当用户的 AD 身份验证失败时如何导航到自定义访问被拒绝页面(.net 3.1 核心与 OpenIDConnect Azure AD 身份验证) [英] How to Navigate to Custom Access Denied Page when AD Authentication failed for user (.net 3.1 core with OpenIDConnect Azure AD Authentication)
问题描述
我有一个 .Net core 3.1 Web 应用程序,通过在 Azure 中设置应用服务注册并分配用户来实现 AD 身份验证.现在,当未经授权的用户尝试访问应用程序时,AD 身份验证失败并进入 OPENIDConnect 异常页面.但我只需要在我的应用程序中将用户导航到自定义页面 AccessDenied 页面.
I have an .Net core 3.1 web application where I implemented AD Authentication by setting up the App Services registration in Azure and also assigned users. Now when an unauthorized user tries to access the application, AD authentication is failing and going to OPENIDConnect Exception page. But All I need is to navigate user to custom page AccessDenied page in my application.
预期:当用户未通过身份验证时.他应该导航到/Home/AccessDeined Page.
Expected: When User is not Authenticated. He should be navigate to /Home/AccessDeined Page.
实际:例外页面:Signin-Oidc 异常页面
Startup.cs
public void ConfigureServices(IServiceCollection services)
{
services.Configure<CookiePolicyOptions>(options =>
{
// This lambda determines whether user consent for non-essential cookies is needed for a given request.
options.CheckConsentNeeded = context => true;
options.MinimumSameSitePolicy = SameSiteMode.None;
});
services.AddAuthentication(AzureADDefaults.AuthenticationScheme)
.AddAzureAD(options => Configuration.Bind("AzureAd", options));
services.Configure<OpenIdConnectOptions>(AzureADDefaults.OpenIdScheme, options =>
{
options.Authority = options.Authority + "/v2.0/";
options.TokenValidationParameters.ValidateIssuer = false;
//options.AccessDeniedPath = new PathString("/Home/AccessDenied");
options.ResponseType = "id_token code";
options.Events.OnAuthenticationFailed = context =>
{
context.Response.Redirect("/Home/AccessDenied");
context.HandleResponse();
return Task.FromResult(0);
};
});
services.AddControllersWithViews();
services.AddHttpClient();
services.AddSession();
//services.Configure<CookieTempDataProviderOptions>(options =>
//{
// options.Cookie.IsEssential = true;
//});
services.AddMvc(options =>
{
var policy = new AuthorizationPolicyBuilder()
.RequireAuthenticatedUser()
.Build();
options.Filters.Add(new AuthorizeFilter(policy));
});
services.AddLogging();
services.AddProgressiveWebApp();
}
// This method gets called by the runtime. Use this method to configure the HTTP request pipeline.
public void Configure(IApplicationBuilder app, IWebHostEnvironment env, ILoggerFactory loggerFactory)
{
if (env.IsDevelopment())
{
app.UseDeveloperExceptionPage();
}
else
{
app.UseExceptionHandler("/Home/Error");
// The default HSTS value is 30 days. You may want to change this for production scenarios, see https://aka.ms/aspnetcore-hsts.
app.UseHsts();
}
app.UseHttpsRedirection();
app.UseStaticFiles();
app.UseCookiePolicy();
app.UseRouting();
app.UseAuthentication();
app.UseAuthorization();
app.UseSession();
app.UseEndpoints(endpoints =>
{
endpoints.MapRazorPages();
endpoints.MapControllers();
endpoints.MapControllerRoute(
name: "default",
pattern: "{controller=Home}/{action=Index}/{id?}");
});
}
Appsettings.Json
Appsettings.Json
"AzureAd": {
"Instance": "https://login.microsoftonline.com/",
"Domain": "XXXXXXXXX",
"TenantId": "XXXXXXXXXXXXXXXXXXXXX",
"ClientId": "XXXXXXXXXXXXXXXXXXXXXX",
"ClientSecret": "XXXXXXXXXXXXXXXXXXXXXXXXXXXX",
"CallbackPath": "/signin-oidc"
},
HomeController.cs
HomeController.cs
[AllowAnonymous]
public IActionResult AccessDenied()
{
return View();
}
推荐答案
在 Startups.cs 中指定 CookieAuthenticationOptions 的路径将起作用.请使用以下代码并在 PathString 中定义您的路径
Specifying the path on CookieAuthenticationOptions in Startups.cs will work. Please use the below code and define your path in the PathString
services.Configure<CookieAuthenticationOptions>(CookieAuthenticationDefaults.AuthenticationScheme, options => {
options.AccessDeniedPath = new PathString("/Home/CustomAccessDenied");
});
这篇关于当用户的 AD 身份验证失败时如何导航到自定义访问被拒绝页面(.net 3.1 核心与 OpenIDConnect Azure AD 身份验证)的文章就介绍到这了,希望我们推荐的答案对大家有所帮助,也希望大家多多支持IT屋!
