将Azure AD集成到ASP.NET Core Web应用程序时更改默认访问被拒绝的路径 [英] Changing default access denied path when integrating Azure AD into an ASP.NET Core web app
问题描述
使用Azure AD拒绝授权时,我试图更改默认访问拒绝路径.
I am trying to change the default access denied path when authorization is denied when using Azure AD.
例如,当使用Microsoft的将Azure AD集成到ASP.NET Core Web应用程序"示例时,在这里看到: https://azure.microsoft.com/zh-CN/resources/samples/active-directory-dotnet-webapp-openidconnect-aspnetcore/
For example, when working with Microsoft's example of "Integrating Azure AD into an ASP.NET Core web app" seen here: https://azure.microsoft.com/en-us/resources/samples/active-directory-dotnet-webapp-openidconnect-aspnetcore/
本文引用了GitHub上的示例项目,请参见此处: https://github.com/Azure-Samples/active-directory-dotnet-webapp-openidconnect-aspnetcore .
The article reference an example project on GitHub see here: https://github.com/Azure-Samples/active-directory-dotnet-webapp-openidconnect-aspnetcore.
我在配置Startup.cs中的选项以更改拒绝访问的默认控制器/方法(即"Account/AccessDenied")时遇到困难.
I am having difficulties configuring the options inside Startup.cs to change the default controller/method for access denied (which is "Account/AccessDenied").
有人可以帮助提供对上述github示例项目的必要更改,以使未经授权的用户在被拒绝授权时会被带到其他路径,而不是默认的"Account/AccessDenied"?
Can someone please help provide the required changes to the github sample project above so that an unauthorized user is taken to a different path when they are denied authorization other than the default "Account/AccessDenied"?
更新:我在项目中之前(现在又是现在)添加了@Brad在启动中的建议,但它没有变化,我仍然被定向到"Account/AccessDenied" ......您能想到其他可以控制此设置的设置吗?
UPDATE: I added what @Brad suggested in the startup prior (and again now) in my project, but it didn't change, and I'm still being directed to "Account/AccessDenied"... can you think of any other setting that might govern this?
对于我的项目(使用Visual Studio 2017中的工作或学校帐户身份验证自动创建的ASP.NET Core Web应用程序-Web应用程序(模型-视图-控制器)),与示例不同项目.我正在引用NuGet包Microsoft.AspNetCore.Authentication.AzureAD.UI并以以下方式设置我的AzureAD(请注意使用.AddAzureAD而不是.AddAzureAd):
For my project (the automatically created ASP.NET Core Web Application - Web Application (Model-View-Controller) using Work or School Accounts Authentication in Visual Studio 2017), which differs from the example project. I am referencing the NuGet package Microsoft.AspNetCore.Authentication.AzureAD.UI and setting up my AzureAD in the following way (please note using .AddAzureAD and not .AddAzureAd):
services.Configure<CookiePolicyOptions>(options =>
{
// This lambda determines whether user consent for non-essential cookies
// is needed for a given request.
options.CheckConsentNeeded = context => true;
options.MinimumSameSitePolicy = SameSiteMode.None;
});
services
.AddAuthentication(AzureADDefaults.AuthenticationScheme)
.AddAzureAD(options => Configuration.Bind("AzureAd", options))
.AddCookie(options =>
{
options.AccessDeniedPath = "/Home";
});
推荐答案
如果您使用AddAzureAd的简单重载仅执行操作lambda,则库会自动为您添加Cookie方案,但会在带有自己的一组选项的"AzureAdDefaults.CookieScheme"名称(不确定原因).如果您尝试使用任何常规方法来自定义cookie选项,则由于试图配置错误的cookie方案,它永远不会被调用.
If you use the simple overload of AddAzureAd that only takes an action lambda, the library automatically adds a Cookie scheme for you, but it adds it under the `AzureAdDefaults.CookieScheme' name (not sure why) with it's own set of options. If you try to use any normal method to customize the cookie options, it will never get called because you're trying to configure the wrong cookie scheme.
相反,添加后,您可以为Azure AD自定义cookie方案配置cookie选项,如下所示:
Instead, you can configure the cookie options for the Azure AD custom cookie scheme once it's been added, like so:
services.AddAuthentication(AzureADDefaults.AuthenticationScheme)
.AddAzureAD(options => Configuration.Bind("AzureAd", options));
services.Configure<CookieAuthenticationOptions>(AzureADDefaults.CookieScheme, options => options.AccessDeniedPath = "/Home/NoAuth");
这篇关于将Azure AD集成到ASP.NET Core Web应用程序时更改默认访问被拒绝的路径的文章就介绍到这了,希望我们推荐的答案对大家有所帮助,也希望大家多多支持IT屋!
