我有一个web api / mvc混合应用程序,我已将其配置为使用cookie身份验证.这适用于应用程序的mvc部分. web api确实强制执行授权,但不返回401 – Unauthorized它返回302 – Found并重定向到登录页面.我宁愿它返回401.我试图挂钩到CookieAuthenticationProvider.OnApplyRedirect委托,但似乎没有调用.我错过了什么?我目前的设置如下:
AntiForgeryConfig.UniqueClaimTypeIdentifier = Constants.ClaimTypes.Subject; JwtSecurityTokenHandler.InboundClaimTypeMap = new Dictionary<string,string>(); app.UseCookieAuthentication(new CookieAuthenticationoptions { AuthenticationType = "Cookies",ExpireTimeSpan = TimeSpan.FromMinutes(20),SlidingExpiration = true,CookieHttpOnly = true,CookieSecure = CookieSecureOption.Never,//local non ssl-dev only Provider = new CookieAuthenticationProvider { OnApplyRedirect = ctx => { if (!IsAjaxRequest(ctx.Request)) { ctx.Response.Redirect(ctx.RedirectUri); } } } }); app.USEOpenIdConnectAuthentication(new OpenIdConnectAuthenticationoptions { Authority = IdentityConfig.Authority,ClientId = IdentityConfig.softwareClientId,Scope = "openid profile roles",RedirectUri = IdentityConfig.RedirectUri,ResponseType = "id_token",SignInAsAuthenticationType = "Cookies" });
解决方法
在您的示例中,UseCookieAuthentication不再对此进行控制,而是使用USEOpenIdConnectAuthentication.这涉及使用Notifications属性并拦截OpenID Connect身份验证请求.
尝试以下灵感:
app.USEOpenIdConnectAuthentication(new OpenIdConnectAuthenticationoptions { Authority = IdentityConfig.Authority,SignInAsAuthenticationType = "Cookies",Notifications = new OpenIdConnectAuthenticationNotifications { RedirectToIdentityProvider = notification => { if (notification.ProtocolMessage.RequestType == OpenIdConnectRequestType.AuthenticationRequest) { if (IsAjaxRequest(notification.Request) && notification.Response.StatusCode == (int)HttpStatusCode.Unauthorized) { notification.Response.StatusCode = (int)HttpStatusCode.Unauthorized; notification.HandleResponse(); return Task.Fromresult(0); } } return Task.Fromresult(0); } } });
版权声明:本文内容由互联网用户自发贡献,该文观点与技术仅代表作者本人。本站仅提供信息存储空间服务,不拥有所有权,不承担相关法律责任。如发现本站有涉嫌侵权/违法违规的内容, 请发送邮件至 dio@foxmail.com 举报,一经查实,本站将立刻删除。