带有 Microsoft.Owin.Security.OpenIdConnect 和 AzureAD v 2.0 端点的自定义参数 [英] Custom parameter with Microsoft.Owin.Security.OpenIdConnect and AzureAD v 2.0 endpoint
问题描述
我正在将我的 Azure AD 安全应用程序迁移到 v2.0 端点.
I am migrating my Azure AD secured application to the v2.0 endpoint.
我需要将自定义参数传递给回复 uri.使用以前的 Azure AD 端点,我通过向回复 url 添加一个常用的查询参数来做到这一点.<代码>例如https://myserver.com/myredirect_uri?mycustomparamerter=myvalue
I need to pass a custom parameter to the reply uri. With former Azure AD endpoint I did it by adding a usual query parameter to the reply url. e.g. https://myserver.com/myredirect_uri?mycustomparamerter=myvalue
不幸的是,对于端点 2.0,我收到一条错误消息,指出回复 uri 与注册的不匹配.当然,我的自定义参数值是动态的,我无法对其进行硬编码.
Unfortunately, with endpoint 2.0 I received an error saying that the reply uri does not match the one registered. Of course my custom parameter value is dynamic and I cannot hardcode it.
我希望利用 OAUTH 流程中描述的状态"参数.但是,我正在使用 Microsoft.Owin.Security.OpenIdConnect,它看起来参数已经设置,所以我无法利用它.我正在使用基于 MVC 的流程实现,它看起来像 这个样本.
I was looking to exploit the 'state' parameter described in OAUTH flow. However, I am using Microsoft.Owin.Security.OpenIdConnect and it looks the parameter is already set so I cannot exploit it. I am using an implementation of the flow that is based on MVC that looks like this sample.
您能否建议一种解决方法,以便我的服务器在流程开始时设置的回复 url 中接收自定义参数?
Can you suggest a workaround so my server receive a custom parameter in the reply url that have been set on the flow start?
推荐答案
不确定是否有官方方法可以满足您的要求,但您可以通过身份验证流程在技术上注入和提取额外值的一种方法是通过 OWIN 的通知.
Not sure if there's an official way to do what you're asking but one way you could technically inject and extract extra values through the auth flow is via OWIN's notifications.
在 Startup.Auth.cs 中,当您设置 OpenIdConnectAuthenticationOptions 时,您将添加以下内容:
In Startup.Auth.cs, when you setup the OpenIdConnectAuthenticationOptions you'd add the following:
app.UseOpenIdConnectAuthentication(
new OpenIdConnectAuthenticationOptions
{
//...
Notifications = new OpenIdConnectAuthenticationNotifications
{
RedirectToIdentityProvider = OnRedirectToIdentityProvider,
MessageReceived = OnMessageReceived
},
});
并使用 RedirectToIdentityProvider 注入您的参数,类似于:
And use RedirectToIdentityProvider to inject your parameter, something along the lines of:
private Task OnRedirectToIdentityProvider(RedirectToIdentityProviderNotification<OpenIdConnectMessage, OpenIdConnectAuthenticationOptions> notification)
{
var stateQueryString = notification.ProtocolMessage.State.Split('=');
var protectedState = stateQueryString[1];
var state = notification.Options.StateDataFormat.Unprotect(protectedState);
state.Dictionary.Add("mycustomparameter", "myvalue");
notification.ProtocolMessage.State = stateQueryString[0] + "=" + notification.Options.StateDataFormat.Protect(state);
return Task.FromResult(0);
}
然后使用 MessageReceived 将其提取出来,如下所示:
And then use MessageReceived to extract it, like so:
private Task OnMessageReceived(MessageReceivedNotification<OpenIdConnectMessage, OpenIdConnectAuthenticationOptions> notification)
{
string mycustomparameter;
var protectedState = notification.ProtocolMessage.State.Split('=')[1];
var state = notification.Options.StateDataFormat.Unprotect(protectedState);
state.Dictionary.TryGetValue("mycustomparameter", out mycustomparameter);
return Task.FromResult(0);
}
您显然需要改进/强化这一点,但这应该会让您除非采用更好的整体方法.
You'd obviously need to improve/harden this but this should get you going barring a better overall approach.
这篇关于带有 Microsoft.Owin.Security.OpenIdConnect 和 AzureAD v 2.0 端点的自定义参数的文章就介绍到这了,希望我们推荐的答案对大家有所帮助,也希望大家多多支持IT屋!
