我有一个基于b2c webapi dotnet的.net mvc项目([https://github.com/Azure-Samples/active-directory-b2c-dotnet-webapp-and-webapi][1] (,在那里我可以注册用户或允许他们通过b2c登录(这两个操作都具有相同的SignUpSignIn策略(。这正如我所期望的那样有效。
我现在正试图将这个单一策略一分为二,因此有一个注册策略和一个额外的登录策略
作为其中的一部分,这两个策略都需要命中AuthorizationCodeReceived挂钩,以便我可以提取b2c oid guid。这用于查找存储在单独数据库中的用户的附加信息。
我发现OnAuthorizationCodeReceived只在使用我的一个策略时调用,这是我在设置授权时设置到MetadataAddress属性中的默认策略。
在下面的代码中,我为"设置"设置的任何策略。B2C_DefaultPolicyId(SignIn或SignUp(是调用了OnAuthorizationCodeReceived的PolicyId。
有人能告诉我是否有办法让这两种策略都能调用OnAuthorizationCodeReceived吗?
我感谢你能提供的任何帮助。
public void ConfigureAuth(IAppBuilder app)
{
app.SetDefaultSignInAsAuthenticationType(CookieAuthenticationDefaults.AuthenticationType);
app.UseCookieAuthentication(new CookieAuthenticationOptions
{
// ASP.NET web host compatible cookie manager
CookieManager = new SystemWebChunkingCookieManager()
});
app.UseOpenIdConnectAuthentication(
new OpenIdConnectAuthenticationOptions
{
// Generate the metadata address using the tenant and policy information
MetadataAddress = String.Format(WellKnownMetadata, Common.Settings.AppSettings.B2C_Tenant, Settings.B2C_DefaultPolicyId),
// These are standard OpenID Connect parameters, with values pulled from web.config
ClientId = Settings.AppSettings.B2C_ClientID,
RedirectUri = RedirectUri,
PostLogoutRedirectUri = PostLogoutRedirectUri,
// Specify the callbacks for each type of notifications
Notifications = new OpenIdConnectAuthenticationNotifications
{
RedirectToIdentityProvider = OnRedirectToIdentityProvider,
AuthorizationCodeReceived = OnAuthorizationCodeReceived,
AuthenticationFailed = OnAuthenticationFailed,
},
// Specify the claim type that specifies the Name property.
TokenValidationParameters = new TokenValidationParameters
{
NameClaimType = "name",
ValidateIssuer = false
},
// Specify the scope by appending all of the scopes requested into one string (separated by a blank space)
Scope = $"openid profile offline_access {Settings.AppSettings.B2C_ReadTasksScope} {Settings.AppSettings.B2C_WriteTasksScope}",
// ASP.NET web host compatible cookie manager
CookieManager = new SystemWebCookieManager()
}
);
}
我在同事的帮助下找到了答案
根据我的示例代码,其中一个回调有一些代码需要更新
private Task OnRedirectToIdentityProvider(RedirectToIdentityProviderNotification<OpenIdConnectMessage, OpenIdConnectAuthenticationOptions> notification)
{
var policy = notification.OwinContext.Get<string>("Policy");
if (!string.IsNullOrEmpty(policy) && !policy.Equals(Globals.DefaultPolicy))
{
notification.ProtocolMessage.Scope = OpenIdConnectScope.OpenId;
notification.ProtocolMessage.ResponseType = OpenIdConnectResponseType.IdToken;
notification.ProtocolMessage.IssuerAddress = notification.ProtocolMessage.IssuerAddress.ToLower().Replace(Globals.DefaultPolicy.ToLower(), policy.ToLower());
}
return Task.FromResult(0);
}
ResponseType需要从IdToken更改为CodeIdToken。这样做意味着非默认策略也会命中回调AuthorizationCodeReceived
这样做的一个副作用是,在命中OnAuthorizationCodeReceived之后,还会命中AuthenticationFailed的回调。
为了处理这个问题,我刚刚在OnAuthenticationFailed方法中放入了一个条件语句,该语句返回到根视图(notification.Response.Redirect("/")(