45fan.com - 路饭网

搜索: 您的位置主页 > 电脑频道 > 编程代码 > 阅读资讯:ASP.NET 5如何使用AzureAD实现单点登录?

ASP.NET 5如何使用AzureAD实现单点登录?

2015-08-04 09:23:46 来源:www.45fan.com 【

ASP.NET 5如何使用AzureAD实现单点登录?

题记:在ASP.NET 5中虽然继续可以沿用ASP.NET Identity来做验证授权,不过也可以很容易集成支持标准协议的第三方服务,比如Azure Active Directory。

其实,在ASP.NET 5中集成AzureAD,利用其进行验证和授权,是非常简单的。因为:首先Azure Active Directory提供了OAuth2.0、OpenId Connect 1.0、SAML和WS-Federation 1.2标准协议接口;其次微软在ASP.NET 5中移植了集成OpenId Connect的OWIN中间件。所以,只要在ASP.NET 5项目中引用"Microsoft.AspNet.Authentication.OpenIdConnect"这个包,并正确配置AzureAD的连接信息,就可以很容易的进行集成。

大致步骤如下:

1,在config.json文件中添加AzureAD的配置信息:

"AzureAd": {
 "ClientId": "[Enter the clientId of your application as obtained from portal, e.g. ba74781c2-53c2-442a-97c2-3d60re42f403]",
 "Tenant": "[Enter the name of your tenant, e.g. contoso.onmicrosoft.com]",
 "AadInstance": "https://login.microsoftonline.com/{0}", // This is the public instance of Azure AD
 "PostLogoutRedirectUri": https://localhost:44322/
}

2,修改project.json,引入OpenIdConnect的中间件:

"Microsoft.AspNet.Authentication.OpenIdConnect": "1.0.0-*"

3,在Startup中的ConfigureServices方法里面添加:

// OpenID Connect Authentication Requires Cookie Auth
services.Configure<ExternalAuthenticationOptions>(options =>
{
 options.SignInScheme = CookieAuthenticationDefaults.AuthenticationScheme;
});

4,在Startup中的Configure方法里面添加:

// Configure the OWIN Pipeline to use Cookie Authentication
app.UseCookieAuthentication(options => 
{
 // By default, all middleware are passive/not automatic. Making cookie middleware automatic so that it acts on all the messages.
 options.AutomaticAuthentication = true;

});

// Configure the OWIN Pipeline to use OpenId Connect Authentication
app.UseOpenIdConnectAuthentication(options =>
{
 options.ClientId = Configuration.Get("AzureAd:ClientId");
 options.Authority = String.Format(Configuration.Get("AzureAd:AadInstance"), Configuration.Get("AzureAd:Tenant"));
 options.PostLogoutRedirectUri = Configuration.Get("AzureAd:PostLogoutRedirectUri");
 options.Notifications = new OpenIdConnectAuthenticationNotifications
 {
  AuthenticationFailed = OnAuthenticationFailed,
 };
});

5,Startup的OnAuthenticationFailed方法为:

private Task OnAuthenticationFailed(AuthenticationFailedNotification<OpenIdConnectMessage, OpenIdConnectAuthenticationOptions> notification)
{
 notification.HandleResponse();
 notification.Response.Redirect("/Home/Error?message=" + notification.Exception.Message);
 return Task.FromResult(0);
}

6,添加一个名为AccountController的Controller:

public class AccountController : Controller
{
 // GET: /Account/Login
 [HttpGet]
 public IActionResult Login()
 {
  if (Context.User == null || !Context.User.Identity.IsAuthenticated)
   return new ChallengeResult(OpenIdConnectAuthenticationDefaults.AuthenticationScheme, new AuthenticationProperties { RedirectUri = "/" });
  return RedirectToAction("Index", "Home");
 }

 // GET: /Account/LogOff
 [HttpGet]
 public IActionResult LogOff()
 {
  if (Context.User.Identity.IsAuthenticated)
  {
   Context.Authentication.SignOut(CookieAuthenticationDefaults.AuthenticationScheme);
   Context.Authentication.SignOut(OpenIdConnectAuthenticationDefaults.AuthenticationScheme);
  }
  return RedirectToAction("Index", "Home");
 }
}

以上代码也可以到我Fork的完整示例项目中找到:https://github.com/heavenwing/WebApp-OpenIdConnect-AspNet5

【更新:2015-07-16】
如果你遇到添加了 [Authorize] ,但是不能自动转到登录页面的情况,那么需要:

app.UseOpenIdConnectAuthentication(options => {
 options.AutomaticAuthentication = true;
});

具体见:https://github.com/aspnet/Security/issues/357#issuecomment-120834369

以上所述就是本文的全部内容了,希望大家能够喜欢。


本文地址:http://www.45fan.com/bcdm/16690.html
Tags: 实现 ASP.NET AzureAD
编辑:路饭网
推广内容
推荐阅读
热门推荐
推荐文章
关于我们 | 联系我们 | 友情链接 | 网站地图 | Sitemap | App | 返回顶部