0
我是新來azure,令牌等...... 我有「挖掘」微軟文檔和谷歌和stackoverflow,但仍然沒有得到充分的理解。Azure OpenId令牌驗證
因此,我使用openId與Owin庫從web應用程序(VS2013 .net 4.5.1)連接到天藍色。我有一個代碼做到這一點:
public void Configuration(IAppBuilder app)
{
app.SetDefaultSignInAsAuthenticationType(
CookieAuthenticationDefaults.AuthenticationType);
app.UseCookieAuthentication(new CookieAuthenticationOptions());
app.UseOpenIdConnectAuthentication(
new OpenIdConnectAuthenticationOptions
{
MetadataAddress = String.Format(aadInstance, tenant, policy),
AuthenticationType = policy,
ClientId = clientId,
RedirectUri = redirectUri,
PostLogoutRedirectUri = redirectUri,
Notifications = new OpenIdConnectAuthenticationNotifications
{
AuthenticationFailed = AuthenticationFailed
,SecurityTokenValidated = OnSecurityTokenValidated
,AuthorizationCodeReceived = OnAuthorizationCodeReceived
,SecurityTokenReceived = OnSecurityTokenReceived
},
Scope = "openid profile",
ResponseType = "id_token"
};
);
}
private Task OnSecurityTokenValidated(SecurityTokenValidatedNotification<OpenIdConnectMessage, OpenIdConnectAuthenticationOptions> notification)
{
var identity = notification.AuthenticationTicket.Identity;
var claims = notification.OwinContext.Authentication.User.Claims;
ClaimsPrincipal.Current.AddIdentity(identity);
return Task.FromResult(0);
}
而且它的工作,但微軟文檔中我發現下一個指令「目前,ID令牌簽名但未加密當您的應用程序接收ID令牌,它必須。驗證簽名以證明令牌的真實性並驗證令牌中的一些聲明以證明其有效性。應用驗證的聲明取決於場景要求,但您的應用必須在每種情況下執行一些常見聲明驗證。
但有SecurityTokenValidated回調,其中有AuthenticationTicket。所以我仍然需要以某種方式驗證令牌/打勾,或者現在它自動處理(我在軍隊中很強硬,沒有任何事情自動發生,但仍然)?