0
我想要一個MVC應用程序支持外部用戶的個人用戶帳戶,並使用OpenID端點爲員工接受來自ADFS的令牌。在同一個MVC應用程序中的OpenID和個人用戶帳戶
我創建了2個mvc應用程序。一個設置爲僅使用OpenId,它可以正確工作,方法是將我重定向到本地ADFS服務器並設置一個cookie,這樣我就可以使用[Authorize]屬性來裝飾控制器。
我有一個mvc應用程序與第一個mvc站點設置爲使用單獨的用戶帳戶在同一臺服務器上。我在Startup.Auth中添加了代碼,將OpenId Connect添加到OWIN管道中。
public void ConfigureAuth(IAppBuilder app)
{
// Configure the db context, user manager and signin manager to use a single instance per request
app.CreatePerOwinContext(ApplicationDbContext.Create);
app.CreatePerOwinContext<ApplicationUserManager>(ApplicationUserManager.Create);
app.CreatePerOwinContext<ApplicationSignInManager>(ApplicationSignInManager.Create);
// Enable the application to use a cookie to store information for the signed in user
// and to use a cookie to temporarily store information about a user logging in with a third party login provider
// Configure the sign in cookie
app.UseCookieAuthentication(new CookieAuthenticationOptions
{
AuthenticationType = DefaultAuthenticationTypes.ApplicationCookie,
LoginPath = new PathString("/Account/Login"),
Provider = new CookieAuthenticationProvider
{
// Enables the application to validate the security stamp when the user logs in.
// This is a security feature which is used when you change a password or add an external login to your account.
OnValidateIdentity = SecurityStampValidator.OnValidateIdentity<ApplicationUserManager, ApplicationUser>(
validateInterval: TimeSpan.FromMinutes(30),
regenerateIdentity: (manager, user) => user.GenerateUserIdentityAsync(manager))
}
});
app.UseExternalSignInCookie(DefaultAuthenticationTypes.ExternalCookie);
// Enables the application to temporarily store user information when they are verifying the second factor in the two-factor authentication process.
app.UseTwoFactorSignInCookie(DefaultAuthenticationTypes.TwoFactorCookie, TimeSpan.FromMinutes(5));
// Enables the application to remember the second login verification factor such as phone or email.
// Once you check this option, your second step of verification during the login process will be remembered on the device where you logged in from.
// This is similar to the RememberMe option when you log in.
app.UseTwoFactorRememberBrowserCookie(DefaultAuthenticationTypes.TwoFactorRememberBrowserCookie);
app.UseOpenIdConnectAuthentication(
new OpenIdConnectAuthenticationOptions
{
ClientId = clientId,
MetadataAddress = metadataAddress,
RedirectUri = redirectUri,
//PostLogoutRedirectUri = postLogoutRedirectUri
});
}
我認爲這是我在第二個應用程序中用戶OpenID所需的全部內容。 我首先訪問第一個mvc(僅限OpenId)應用程序並登錄。我可以訪問該應用程序上授權的控制器操作。 然後我嘗試訪問第二個應用程序(個人用戶帳戶和OpenID),並假定我將被授權。
相反,我在ADFS服務器和mvc應用程序之間重定向了幾次,直到「Microsoft.IdentityServer.Web.InvalidRequestException:MSIS7042:同一客戶端瀏覽器會話在最後的'1'秒內發出'6'請求。「錯誤被拋出。
一位小提琴手跟蹤顯示:
302 TestApp2
200 ADFS服務器
302 TestApp2
302 TestApp2
200 ADFS服務器
等