1. 首頁
  2. 問答
  3. 不接收來自使用Owin的Azure AD登錄的電子郵件OpenIdConnect

不接收來自使用Owin的Azure AD登錄的電子郵件OpenIdConnect

2015-11-17 32 views
0

我有一個MVC Web應用程序,它使用Owin的OpenIdConnector OAuth提供程序對多租戶Azure AD目錄進行身份驗證。不接收來自使用Owin的Azure AD登錄的電子郵件OpenIdConnect

我可以重定向到Microsoft登錄頁面並返回到我的應用程序,但是當我調用GetExternalLoginInfo方法時,Email屬性始終爲空。

我懷疑這是因爲我在應用程序上設置的權限,但我無法找到我應該請求的電子郵件的正確權限。

我請求的權限: permissions requested

我OpenIDConnect配置Startup.Auth.cs

string clientId = "ClientId"; 
string appKey = "Client Secret"; 
string graphResourceID = "https://graph.windows.net"; 
string Authority = "https://login.microsoftonline.com/common/"; 

app.UseOpenIdConnectAuthentication(
    new OpenIdConnectAuthenticationOptions 
    { 
     ClientId = clientId, 
     Authority = Authority, 
     TokenValidationParameters = new System.IdentityModel.Tokens.TokenValidationParameters 
     { 
      ValidateIssuer = false, 
     }, 
     Notifications = new OpenIdConnectAuthenticationNotifications() 
     { 
      AuthorizationCodeReceived = (context) => 
      { 
       var code = context.Code; 
       ClientCredential credential = new ClientCredential(clientId, appKey); 
       string tenantID = context.AuthenticationTicket.Identity.FindFirst("http://schemas.microsoft.com/identity/claims/tenantid").Value; 
       string signedInUserID = context.AuthenticationTicket.Identity.FindFirst(ClaimTypes.NameIdentifier).Value; 

       AuthenticationContext authContext = new AuthenticationContext(string.Format("https://login.microsoftonline.com/{0}", tenantID)); 
       AuthenticationResult result = authContext.AcquireTokenByAuthorizationCode(
          code, new Uri(HttpContext.Current.Request.Url.GetLeftPart(UriPartial.Path)), credential, graphResourceID); 

       return Task.FromResult(0); 
       }, 
       RedirectToIdentityProvider = (context) => 
       { 
        string appBaseUrl = context.Request.Scheme + "://" + context.Request.Host + context.Request.PathBase; 
        context.ProtocolMessage.RedirectUri = appBaseUrl + "/"; 
        context.ProtocolMessage.PostLogoutRedirectUri = appBaseUrl; 
        return Task.FromResult(0); 
       }, 
       SecurityTokenValidated = (context) => 
       { 
        // retriever caller data from the incoming principal 
        string issuer = context.AuthenticationTicket.Identity.FindFirst("iss").Value; 
        string UPN = context.AuthenticationTicket.Identity.FindFirst(ClaimTypes.Name).Value; 
        string tenantID = context.AuthenticationTicket.Identity.FindFirst("http://schemas.microsoft.com/identity/claims/tenantid").Value; 

        return Task.FromResult(0); 
       }, 
       AuthenticationFailed = (context) => 
       {       context.OwinContext.Response.Redirect("/Home/Error"); 
        context.HandleResponse(); // Suppress the exception 
        return Task.FromResult(0); 
       } 
      } 
     });

來源

2015-11-17 Steve

回答

0

建立OpenIdConnectOptions時,您可能需要指定挑戰的範圍。當您的認證方案發出「挑戰」時,範圍決定請求/挑戰的要求。

var options = new OpenIdConnectOptions() 
{ 
    // .... Your existing options   
}; 

//You'll need to check what sort of attributes you can request from azure 
options.Scope.Add("profile") 

app.UseOpenIdConnectAuthentication(options);

來源

2016-03-13 23:58:19

相關問題

 相關問題