ASP.NET Web APP和Web API中的Azure AD Open ID Connect OAuth 2.0无限重定向循环 [英] Azure AD Open ID Connect OAuth 2.0 in ASP.NET Web APP and Web API Infinite redirect loop
问题描述
ASP.NET Web应用程序可从任何Azure Active Directory(Azure AD)实例登录个人帐户以及工作和学校帐户.
ASP.NET web app to sign in personal accounts and work and school accounts from any Azure Active Directory (Azure AD) instance.
OWIN中间件NuGet软件包
Install-Package Microsoft.Owin.Security.OpenIdConnect
Install-Package Microsoft.Owin.Security.Cookies
Install-Package Microsoft.Owin.Host.SystemWeb
OWIN启动课程 OWIN中间件使用启动类,该类在托管进程初始化时运行.在此快速入门中,位于根文件夹中的startup.cs文件.以下代码显示了此快速入门使用的参数
OWIN Startup Class The OWIN middleware uses a startup class that runs when the hosting process initializes. In this quickstart, the startup.cs file located in the root folder. The following code shows the parameter used by this quickstart
public void Configuration(IAppBuilder app)
{
app.SetDefaultSignInAsAuthenticationType(CookieAuthenticationDefaults.AuthenticationType);
app.UseCookieAuthentication(new CookieAuthenticationOptions());
app.UseOpenIdConnectAuthentication(
new OpenIdConnectAuthenticationOptions
{
// Sets the ClientId, authority, RedirectUri as obtained from web.config
ClientId = clientId,
Authority = authority,
RedirectUri = redirectUri,
// PostLogoutRedirectUri is the page that users will be redirected to after sign-out. In this case, it is using the home page
PostLogoutRedirectUri = redirectUri,
Scope = OpenIdConnectScope.OpenIdProfile,
// ResponseType is set to request the id_token - which contains basic information about the signed-in user
ResponseType = OpenIdConnectResponseType.IdToken,
// ValidateIssuer set to false to allow personal and work accounts from any organization to sign in to your application
// To only allow users from a single organizations, set ValidateIssuer to true and 'tenant' setting in web.config to the tenant name
// To allow users from only a list of specific organizations, set ValidateIssuer to true and use ValidIssuers parameter
TokenValidationParameters = new TokenValidationParameters()
{
ValidateIssuer = false // Simplification (see note below)
},
// OpenIdConnectAuthenticationNotifications configures OWIN to send notification of failed authentications to OnAuthenticationFailed method
Notifications = new OpenIdConnectAuthenticationNotifications
{
AuthenticationFailed = OnAuthenticationFailed
}
}
);
}
ASP.NET MVC/Web API
//You can force a user to sign in by requesting an authentication challenge in your controller:
public void SignIn()
{
if (!Request.IsAuthenticated)
{
HttpContext.GetOwinContext().Authentication.Challenge(
new AuthenticationProperties{ RedirectUri = "/" },
OpenIdConnectAuthenticationDefaults.AuthenticationType);
}
}
ASP.NET Web表单:
protected void Login_click(object sender, EventArgs e)
{
if (!Request.IsAuthenticated)
{
HttpContext.Current.GetOwinContext().Authentication.Challenge(
new AuthenticationProperties { RedirectUri = "/" },
OpenIdConnectAuthenticationDefaults.AuthenticationType);
}
}
推荐答案
该问题已在ASP.NET核心和适用于ASP.NET的新版Katana Owin中得到解决.若要解决此问题,您可以升级您的应用程序以使用ASP.NET Core.如果必须继续使用ASP.NET,请执行以下操作:
The problem has been fixed in ASP.NET core and in the new version of Katana Owin for ASP.NET. To resolve this issue, you can upgrade your application to use ASP.NET Core. If you must continue stay on ASP.NET, perform the following:
将应用程序的Microsoft.Owin.Host.SystemWeb软件包至少更新为3.1.0.0版本,并且 修改您的代码以使用新的cookie管理器类之一,例如,如下所示:
Update your application’s Microsoft.Owin.Host.SystemWeb package be at least version 3.1.0.0 and Modify your code to use one of the new cookie manager classes, for example something like the following:
app.UseCookieAuthentication(new CookieAuthenticationOptions
{
AuthenticationType = "Cookies",
CookieManager = new Microsoft.Owin.Host.SystemWeb.SystemWebChunkingCookieManager()
});
这篇关于ASP.NET Web APP和Web API中的Azure AD Open ID Connect OAuth 2.0无限重定向循环的文章就介绍到这了,希望我们推荐的答案对大家有所帮助,也希望大家多多支持IT屋!
