题记:在ASP.NET 5中尽管持续能够沿用ASP.NET
Identity来做申明授权,可是也得以很简单集成匡助标准协议的第三方服务,比如Azure
Active Directory。

实质上,在ASP.NET
5中集成AzureAD,利用其开始展览求证和授权,是十一分不难的。因为:首先Azure
Active Directory提供了OAuth2.0、OpenId Connect 一.0、SAML和WS-Federation
1.2标准协议接口;其次微软在ASP.NET 5中移植了集成OpenId
Connect的OWIN中间件。所以,只要在ASP.NET
五品类中引用”Microsoft.AspNet.Authentication.OpenIdConnect”这么些包,并科学配置AzureAD的连年音讯,就足以很容易的进展合并。

粗粗步骤如下:

一,在config.json文件中添加AzureAD的配备音信:

"AzureAd": {
    "ClientId": "[Enter the clientId of your application as obtained from portal, e.g. ba74781c2-53c2-442a-97c2-3d60re42f403]",
    "Tenant": "[Enter the name of your tenant, e.g. contoso.onmicrosoft.com]",
    "AadInstance": "https://login.microsoftonline.com/{0}", // This is the public instance of Azure AD
    "PostLogoutRedirectUri":  https://localhost:44322/
}

二,修改project.json,引进OpenIdConnect的中间件:

"Microsoft.AspNet.Authentication.OpenIdConnect": "1.0.0-*"

三,在Startup中的ConfigureServices方法里面添加:

// OpenID Connect Authentication Requires Cookie Auth
services.Configure<ExternalAuthenticationOptions>(options =>
{
    options.SignInScheme = CookieAuthenticationDefaults.AuthenticationScheme;
});

四,在Startup中的Configure方法里面添加:

// Configure the OWIN Pipeline to use Cookie Authentication
app.UseCookieAuthentication(options => 
{
    // By default, all middleware are passive/not automatic. Making cookie middleware automatic so that it acts on all the messages.
    options.AutomaticAuthentication = true;

});

// Configure the OWIN Pipeline to use OpenId Connect Authentication
app.UseOpenIdConnectAuthentication(options =>
{
    options.ClientId = Configuration.Get("AzureAd:ClientId");
    options.Authority = String.Format(Configuration.Get("AzureAd:AadInstance"), Configuration.Get("AzureAd:Tenant"));
    options.PostLogoutRedirectUri = Configuration.Get("AzureAd:PostLogoutRedirectUri");
    options.Notifications = new OpenIdConnectAuthenticationNotifications
    {
        AuthenticationFailed = OnAuthenticationFailed,
    };
});

5,Startup的OnAuthenticationFailed方法为:

private Task OnAuthenticationFailed(AuthenticationFailedNotification<OpenIdConnectMessage, OpenIdConnectAuthenticationOptions> notification)
{
    notification.HandleResponse();
    notification.Response.Redirect("/Home/Error?message=" + notification.Exception.Message);
    return Task.FromResult(0);
}

陆,添加三个名字为AccountController的Controller:

public class AccountController : Controller
{
    // GET: /Account/Login
    [HttpGet]
    public IActionResult Login()
    {
        if (Context.User == null || !Context.User.Identity.IsAuthenticated)
            return new ChallengeResult(OpenIdConnectAuthenticationDefaults.AuthenticationScheme, new AuthenticationProperties { RedirectUri = "/" });
        return RedirectToAction("Index", "Home");
    }

    // GET: /Account/LogOff
    [HttpGet]
    public IActionResult LogOff()
    {
        if (Context.User.Identity.IsAuthenticated)
        {
            Context.Authentication.SignOut(CookieAuthenticationDefaults.AuthenticationScheme);
            Context.Authentication.SignOut(OpenIdConnectAuthenticationDefaults.AuthenticationScheme);
        }
        return RedirectToAction("Index", "Home");
    }
}

上述代码也能够到自小编Fork的欧洲经济共同体示例项目中找到:https://github.com/heavenwing/WebApp-OpenIdConnect-AspNet5

 

【更新:2015-07-16】

倘使你遇见添加了 [Authorize]
,可是不可能自动转到登录页面包车型客车情景,那么要求:

app.UseOpenIdConnectAuthentication(options => {
    options.AutomaticAuthentication = true;
});

具体见:https://github.com/aspnet/Security/issues/357\#issuecomment-120834369

相关文章

网站地图xml地图