如何解决登录问题后,Azure AD在Web浏览器Chrome,Firefox中声明无效
从Azure AD登录后,我得到了基于声明的身份,例如在浏览器Chrome,Firefox中,用户名,Logi-Email为空,并且身份验证也为False,但在Microsoft Edge中不是。这通常是随机发生的,当我在Chrome浏览器中注销并重新登录时,用户身份验证在调试模式下显示为false,并且声明为null。让我知道问题区域是什么,我没有进行任何研究。
注意-AddAuthentication()。AddOpenIdConnect用于asp.netcore,就像我在使用asp.net mvc 5
app.UseOpenIdConnectAuthentication(
new OpenIdConnectAuthenticationOptions
{
// AuthenticationMode = AuthenticationMode.Passive,ClientId = ClientId,Authority = AuthenticationConfig.Authority,RedirectUri = AuthenticationConfig.RedirectUri,PostLogoutRedirectUri = AuthenticationConfig.PostLogoutRedirectUri,Scope = AuthenticationConfig.BasicSignInScopes,ResponseType = OpenIdConnectResponseType.IdToken,TokenValidationParameters = new TokenValidationParameters() { ValidateIssuer = false,NameClaimType = "name" },//this.BuildTokenValidationParameters(),Notifications = new OpenIdConnectAuthenticationNotifications()
{
RedirectToIdentityProvider = (context) =>
{
// This ensures that the address used for sign in and sign out is picked up dynamically from the request
// this allows you to deploy your app (to Azure Web Sites,for example)without having to change settings
// Remember that the base URL of the address used here must be provisioned in Azure AD beforehand.
string appRedirectUri = string.Format("{0}://{1}{2}",context.Request.Scheme,(context.Request.Host.ToString() + context.Request.PathBase),AuthenticationConfig.RedirectUriAbsolutePath);
string postLogOutRedirectUri = string.Format("{0}://{1}{2}","/Dashboard/Index");
context.ProtocolMessage.RedirectUri = appRedirectUri;
context.ProtocolMessage.PostLogoutRedirectUri = postLogOutRedirectUri;
return Task.FromResult(0);
},SecurityTokenValidated = (context) =>
{
// retrieve caller data from the incoming principal
//string issuer = context.AuthenticationTicket.Identity.FindFirst("iss").Value;
//string Upn = context.AuthenticationTicket.Identity.FindFirst(ClaimTypes.Name).Value;
//string tenantId = context.AuthenticationTicket.Identity.FindFirst("http://schemas.microsoft.com/identity/claims/tenantid").Value;
//if (
// //the caller comes from an admin-consented,recorded issuer
// (this.db.Tenants.FirstOrDefault(a => ((a.IssValue == issuer) && (a.AdminConsented))) == null)
// // the caller is recorded in the db of users who went through the individual on-boarding
// && (this.db.Users.FirstOrDefault(b => ((b.UPN == Upn) && (b.TenantID == tenantId))) == null)
// )
// // the caller was neither from a trusted issuer or a registered user -throw to block the authentication flow
// throw new UnauthorizedAccessException("Please use the Sign-up link to sign -up for the ToDo list application.");
return Task.FromResult(0);
},AuthorizationCodeReceived = (context) =>
{
//var code = context.Code;
//ClientCredential credential = new ClientCredential(ClientId,AppKey);
//string tenantId = context.AuthenticationTicket.Identity.FindFirst("http://schemas.microsoft.com/identity/claims/tenantid").Value;
//string signedInUserId = context.AuthenticationTicket.Identity.FindFirst(ClaimTypes.NameIdentifier).Value;
//AuthenticationContext authContext = new AuthenticationContext(AadInstance + tenantId,new ADALTokenCache(signedInUserId));
//// The following operation fetches a token for Microsoft graph and caches it in the token cache
//AuthenticationResult result = authContext.AcquireTokenByAuthorizationCodeAsync(
// code,new Uri(HttpContext.Current.Request.Url.GetLeftPart(UriPartial.Path)),credential,GraphResourceId).Result;
return Task.FromResult(0);
},AuthenticationFailed = (context) =>
{
context.Response.Redirect("/Error/ShowError?signIn=true&errorMessage=" + context.Exception.Message);
context.HandleResponse(); // Suppress the exception
return Task.FromResult(0);
}
},SignInAsAuthenticationType = "Cookies"
});
}
解决方法
请验证您是否已执行here所述的所有步骤。
,因此,经过1周的研究。下面的代码在Startup.Auth.cs中解决了我的问题。 参考:ASP.NET_SessionId + OWIN Cookies do not send to browser
app.UseCookieAuthentication(new CookieAuthenticationOptions
{
CookieManager = new SystemWebCookieManager()
});
版权声明:本文内容由互联网用户自发贡献,该文观点与技术仅代表作者本人。本站仅提供信息存储空间服务,不拥有所有权,不承担相关法律责任。如发现本站有涉嫌侵权/违法违规的内容, 请发送邮件至 dio@foxmail.com 举报,一经查实,本站将立刻删除。