0
我想在我的ASP.NET應用程序上使用Auth0 & OWIN在同一個域上設置SSO。我使用以下教程setup my Owin Context。Auth0 ASP.Net.Owin SSO驗證cookie跨域
我配置了Auth0的cookie的名稱&域與CookieAuthenticationOptions在startup.cs:
string auth0Domain = ConfigurationManager.AppSettings["auth0:Domain"];
string auth0ClientId = ConfigurationManager.AppSettings["auth0:ClientId"];
string auth0ClientSecret = ConfigurationManager.AppSettings["auth0:ClientSecret"];
// Enable Kentor Cookie Saver middleware
app.UseKentorOwinCookieSaver();
// Set Cookies as default authentication type
app.SetDefaultSignInAsAuthenticationType(CookieAuthenticationDefaults.AuthenticationType);
app.UseCookieAuthentication(new CookieAuthenticationOptions
{
//Add Cross domain
CookieName = "sso.example.com",
CookieDomain = ".example.com",
AuthenticationType = CookieAuthenticationDefaults.AuthenticationType,
LoginPath = new PathString("/Account/Login")
});
我Auth0配置在Startup.cs:
var options = new Auth0AuthenticationOptions()
{
Domain = auth0Domain,
ClientId = auth0ClientId,
ClientSecret = auth0ClientSecret,
Provider = new Auth0AuthenticationProvider
{
OnAuthenticated = context =>
{
// Get the user's country
JToken countryObject = context.User["https://example.com/geoip"];
if (countryObject != null)
{
string countryCode = countryObject["country_code"].ToObject<string>();
string Lat = countryObject["latitude"].ToObject<string>();
string Long = countryObject["longitude"].ToObject<string>();
string City = countryObject["city_name"].ToObject<string>();
string Country = countryObject["country_name"].ToObject<string>();
context.Identity.AddClaim(new Claim("country_code", countryCode, ClaimValueTypes.String, context.Connection));
context.Identity.AddClaim(new Claim("country_name", Country, ClaimValueTypes.String, context.Connection));
context.Identity.AddClaim(new Claim("city_name", City, ClaimValueTypes.String, context.Connection));
context.Identity.AddClaim(new Claim("longitude", Long, ClaimValueTypes.String, context.Connection));
context.Identity.AddClaim(new Claim("latitude", Lat, ClaimValueTypes.String, context.Connection));
}
JToken userMeta = context.User["https://example.com/user_metadata"];
if (userMeta != null)
{
string companyName = userMeta["company"].ToObject<string>();
context.Identity.AddClaim(new Claim("company", companyName, ClaimValueTypes.String, context.Connection));
string fullName = userMeta["full_name"].ToObject<string>();
context.Identity.AddClaim(new Claim("full_name", fullName, ClaimValueTypes.String, context.Connection));
}
JToken rolesObject = context.User["https://example.com/app_metadata"];
if (rolesObject != null)
{
string[] roles = rolesObject["roles"].ToObject<string[]>();
foreach (var role in roles)
{
context.Identity.AddClaim(new Claim(ClaimTypes.Role, role, ClaimValueTypes.String, context.Connection));
}
}
return Task.FromResult(0);
}
}
};
options.Scope.Add("openid profile"); // Request a refresh_token
我怎麼會去關於在輔助應用程序上驗證客戶端? Cookie可以在輔助應用程序上使用,但我仍然需要通過Auth0進行登錄。我錯過了什麼嗎?還是有一篇文章我可以閱讀有關implimentation?
是的,具有相同應用程序密鑰的應用程序共享相同的Cookie – Verthosa