2
正嘗試基於組織request.I實現多個身份驗證多個身份驗證提供有一些東西像下面的startup.auth.csowin
foreach (OrganizationModel org in orgList)
{
if (org.AuthenticationType != "Azure")
{
var adfs = new WsFederationAuthenticationOptions
{
AuthenticationType = org.AuthenticationType,
Caption = org.Caption,
BackchannelCertificateValidator = null,
MetadataAddress = org.MetadataUrl,
Wtrealm = org.Realm,
Notifications = new WsFederationAuthenticationNotifications
{
AuthenticationFailed = context =>
{
context.HandleResponse();
context.Response.Redirect("Home/Error?message=" + context.Exception.Message);
return Task.FromResult(0);
}
},
TokenValidationParameters = new TokenValidationParameters { ValidateIssuer = false },
};
app.UseWsFederationAuthentication(adfs);
}
else
{
var azure = new WsFederationAuthenticationOptions
{
AuthenticationType = org.AuthenticationType,
Caption = org.Caption,
BackchannelCertificateValidator = null,
MetadataAddress = org.MetadataUrl,
Wtrealm = org.Realm,
Notifications = new WsFederationAuthenticationNotifications
{
AuthenticationFailed = context =>
{
context.HandleResponse();
context.Response.Redirect("Home/Error?message=" + context.Exception.Message);
return Task.FromResult(0);
}
},
TokenValidationParameters = new TokenValidationParameters { ValidateIssuer = false },
};
app.UseWsFederationAuthentication(azure);
}
}
我填充登錄的各種認證供應商。當我點擊ADFS可以進行身份驗證時,獲取聲明,一切正常。但是當我嘗試對Azure AD進行身份驗證時,我收到錯誤「ID 4037」,驗證簽名所需的密鑰無法解析。 注意:如果我嘗試單獨使用Azure AD(註釋ADFS部分),它可以正常工作。 Orglist從數據庫填充,它包含元數據URL,Realm等信息。對於開發目的,我已將https://localhost:44303配置爲兩者的領域。登錄後
我的回調方法是
[AllowAnonymous]
public async Task<ActionResult> ExternalLoginCallback(string returnUrl)
{
var loginInfo = await AuthenticationManager.GetExternalLoginInfoAsync();
if (loginInfo == null)
{
return RedirectToAction("Login");
}
// Sign in the user with this external login provider if the user already has a login
var result = await SignInManager.ExternalSignInAsync(loginInfo, isPersistent: false);
switch (result)
{
case SignInStatus.Success:
return RedirectToLocal(returnUrl);
case SignInStatus.LockedOut:
return View("Lockout");
case SignInStatus.RequiresVerification:
return RedirectToAction("SendCode", new { ReturnUrl = returnUrl, RememberMe = false });
case SignInStatus.Failure:
default:
// If the user does not have an account, then prompt the user to create an account
ViewBag.ReturnUrl = returnUrl;
ViewBag.LoginProvider = loginInfo.Login.LoginProvider;
return View("ExternalLoginConfirmation", new ExternalLoginConfirmationViewModel { Email = loginInfo.DefaultUserName});
}
}
指導我我要去的地方錯了
我認爲你在這裏所做的所有工作都是圍繞這個問題開展的。從我所知道的情況來看,如果有多個提供程序(其中有2個或更多的提供程序使用WS聯合身份驗證),則會發生問題。在您的解決方案中,您只是將Azure更改爲使用OpenID Connect。它有效,但並不能真正解決原來的問題。 – RobSiklos