1. 首頁
  2. 問答
  3. WsFederation和本地用戶混合身份驗證

WsFederation和本地用戶混合身份驗證

2014-11-06 64 views
3

我試圖讓我的用戶使用Azure AD憑據(使用OWIN WsFederation插件)登錄或在MVC 5.1 Web App中使用具有Microsoft ASP.NET身份的本地用戶帳戶。WsFederation和本地用戶混合身份驗證

使用本地用戶登錄工作正常,使用聯邦帳戶登錄只能使用一次,而且我需要重新啓動我的應用程序以使其再次工作。

我想這個問題是與微軟的登錄頁面無法正確處理

逸岸的響應,使用兩個differente瀏覽器在私人模式和提琴手(鉻+ IE),我可以看到我的Cookie被設置在第一請求而不是從不同的瀏覽器

第一請求 First request

第二請求 second request

製成的後續請求

這是我ConfigureAuth

 public void ConfigureAuth(IAppBuilder app) 
    { 
     AntiForgeryConfig.UniqueClaimTypeIdentifier = ClaimTypes.NameIdentifier; 

     app.CreatePerOwinContext(ApplicationDbContext.Create); 
     app.CreatePerOwinContext<ApplicationUserManager>(ApplicationUserManager.Create); 

     app.SetDefaultSignInAsAuthenticationType("ExternalCookie"); 

     app.UseCookieAuthentication(new CookieAuthenticationOptions 
     { 
      AuthenticationType = DefaultAuthenticationTypes.ApplicationCookie, 
      LoginPath = new PathString("/Account/Login"), 
      AuthenticationMode = Microsoft.Owin.Security.AuthenticationMode.Active, 
     }); 


     // these two lines of code are needed if you are using any of the external authentication middleware 
     app.UseCookieAuthentication(new CookieAuthenticationOptions 
     { 
      AuthenticationType = "ExternalCookie", 
      AuthenticationMode = Microsoft.Owin.Security.AuthenticationMode.Passive, 
     }); 


     app.UseWsFederationAuthentication(new Microsoft.Owin.Security.WsFederation.WsFederationAuthenticationOptions() 
     { 
      MetadataAddress = "https://login.windows.net/XXXXXXX.onmicrosoft.com/federationmetadata/2007-06/federationmetadata.xml", 
      Wtrealm = "https://MYREALM", 

      AuthenticationType = WsFederationAuthenticationDefaults.AuthenticationType, 
     }); 

    }

這是帳戶控制

// 
    // POST: /Account/ExternalLogin 
    [HttpPost] 
    [AllowAnonymous] 
    [ValidateAntiForgeryToken] 
    public ActionResult ExternalLogin(string provider, string returnUrl) 
    { 
     // Request a redirect to the external login provider 
     return new ChallengeResult(provider, Url.Action("ExternalLoginCallback", "Account", new { ReturnUrl = returnUrl })); 
    } 


    // GET: /Account/ExternalLoginCallback 
    [AllowAnonymous] 
    public ActionResult ExternalLoginCallback(string returnUrl) 
    { 

     var ctx = Request.GetOwinContext(); 
     var result = ctx.Authentication.AuthenticateAsync("ExternalCookie").Result; 

     if (result != null) //null on request other than the first (!!!) 
     { 
      ctx.Authentication.SignOut("ExternalCookie"); 

      var claims = result.Identity.Claims.ToList(); 
      claims.Add(new Claim(ClaimTypes.AuthenticationMethod, "External Account")); 
      var email = claims.Where(x => x.Type == "http://schemas.xmlsoap.org/ws/2005/05/identity/claims/name").SingleOrDefault().Value; 
      var ci = new ClaimsIdentity(claims, DefaultAuthenticationTypes.ApplicationCookie); 
      ctx.Authentication.SignIn(ci); 
     } 

     return RedirectToLocal(returnUrl); 
    }

來源

2014-11-06 Nicola Cassolato

+0

嗨尼古拉,我有同樣的問題,我改變了AuthenticationMode到被動。 AuthenticationMode = AuthenticationMode.Passive in WsFederationAuthenticationOptions – Haroon 2014-11-29 22:11:09

回答

3

在ConfgureAuth設置AuthenticationMode到被動的一部分。它在我的工作流程中工作,看起來與您的工作流程很相似。

app.UseWsFederationAuthentication(new Microsoft.Owin.Security.WsFederation.WsFederationAuthenticationOptions() 
    { 
     MetadataAddress = "https://login.windows.net/XXXXXXX.onmicrosoft.com/federationmetadata/2007-06/federationmetadata.xml", 
     Wtrealm = "https://MYREALM", 

     AuthenticationType = WsFederationAuthenticationDefaults.AuthenticationType, 
     AuthenticationMode = AuthenticationMode.Passive 
    });

http://msdn.microsoft.com/en-us/library/microsoft.owin.security.authenticationmode%28v=vs.113%29.aspx

來源

2014-11-29 22:19:12 Haroon

+0

爲我工作。謝謝! – Dave 2015-06-26 23:17:47

相關問題

 相關問題