如何通過AD-B2C使用openid發送價值連接

Question

我目前正在開發一個使用AD-B2C作爲我的身份提供者的應用程序。這是使用他們的指導AD B2C graph，它使用openid連接（至少我的理解，至少）的解決方案集成到解決方案。

我需要使用一種電子郵件激活形式（在他們的註冊策略之外），因此我需要能夠通過電子郵件中的URL傳遞一個值，通過在B2C的註冊過程並返回到重定向網址。

我讀的地方，可以使用這個名爲「狀態」參數：

狀態：包括在也將在令牌響應返回請求的值。它可以是任何你想要的內容的字符串。隨機生成的唯一值通常用於防止跨站請求僞造攻擊。該狀態還用於在身份驗證請求發生之前對應用程序中的用戶狀態信息進行編碼，例如他們所在的頁面或正在執行的策略。

我試圖追加一個值到用戶轉移到B2C時發生的重定向，但我不知道如何。

if (!Request.IsAuthenticated) 
     { // go to login page 
      HttpContext.GetOwinContext().Authentication.Challenge(
        new AuthenticationProperties() { RedirectUri = "/" }, Startup.SignUpSignInPolicyId); 
     } 

的策略存儲在startup.auth.cs文件...

// B2C policy identifiers 
    public static string SignUpPolicyId = ConfigurationManager.AppSettings["ida:SignUpPolicyId"]; 
    public static string SignInPolicyId = ConfigurationManager.AppSettings["ida:SignInPolicyId"]; 
    public static string SignUpSignInPolicyId = ConfigurationManager.AppSettings["ida:SignUpSignInPolicyId"]; 
    public static string ProfilePolicyId = ConfigurationManager.AppSettings["ida:UserProfilePolicyId"]; 
    public static string PasswordResetPolicyId = ConfigurationManager.AppSettings["ida:PasswordResetPolicyId"]; 

....和ConfigureAuth方法的過程中運行：

public void ConfigureAuth(IAppBuilder app) 
    { 
     app.SetDefaultSignInAsAuthenticationType(CookieAuthenticationDefaults.AuthenticationType); 

     app.UseCookieAuthentication(new CookieAuthenticationOptions() 
     { 
      CookieHttpOnly = true, 
      ExpireTimeSpan = TimeSpan.FromHours(1), 
     }); 

     // Configure OpenID Connect middleware for each policy 
     app.UseOpenIdConnectAuthentication(CreateOptionsFromPolicy(SignUpPolicyId)); 
     app.UseOpenIdConnectAuthentication(CreateOptionsFromPolicy(ProfilePolicyId)); 
     app.UseOpenIdConnectAuthentication(CreateOptionsFromPolicy(SignInPolicyId)); 
     app.UseOpenIdConnectAuthentication(CreateOptionsFromPolicy(SignUpSignInPolicyId)); 
     app.UseOpenIdConnectAuthentication(CreateOptionsFromPolicy(PasswordResetPolicyId)); 
    } 

哪叫：

private OpenIdConnectAuthenticationOptions CreateOptionsFromPolicy(string policy) 
    { 
     return new OpenIdConnectAuthenticationOptions 
     { 
      // For each policy, give OWIN the policy-specific metadata address, and 
      // set the authentication type to the id of the policy 
      MetadataAddress = String.Format(aadInstance, tenant, policy), 
      AuthenticationType = policy, 

      // These are standard OpenID Connect parameters, with values pulled from web.config 
      ClientId = clientId, 
      RedirectUri = redirectUri, 
      PostLogoutRedirectUri = redirectUri, 
      Notifications = new OpenIdConnectAuthenticationNotifications 
      { 
       AuthenticationFailed = AuthenticationFailed, 
      }, 
      Scope = "openid", 
      ResponseType = "id_token", 
      //// This piece is optional - it is used for displaying the user's name in the navigation bar. 
      //TokenValidationParameters = new TokenValidationParameters 
      //{ 
      // NameClaimType = "name", 
      //}, 
     }; 

    } 

如何傳遞的值等：（簡化的示例:)

if (!Request.IsAuthenticated) 
     { // go to login page 
      HttpContext.GetOwinContext().Authentication.Challenge(
        new AuthenticationProperties() { RedirectUri = "/" }, Startup.SignUpSignInPolicyId, new { state = "value=uniquetoken&token=secrets" }); 
     } 

當這些方法和策略在運行時設置？ 此外，如果我正朝着完全錯誤的方向前進，那麼我該從哪裏出發？

任何幫助表示讚賞:)

問候

Answer 1

傳遞一個值當我們使用OpenIdConnect協議，我們可以爲你所提到的值增加的狀態。

我們可以在使用RedirectToIdentityProvider將其重定向到身份數據提供程序（Azure AD）之前傳遞此值。之後，我們可以在首次收到協議消息時提取使用MessageReceived添加的自定義值。

這是給你參考的代碼示例：

new OpenIdConnectAuthenticationOptions 
{ 
    // For each policy, give OWIN the policy-specific metadata address, and 
    // set the authentication type to the id of the policy 
    MetadataAddress = String.Format(aadInstance, tenant, policy), 
    AuthenticationType = policy, 

    // These are standard OpenID Connect parameters, with values pulled from web.config 
    ClientId = clientId, 
    RedirectUri = redirectUri, 
    PostLogoutRedirectUri = redirectUri, 
    Notifications = new OpenIdConnectAuthenticationNotifications 
    { 
     AuthenticationFailed = AuthenticationFailed, 
     RedirectToIdentityProvider= OnRedirectToIdentityProvider, 
     MessageReceived= OnMessageReceived 
    }, 
    Scope = "openid", 
    ResponseType = "id_token", 

    // This piece is optional - it is used for displaying the user's name in the navigation bar. 
    TokenValidationParameters = new TokenValidationParameters 
    { 
     NameClaimType = "name", 
    }, 
}; 

private Task OnRedirectToIdentityProvider(RedirectToIdentityProviderNotification<OpenIdConnectMessage, OpenIdConnectAuthenticationOptions> notification) 
{ 
    var stateQueryString = notification.ProtocolMessage.State.Split('='); 
    var protectedState = stateQueryString[1]; 
    var state = notification.Options.StateDataFormat.Unprotect(protectedState); 
    state.Dictionary.Add("mycustomparameter", "myvalue"); 
    notification.ProtocolMessage.State = stateQueryString[0] + "=" + notification.Options.StateDataFormat.Protect(state); 
    return Task.FromResult(0); 
} 

private Task OnMessageReceived(MessageReceivedNotification<OpenIdConnectMessage, OpenIdConnectAuthenticationOptions> notification) 
{ 
    string mycustomparameter; 
    var protectedState = notification.ProtocolMessage.State.Split('=')[1]; 
    var state = notification.Options.StateDataFormat.Unprotect(protectedState); 
    state.Dictionary.TryGetValue("mycustomparameter", out mycustomparameter); 
    return Task.FromResult(0); 
}