Identity Server 3-Ajax呼叫上的401而不是302 [英] Identity Server 3 - 401 on Ajax Calls instead of 302
问题描述
我有一个Web api/mvc混合应用程序,并且已将其配置为使用cookie身份验证.这对于应用程序的mvc部分工作正常. Web API会强制执行授权,但不是返回401 - Unauthorised
,而是返回302 - Found
并重定向到登录页面.我宁愿它返回401
.我试图挂接到CookieAuthenticationProvider.OnApplyRedirect
委托中,但这似乎没有被调用.我错过了什么?我当前的设置如下:
I have a web api / mvc hybrid app and I have configured it to use cookie authentication. This works fine for the mvc portion of the application. The web api does enforce the authorization, but instead of returning a 401 - Unauthorised
it returns a 302 - Found
and redirects to the login page. I would rather it returns a 401
. I have attempted to hook into the CookieAuthenticationProvider.OnApplyRedirect
delegate, but this doesn't seem to be called. What have I missed? My current setup is below:
AntiForgeryConfig.UniqueClaimTypeIdentifier = Constants.ClaimTypes.Subject;
JwtSecurityTokenHandler.InboundClaimTypeMap = new Dictionary<string, string>();
app.UseCookieAuthentication(new CookieAuthenticationOptions
{
AuthenticationType = "Cookies",
ExpireTimeSpan = TimeSpan.FromMinutes(20),
SlidingExpiration = true,
CookieHttpOnly = true,
CookieSecure = CookieSecureOption.Never, //local non ssl-dev only
Provider = new CookieAuthenticationProvider
{
OnApplyRedirect = ctx =>
{
if (!IsAjaxRequest(ctx.Request))
{
ctx.Response.Redirect(ctx.RedirectUri);
}
}
}
});
app.UseOpenIdConnectAuthentication(new OpenIdConnectAuthenticationOptions
{
Authority = IdentityConfig.Authority,
ClientId = IdentityConfig.SoftwareClientId,
Scope = "openid profile roles",
RedirectUri = IdentityConfig.RedirectUri,
ResponseType = "id_token",
SignInAsAuthenticationType = "Cookies"
});
推荐答案
在您的示例中,UseCookieAuthentication
不再对此进行控制,而UseOpenIdConnectAuthentication
则进行了控制.这涉及使用Notifications
属性并拦截OpenID Connect身份验证请求.
In your example the UseCookieAuthentication
no longer controls this, instead the UseOpenIdConnectAuthentication
does. This involves using the Notifications
property and intercepting OpenID Connect authentication requests.
尝试以下方法以获取灵感:
Try out the following for inspiration:
app.UseOpenIdConnectAuthentication(new OpenIdConnectAuthenticationOptions
{
Authority = IdentityConfig.Authority,
ClientId = IdentityConfig.SoftwareClientId,
Scope = "openid profile roles",
RedirectUri = IdentityConfig.RedirectUri,
ResponseType = "id_token",
SignInAsAuthenticationType = "Cookies",
Notifications = new OpenIdConnectAuthenticationNotifications
{
RedirectToIdentityProvider = notification =>
{
if (notification.ProtocolMessage.RequestType == OpenIdConnectRequestType.AuthenticationRequest)
{
if (IsAjaxRequest(notification.Request) && notification.Response.StatusCode == (int)HttpStatusCode.Unauthorized)
{
notification.Response.StatusCode = (int)HttpStatusCode.Unauthorized;
notification.HandleResponse();
return Task.FromResult(0);
}
}
return Task.FromResult(0);
}
}
});
这篇关于Identity Server 3-Ajax呼叫上的401而不是302的文章就介绍到这了,希望我们推荐的答案对大家有所帮助,也希望大家多多支持IT屋!