如何以编程方式重定向到ASP.NET Core MVC中的Azure AD登录和注销页面? [英] How to programmatically redirect to Azure AD sign-in and sign-out pages in ASP.NET Core MVC?
问题描述
我的ASP.NET Core 2.2 MVC应用程序正在使用Azure AD对用户进行身份验证.在startup.cs中,我添加了Azure AD:
My ASP.NET Core 2.2 MVC app is using Azure AD to authenticate users. In startup.cs I added Azure AD:
services
.AddAuthentication(AzureADDefaults.AuthenticationScheme)
.AddAzureAD(options => Configuration.Bind("AzureAd", options));
services.Configure<OpenIdConnectOptions>(AzureADDefaults.OpenIdScheme, options =>
{
options.Authority = options.Authority + "/v2.0/";
options.TokenValidationParameters.NameClaimType = "preferred_username";
});
授权通过策略检查完成:
Authorization is done by a policy check:
services.AddAuthorization(options =>
{
options.AddPolicy("AdministratorOnly", policy => {
policy.RequireClaim("groups", adminGroupId);
});
});
在appsettings.json中,我具有所有必需的配置:
In appsettings.json I have all the required configuration:
"AzureAd": {
"Instance": "https://login.microsoftonline.com/",
"TenantId": "662f1be2-...",
"ClientId": "30eb6c27-...",
"CallbackPath": "/signin-oidc",
"SignedOutCallbackPath ": "/signout-callback-oidc"
}
如果我尝试访问装饰有 [Authorize(Policy ="AdministratorOnly")]
的控制器,它将重定向到Azure AD并处理登录过程,最终重定向回我的应用程序.
If I try to access a controller decorated with [Authorize(Policy = "AdministratorOnly")]
it will redirect to Azure AD and handle the login process and eventually redirect back to my app.
问题:
- 是否有启动登录过程的规定(最好是在弹出窗口中)?我从哪里获得URL重定向到?
- 如何提供一个按钮让用户再次注销?如果我重定向到"/signout-oidc",我将退出,但最终会进入空白页面.
推荐答案
通常,当用户未通过身份验证时,AzureAD中间件将负责重定向到Azure AD.每次用户结束使用 [Authorize]
属性装饰的动作时,都会对此进行检查.
In general, the AzureAD middleware is taking care about redirection to Azure AD when the user is not authenticated. This is checked every time user ends up on action decorated with [Authorize]
attribute.
As for Logout - if you use the oidc-logout, check out the sample and explanations here.
这篇关于如何以编程方式重定向到ASP.NET Core MVC中的Azure AD登录和注销页面?的文章就介绍到这了,希望我们推荐的答案对大家有所帮助,也希望大家多多支持IT屋!