1. 首頁
  2. 問答
  3. owin

owin

2016-02-29 59 views
2

正嘗試基於組織request.I實現多個身份驗證多個身份驗證提供有一些東西像下面的startup.auth.csowin

foreach (OrganizationModel org in orgList) 
    { 
     if (org.AuthenticationType != "Azure") 
     { 
      var adfs = new WsFederationAuthenticationOptions 
      { 
       AuthenticationType = org.AuthenticationType, 
       Caption = org.Caption, 
       BackchannelCertificateValidator = null, 
       MetadataAddress = org.MetadataUrl, 
       Wtrealm = org.Realm, 
       Notifications = new WsFederationAuthenticationNotifications 
       { 
        AuthenticationFailed = context => 
        { 
         context.HandleResponse(); 
         context.Response.Redirect("Home/Error?message=" + context.Exception.Message); 
         return Task.FromResult(0); 
        } 
       }, 
       TokenValidationParameters = new TokenValidationParameters { ValidateIssuer = false }, 

      }; 
      app.UseWsFederationAuthentication(adfs); 
     } 
     else 
     { 
      var azure = new WsFederationAuthenticationOptions 
      { 
       AuthenticationType = org.AuthenticationType, 
       Caption = org.Caption, 
       BackchannelCertificateValidator = null, 
       MetadataAddress = org.MetadataUrl, 
       Wtrealm = org.Realm, 
       Notifications = new WsFederationAuthenticationNotifications 
       { 
        AuthenticationFailed = context => 
        { 
         context.HandleResponse(); 
         context.Response.Redirect("Home/Error?message=" + context.Exception.Message); 
         return Task.FromResult(0); 
        } 
       }, 
       TokenValidationParameters = new TokenValidationParameters { ValidateIssuer = false }, 

      }; 
      app.UseWsFederationAuthentication(azure); 
     } 
    }

我填充登錄的各種認證供應商。當我點擊ADFS可以進行身份​​驗證時,獲取聲明,一切正常。但是當我嘗試對Azure AD進行身份驗證時,我收到錯誤「ID 4037」,驗證簽名所需的密鑰無法解析。 注意:如果我嘗試單獨使用Azure AD(註釋ADFS部分),它可以正常工作。 Orglist從數據庫填充,它包含元數據URL,Realm等信息。對於開發目的,我已將https://localhost:44303配置爲兩者的領域。登錄後

我的回調方法是

[AllowAnonymous] 
     public async Task<ActionResult> ExternalLoginCallback(string returnUrl) 
     { 
      var loginInfo = await AuthenticationManager.GetExternalLoginInfoAsync(); 

      if (loginInfo == null) 
      { 
       return RedirectToAction("Login"); 
      } 

      // Sign in the user with this external login provider if the user already has a login 
      var result = await SignInManager.ExternalSignInAsync(loginInfo, isPersistent: false); 
      switch (result) 
      { 
       case SignInStatus.Success: 
        return RedirectToLocal(returnUrl); 
       case SignInStatus.LockedOut: 
        return View("Lockout"); 
       case SignInStatus.RequiresVerification: 
        return RedirectToAction("SendCode", new { ReturnUrl = returnUrl, RememberMe = false }); 
       case SignInStatus.Failure: 
       default: 
        // If the user does not have an account, then prompt the user to create an account 
        ViewBag.ReturnUrl = returnUrl; 
        ViewBag.LoginProvider = loginInfo.Login.LoginProvider; 
        return View("ExternalLoginConfirmation", new ExternalLoginConfirmationViewModel { Email = loginInfo.DefaultUserName}); 
      } 
     }

指導我我要去的地方錯了

來源

2016-02-29 Saravanan

回答

2

我想通了什麼問題。當我們有多個身份驗證提供程序時,獲取添加到OWIN中間件管道的每個身份驗證選項的身份驗證類型應該是唯一的。 對於試圖實施類似解決方案的人來說,爲我工作的代碼如下所示。

foreach (OrganizationModel org in orgList) 
      { 
       switch (org.AuthenticationName) 
       { 
        case "ADFS": 
           var adfs = new WsFederationAuthenticationOptions 
             { 
              AuthenticationType = org.AuthenticationType, 
              Caption = org.Caption, 
              BackchannelCertificateValidator = null, 
              MetadataAddress = org.MetadataUrl, 
              Wtrealm = org.Realm, 
              SignOutWreply = org.Realm, 
              Notifications = new WsFederationAuthenticationNotifications 
              { 
               AuthenticationFailed = context => 
               { 
                context.HandleResponse(); 
                context.Response.Redirect("Home/Error?message=" + context.Exception.Message); 
                return Task.FromResult(0); 
               } 
              }, 
              TokenValidationParameters = new TokenValidationParameters { ValidateIssuer = false }, 
             }; 
         app.UseWsFederationAuthentication(adfs); 
         break; 
        case "Azure": 
         OpenIdConnectAuthenticationOptions azure = null; 
         azure = new OpenIdConnectAuthenticationOptions 
         { 
          AuthenticationType = org.AuthenticationType, 
          Caption = org.Caption, 
          BackchannelCertificateValidator = null, 
          Authority = org.MetadataUrl, 
          ClientId = org.ClientId, 
          RedirectUri = org.Realm, 
         PostLogoutRedirectUri=org.Realm, 
          Notifications = new OpenIdConnectAuthenticationNotifications 
         { 
          AuthenticationFailed = context => 
          { 
           context.HandleResponse(); 
           context.Response.Redirect("Home/Error?message=" + context.Exception.Message); 
           return Task.FromResult(0); 
          } 
         }, 
         }; 
         app.UseOpenIdConnectAuthentication(azure); 
         break; 
        case "Shibboleth": 
        break; 
        default: 
         break; 
       } 
      }

來源

2016-03-02 20:43:10 Saravanan

+0

我認爲你在這裏所做的所有工作都是圍繞這個問題開展的。從我所知道的情況來看,如果有多個提供程序(其中有2個或更多的提供程序使用WS聯合身份驗證),則會發生問題。在您的解決方案中,您只是將Azure更改爲使用OpenID Connect。它有效,但並不能真正解決原來的問題。 – RobSiklos

相關問題

 相關問題