IdentityServer4-直接从外部提供程序登录 [英] IdentityServer4 - Login directly from an external provider

问题描述

我已经实现了从Azure AD登录的选项.我正在使用的客户端类型是Hybrid.因此，现在，当用户在我的应用程序上输入受限制的控件时，他将被重定向到登录页面(在IdentityServer应用程序站点上)，在该页面上，他可以输入用户名和密码，也可以使用Azure AD帐户登录.

I've implemented the option to login from Azure AD. And the client type I'm using is Hybrid. So now, when a user enters a restricted control on my application, he is being redirected to a login page (on the IdentityServer application site) where he can either enter a username and password or login with an Azure AD account.

我想做的是跳过登录页面，并将用户直接重定向到MS AD登录页面.这意味着，用户将单击网站上的登录"链接，这将使他进入Azure AD登录页面.成功登录后，他将被重定向回我的应用程序(基本上是相同的流程，只需保存进入IdentityServer登录页面并单击外部登录按钮的额外步骤即可.)

What I want to be able to do is skip the login page and redirect the user directly to the MS AD login page. Meaning, the user will click a "Login" link on the website, and that will lead him to the Azure AD login page. Once he successful logged in, he will be redirected back to my application (basically the same flow, just save that extra step of entering IdentityServer login page and clicking the external login button).

这可能吗?

推荐答案

在客户端选项中，尝试将EnableLocalLogin设置为false.从文档:

In the client options, try setting EnableLocalLogin to false. From the docs:

启用本地登录

指定此客户端是否可以使用本地帐户或仅使用外部IDP.默认为true.

Specifies if this client can use local accounts, or external IdPs only. Defaults to true.

我也使用Asp.Net Core Identity，并且如果EnableLocalLogin为false并且只有一个外部提供程序，或者如果在请求中显式设置了idP，则将AccountsController设置为绕过本地页面.

I'm using Asp.Net Core Identity as well, and I set the AccountsController to bypass the local page if EnableLocalLogin is false and there is only one external provider, or if the idP is explicitly set in the request.

[HttpGet]
[AllowAnonymous]
public async Task<IActionResult> Login(string returnUrl = null)
{
    // Clear the existing external cookie to ensure a clean login process
    await HttpContext.Authentication.SignOutAsync(_externalCookieScheme);

    var context = await _interaction.GetAuthorizationContextAsync(returnUrl);
    if (context?.IdP != null)
    {
        // if IdP is passed, then bypass showing the login screen
        return ExternalLogin(context.IdP, returnUrl);
    }

    var vm = await BuildLoginViewModelAsync(returnUrl, context);

    if (vm.EnableLocalLogin == false && vm.ExternalProviders.Count() == 1)
    {
        // only one option for logging in
        return ExternalLogin(vm.ExternalProviders.First().AuthenticationScheme, returnUrl);
    }

    return View(vm);
}

这篇关于IdentityServer4-直接从外部提供程序登录的文章就介绍到这了，希望我们推荐的答案对大家有所帮助，也希望大家多多支持IT屋！