与Microsoft.Owin.Security.OpenIdConnect和AzureAD 2.0版端点的自定义参数 [英] Custom parameter with Microsoft.Owin.Security.OpenIdConnect and AzureAD v 2.0 endpoint

问题描述

我迁移我的Azure AD保护的应用程序到V2.0端点。

I am migrating my Azure AD secured application to the v2.0 endpoint.

我需要一个自定义的参数传递给答复URI。与前Azure的AD端点我加入了常用的查询参数的URL的答复做到了。 例如。 https://myserver.com/myredirect_uri?mycustomparamerter=myvalue

I need to pass a custom parameter to the reply uri. With former Azure AD endpoint I did it by adding a usual query parameter to the reply url. e.g. https://myserver.com/myredirect_uri?mycustomparamerter=myvalue

不幸的是，端点2.0我收到一个错误说，答复URI不匹配注册的之一。当然，我的自定义参数值是动态的，我不能硬code吧。

Unfortunately, with endpoint 2.0 I received an error saying that the reply uri does not match the one registered. Of course my custom parameter value is dynamic and I cannot hardcode it.

我一直在寻找以利用OAUTH流 描述的国家的参数。然而，我使用Microsoft.Owin.Security.OpenIdConnect 和它看起来参数已经设定，所以我不能利用它。我使用的是基于MVC看起来像<一个流程的执行href=\"https://azure.microsoft.com/en-us/documentation/articles/active-directory-v2-devquickstarts-dotnet-web/\"相对=nofollow>此示例。

I was looking to exploit the 'state' parameter described in OAUTH flow. However, I am using Microsoft.Owin.Security.OpenIdConnect and it looks the parameter is already set so I cannot exploit it. I am using an implementation of the flow that is based on MVC that looks like this sample.

您能否提供一个解决办法，所以我的服务器收到回复的网址自定义参数已经设置的流量开始？

Can you suggest a workaround so my server receive a custom parameter in the reply url that have been set on the flow start?

推荐答案

不知道是否有做你问什么，但一个办法，你可以在技术上注入和抽取通过身份验证流程，多余的值是通过OWIN的通知，正式的方式

Not sure if there's an official way to do what you're asking but one way you could technically inject and extract extra values through the auth flow is via OWIN's notifications.

在Startup.Auth.cs，当你设置的OpenIdConnectAuthenticationOptions你添加以下内容：

In Startup.Auth.cs, when you setup the OpenIdConnectAuthenticationOptions you'd add the following:

app.UseOpenIdConnectAuthentication(
  new OpenIdConnectAuthenticationOptions
  {
    //...
    Notifications = new OpenIdConnectAuthenticationNotifications
    {
      RedirectToIdentityProvider = OnRedirectToIdentityProvider,
      MessageReceived = OnMessageReceived
    },
  });

和使用RedirectToIdentityProvider注入您的参数，沿着线的东西：

And use RedirectToIdentityProvider to inject your parameter, something along the lines of:

private Task OnRedirectToIdentityProvider(RedirectToIdentityProviderNotification<OpenIdConnectMessage, OpenIdConnectAuthenticationOptions> notification)
{
  var stateQueryString = notification.ProtocolMessage.State.Split('=');
  var protectedState = stateQueryString[1];
  var state = notification.Options.StateDataFormat.Unprotect(protectedState);
  state.Dictionary.Add("mycustomparameter", "myvalue");
  notification.ProtocolMessage.State = stateQueryString[0] + "=" + notification.Options.StateDataFormat.Protect(state);
  return Task.FromResult(0);
}

和再使用的messageReceived提取它，像这样：

And then use MessageReceived to extract it, like so:

private Task OnMessageReceived(MessageReceivedNotification<OpenIdConnectMessage, OpenIdConnectAuthenticationOptions> notification)
{
  string mycustomparameter;
  var protectedState = notification.ProtocolMessage.State.Split('=')[1];
  var state = notification.Options.StateDataFormat.Unprotect(protectedState);
  state.Dictionary.TryGetValue("mycustomparameter", out mycustomparameter);
  return Task.FromResult(0);
}

您会显然需要改进/强化这一点，但这个应该让你去除非有更好的整体办法。

You'd obviously need to improve/harden this but this should get you going barring a better overall approach.

这篇关于与Microsoft.Owin.Security.OpenIdConnect和AzureAD 2.0版端点的自定义参数的文章就介绍到这了，希望我们推荐的答案对大家有所帮助，也希望大家多多支持IT屋！