
OnTicketReceived=。。。
};
}
专用异步任务AddIdentityClaimAsync(OAuthCreatingTicketContext上下文)
{
...
如果(不成功)
抛出新的MyCustomException(“对不起,您没有访问该产品的权限。”);
}
//在OAuthHandler中
受保护的重写异步任务HandleRemoteAuthenticateAsync()
{
尝试
{
返回wait base.HandleRemoteAuthenticateAsync();
}
捕获(MyCustome例外)
{
返回HandlerRequestResult.Fail(e);
}
}
希望这对某人有所帮助。你有没有偶然发现这个问题?我的情况与此类似,一旦从外部提供程序获得访问令牌,我需要执行额外的验证(API调用)。您能告诉我如何覆盖默认的OAuthHandler
?我也试着这么做,但我想不出来…:\不过我使用的是OpenIdConnect,所以事情可能会更复杂一些……@user2173353这已经有很长一段时间了,但是您可以从OpenIdConnectHandler继承并重写HandlerEmoteAuthenticationAsync方法,然后执行如下操作来注册它:services.Replace(ServiceDescriptor.Transient());