用户的AD身份验证失败时如何导航到“自定义访问被拒绝的页面"(带有OpenIDConnect Azure AD身份验证的.net 3.1核心) [英] How to Navigate to Custom Access Denied Page when AD Authentication failed for user (.net 3.1 core with OpenIDConnect Azure AD Authentication)
问题描述
我有一个.Net core 3.1 Web应用程序,通过在Azure中设置App Services注册并分配了用户来实现AD身份验证.现在,当未经授权的用户尝试访问该应用程序时,AD身份验证失败,并转到OPENIDConnect Exception页面.但是,我需要做的就是将用户导航到应用程序中的自定义页面AccessDenied页面.
I have an .Net core 3.1 web application where I implemented AD Authentication by setting up the App Services registration in Azure and also assigned users. Now when an unauthorized user tries to access the application, AD authentication is failing and going to OPENIDConnect Exception page. But All I need is to navigate user to custom page AccessDenied page in my application.
预期:用户未通过身份验证时.他应该导航到/Home/AccessDeined页面.
Expected: When User is not Authenticated. He should be navigate to /Home/AccessDeined Page.
实际:例外页面:登录-Oidc例外页面
Startup.cs
Startup.cs
public void ConfigureServices(IServiceCollection services)
{
services.Configure<CookiePolicyOptions>(options =>
{
// This lambda determines whether user consent for non-essential cookies is needed for a given request.
options.CheckConsentNeeded = context => true;
options.MinimumSameSitePolicy = SameSiteMode.None;
});
services.AddAuthentication(AzureADDefaults.AuthenticationScheme)
.AddAzureAD(options => Configuration.Bind("AzureAd", options));
services.Configure<OpenIdConnectOptions>(AzureADDefaults.OpenIdScheme, options =>
{
options.Authority = options.Authority + "/v2.0/";
options.TokenValidationParameters.ValidateIssuer = false;
//options.AccessDeniedPath = new PathString("/Home/AccessDenied");
options.ResponseType = "id_token code";
options.Events.OnAuthenticationFailed = context =>
{
context.Response.Redirect("/Home/AccessDenied");
context.HandleResponse();
return Task.FromResult(0);
};
});
services.AddControllersWithViews();
services.AddHttpClient();
services.AddSession();
//services.Configure<CookieTempDataProviderOptions>(options =>
//{
// options.Cookie.IsEssential = true;
//});
services.AddMvc(options =>
{
var policy = new AuthorizationPolicyBuilder()
.RequireAuthenticatedUser()
.Build();
options.Filters.Add(new AuthorizeFilter(policy));
});
services.AddLogging();
services.AddProgressiveWebApp();
}
// This method gets called by the runtime. Use this method to configure the HTTP request pipeline.
public void Configure(IApplicationBuilder app, IWebHostEnvironment env, ILoggerFactory loggerFactory)
{
if (env.IsDevelopment())
{
app.UseDeveloperExceptionPage();
}
else
{
app.UseExceptionHandler("/Home/Error");
// The default HSTS value is 30 days. You may want to change this for production scenarios, see https://aka.ms/aspnetcore-hsts.
app.UseHsts();
}
app.UseHttpsRedirection();
app.UseStaticFiles();
app.UseCookiePolicy();
app.UseRouting();
app.UseAuthentication();
app.UseAuthorization();
app.UseSession();
app.UseEndpoints(endpoints =>
{
endpoints.MapRazorPages();
endpoints.MapControllers();
endpoints.MapControllerRoute(
name: "default",
pattern: "{controller=Home}/{action=Index}/{id?}");
});
}
Appsettings.Json
Appsettings.Json
"AzureAd": {
"Instance": "https://login.microsoftonline.com/",
"Domain": "XXXXXXXXX",
"TenantId": "XXXXXXXXXXXXXXXXXXXXX",
"ClientId": "XXXXXXXXXXXXXXXXXXXXXX",
"ClientSecret": "XXXXXXXXXXXXXXXXXXXXXXXXXXXX",
"CallbackPath": "/signin-oidc"
},
HomeController.cs
HomeController.cs
[AllowAnonymous]
public IActionResult AccessDenied()
{
return View();
}
推荐答案
在 Startups.cs 中指定CookieAuthenticationOptions的路径将起作用.请使用以下代码,并在PathString中定义您的路径
Specifying the path on CookieAuthenticationOptions in Startups.cs will work. Please use the below code and define your path in the PathString
services.Configure<CookieAuthenticationOptions>(CookieAuthenticationDefaults.AuthenticationScheme, options => {
options.AccessDeniedPath = new PathString("/Home/CustomAccessDenied");
});
这篇关于用户的AD身份验证失败时如何导航到“自定义访问被拒绝的页面"(带有OpenIDConnect Azure AD身份验证的.net 3.1核心)的文章就介绍到这了,希望我们推荐的答案对大家有所帮助,也希望大家多多支持IT屋!
