针对 Azure AD 的 WebForms 身份验证

WebForms authentication against Azure AD(针对 Azure AD 的 WebForms 身份验证)

本文介绍了针对 Azure AD 的 WebForms 身份验证的处理方法,对大家解决问题具有一定的参考价值,需要的朋友们下面随着小编来一起学习吧!

问题描述

我有一个 WebForms 站点,它一直在内部服务器上运行,并根据我们的内部 Active Directory 对用户进行身份验证.由于我们正在实施一些新功能,因此需要将此站点移至外部服务器,然后更改身份验证,以便根据我们的 Office 365 帐户对用户进行身份验证.为此,我有:

I have a WebForms site that has been running on an internal server and authenticating users against our internal Active Directory. Due to some new features that we are implementing, this site needs to be moved to an external server and then authentication changed so that it authenticates users against our Office 365 accounts. To this end I have:

  1. 创建了一个新的 WebForms 站点(不使用 MVC)
  2. 在 Azure 中设置新应用程序.
  3. 将 Startup.Auth.cs 修改如下:

  1. Created a new WebForms site (not using MVC)
  2. Set up a new application in Azure.
  3. Modified the Startup.Auth.cs as follows:

    public void ConfigureAuth(IAppBuilder app)
{
    app.CreatePerOwinContext(ApplicationDbContext.Create);
    app.CreatePerOwinContext<ApplicationUserManager>(ApplicationUserManager.Create);
    app.CreatePerOwinContext<ApplicationSignInManager>(ApplicationSignInManager.Create);

    app.UseCookieAuthentication(new CookieAuthenticationOptions
    {
        AuthenticationType = DefaultAuthenticationTypes.ApplicationCookie,
        LoginPath = new PathString("/Account/Login"),
        Provider = new CookieAuthenticationProvider
        {
            OnValidateIdentity = SecurityStampValidator.OnValidateIdentity<ApplicationUserManager, ApplicationUser>(
                validateInterval: TimeSpan.FromMinutes(30),
                regenerateIdentity: (manager, user) => user.GenerateUserIdentityAsync(manager))
        }
    });

    app.UseExternalSignInCookie(DefaultAuthenticationTypes.ExternalCookie);
    app.UseOpenIdConnectAuthentication(new OpenIdConnectAuthenticationOptions { ClientId = "MyApplicationGUID", Authority = "https://login.windows.net/MyDomain.com" });

当我转到默认页面并单击登录时,它会将我带到正确的登录页面并显示 OpenID 按钮.如果我单击该按钮,我将被带到 Microsoft 登录页面,我可以在其中输入我的凭据.但是,此时,我被重定向回我网站的登录页面,该页面仍在要求输入用户名/密码.

When I go to the default page and click Log On, it takes me to the correct Login page and the button for OpenID is shown. If I click the button, I am taken to the Microsoft Login page where I am able to enter my credentials. However, at that point, I am redirected back to my site's login page where it is still asking for a username/password.

我希望发生的是设置站点,以便如果用户未通过身份验证,他们将直接重定向到 Microsoft 登录页面,并在成功登录后重定向回他们最初请求的页面.如果做不到这一点,我会对让默认登录页面正常工作感到满意,这样当我单击 OpenID 时,我就不会被重定向回登录页面.

What I would like to have happen is to set the site up so that if a user is not authenticated, they are redirected directly to the Microsoft login page and upon successful login are redirected back to the page they requested originally. Failing this, I would be satisfied with getting the default login page working so that when I click OpenID I'm not redirected back to the login page.

此时我没有时间学习 MVC 并将整个过程移植过来,因此目前无法选择这条路线.

I don't have time to learn MVC at this point and port the whole thing over so going that route is not an option at this time.

我对这个过程还不够了解,所以如果我的问题没有意义或者你需要更多信息,请告诉我,我很乐意尝试找到你需要的帮助我这个.

I don't know enough about this process, so if my question doesn't make sense or if you need more information, please let me know and I'll be glad to try and find what you need to assist me in this.

推荐答案

也许我遗漏了一些东西,但我不明白您为什么需要自定义登录页面或外部登录 cookie.OIDC/AAD 的典型 Startup.Auth 如下所示:

Maybe I'm missing something, but I don't see why you need the custom login page or the external signin cookie. A typical Startup.Auth for OIDC/AAD looks something like this:

app.SetDefaultSignInAsAuthenticationType(CookieAuthenticationDefaults.AuthenticationType);
app.UseCookieAuthentication(new CookieAuthenticationOptions());

app.UseOpenIdConnectAuthentication(
    new OpenIdConnectAuthenticationOptions
    {
        ClientId = "AppGUID",
        Authority = "https://login.windows.net/MyDomain.com",

        // After authentication return user to the page they were trying
        // to access before being redirected to the Azure AD signin page.
        Notifications = new OpenIdConnectAuthenticationNotifications()
        {
            RedirectToIdentityProvider = (context) =>
                {
                    string currentUrl = context.Request.Scheme + "://" + context.Request.Host + context.Request.Path;
                    context.ProtocolMessage.RedirectUri = currentUrl;

                    return Task.FromResult(0);
                }
        }
    });

cookie 身份验证只是为了避免对每个请求都转到 AAD.所有实际工作都发生在 OpenIdConnectAuthentication 中.

The cookie auth is just to keep from going to AAD for every single request. All the real work happens in the OpenIdConnectAuthentication.

以下是 WebForms、Azure AD 和 OpenID Connect 的示例:

Here's an example of WebForms, Azure AD, and OpenID Connect:

http://www.cloudidentity.com/blog/2014/07/24/protecting-an-asp-net-webforms-app-with-openid-connect-and-azure-ad/

这篇关于针对 Azure AD 的 WebForms 身份验证的文章就介绍到这了,希望我们推荐的答案对大家有所帮助,也希望大家多多支持编程学习网!

本文标题为:针对 Azure AD 的 WebForms 身份验证