在 asp.net mvc core 2 OpenIdConnect 中关闭 AutomaticChallenge
Turn off AutomaticChallenge in asp.net mvc core 2 OpenIdConnect
我已将 OpenID 身份验证添加到我的 ASP.NET Core 2.0 wep 应用程序:
services.AddAuthentication(sharedOptions =>
{
sharedOptions.DefaultScheme = CookieAuthenticationDefaults.AuthenticationScheme;
sharedOptions.DefaultChallengeScheme = OpenIdConnectDefaults.AuthenticationScheme;
})
.AddCookie()
.AddOpenIdConnect(option =>
{
option.ClientId = Configuration["AzureAD:ClientId"];
option.Authority = String.Format(Configuration["AzureAd:AadInstance"], Configuration["AzureAd:Tenant"]);
option.SignedOutRedirectUri = Configuration["AzureAd:PostLogoutRedirectUri"];
});
如何打开自动质询,以便控制器、使用 AuthorizeAttribute 的响应操作将 return 403 而不是重定向?
编辑:
我最终得到了这个:
.AddOpenIdConnect(option =>
{
...
option.Events = new OpenIdConnectEvents
{
OnRedirectToIdentityProvider = context =>
{
bool isAjaxRequest = context.HttpContext.Request.Headers["x-requested-with"] == "XMLHttpRequest";
if (isAjaxRequest)
{
context.HttpContext.Response.StatusCode = StatusCodes.Status401Unauthorized;
//context.HttpContext.Response.Headers["Location"] = ???request.RedirectUrl;
context.HandleResponse();
}
return Task.CompletedTask;
}
};
});
虽然我不想重定向 Ajax 请求(因为为什么?),但我想将重定向 url 传递给客户端。 如何获取 RedirectURL?
到目前为止我能想到的最佳解决方案是:
services.AddAuthentication(sharedOptions =>
{
sharedOptions.DefaultScheme = CookieAuthenticationDefaults.AuthenticationScheme;
sharedOptions.DefaultSignInScheme = CookieAuthenticationDefaults.AuthenticationScheme;
sharedOptions.DefaultChallengeScheme = OpenIdConnectDefaults.AuthenticationScheme;
})
.AddCookie(options =>
{
options.Events.OnRedirectToAccessDenied = DontRedirectAjaxOrApiRequestToForbidden;
})
.AddOpenIdConnect(options =>
{
...
options.Events.OnRedirectToIdentityProvider = DontRedirectAjaxRequestToOpenIdProvider;
});
/// <summary>
/// Unauthenticated ajax or API request returns 403 rather than Redirect to forbidden page
/// </summary>
private static Task DontRedirectAjaxOrApiRequestToForbidden(RedirectContext<CookieAuthenticationOptions> ctx)
{
bool isAjaxRequest = ctx.HttpContext.Request.Headers["x-requested-with"] == "XMLHttpRequest";
if (isAjaxRequest || (ctx.Request.Path.StartsWithSegments("/api")))
{
ctx.Response.StatusCode = 403;
}
else
{
ctx.Response.Redirect(ctx.RedirectUri);
}
return Task.CompletedTask;
}
/// <summary>
/// Unauthenticated ajax request returns 401 rather than Redirect
/// </summary>
private static Task DontRedirectAjaxRequestToOpenIdProvider(RedirectContext redirectContext)
{
bool isAjaxRequest = redirectContext.HttpContext.Request.Headers["x-requested-with"] == "XMLHttpRequest";
if (isAjaxRequest)
{
redirectContext.HttpContext.Response.StatusCode = StatusCodes.Status401Unauthorized;
redirectContext.HttpContext.Response.Headers["Location"] = CookieAuthenticationDefaults.LoginPath.Value;
redirectContext.HandleResponse();
}
return Task.CompletedTask;
}
我已将 OpenID 身份验证添加到我的 ASP.NET Core 2.0 wep 应用程序:
services.AddAuthentication(sharedOptions =>
{
sharedOptions.DefaultScheme = CookieAuthenticationDefaults.AuthenticationScheme;
sharedOptions.DefaultChallengeScheme = OpenIdConnectDefaults.AuthenticationScheme;
})
.AddCookie()
.AddOpenIdConnect(option =>
{
option.ClientId = Configuration["AzureAD:ClientId"];
option.Authority = String.Format(Configuration["AzureAd:AadInstance"], Configuration["AzureAd:Tenant"]);
option.SignedOutRedirectUri = Configuration["AzureAd:PostLogoutRedirectUri"];
});
如何打开自动质询,以便控制器、使用 AuthorizeAttribute 的响应操作将 return 403 而不是重定向?
编辑: 我最终得到了这个:
.AddOpenIdConnect(option =>
{
...
option.Events = new OpenIdConnectEvents
{
OnRedirectToIdentityProvider = context =>
{
bool isAjaxRequest = context.HttpContext.Request.Headers["x-requested-with"] == "XMLHttpRequest";
if (isAjaxRequest)
{
context.HttpContext.Response.StatusCode = StatusCodes.Status401Unauthorized;
//context.HttpContext.Response.Headers["Location"] = ???request.RedirectUrl;
context.HandleResponse();
}
return Task.CompletedTask;
}
};
});
虽然我不想重定向 Ajax 请求(因为为什么?),但我想将重定向 url 传递给客户端。 如何获取 RedirectURL?
到目前为止我能想到的最佳解决方案是:
services.AddAuthentication(sharedOptions =>
{
sharedOptions.DefaultScheme = CookieAuthenticationDefaults.AuthenticationScheme;
sharedOptions.DefaultSignInScheme = CookieAuthenticationDefaults.AuthenticationScheme;
sharedOptions.DefaultChallengeScheme = OpenIdConnectDefaults.AuthenticationScheme;
})
.AddCookie(options =>
{
options.Events.OnRedirectToAccessDenied = DontRedirectAjaxOrApiRequestToForbidden;
})
.AddOpenIdConnect(options =>
{
...
options.Events.OnRedirectToIdentityProvider = DontRedirectAjaxRequestToOpenIdProvider;
});
/// <summary>
/// Unauthenticated ajax or API request returns 403 rather than Redirect to forbidden page
/// </summary>
private static Task DontRedirectAjaxOrApiRequestToForbidden(RedirectContext<CookieAuthenticationOptions> ctx)
{
bool isAjaxRequest = ctx.HttpContext.Request.Headers["x-requested-with"] == "XMLHttpRequest";
if (isAjaxRequest || (ctx.Request.Path.StartsWithSegments("/api")))
{
ctx.Response.StatusCode = 403;
}
else
{
ctx.Response.Redirect(ctx.RedirectUri);
}
return Task.CompletedTask;
}
/// <summary>
/// Unauthenticated ajax request returns 401 rather than Redirect
/// </summary>
private static Task DontRedirectAjaxRequestToOpenIdProvider(RedirectContext redirectContext)
{
bool isAjaxRequest = redirectContext.HttpContext.Request.Headers["x-requested-with"] == "XMLHttpRequest";
if (isAjaxRequest)
{
redirectContext.HttpContext.Response.StatusCode = StatusCodes.Status401Unauthorized;
redirectContext.HttpContext.Response.Headers["Location"] = CookieAuthenticationDefaults.LoginPath.Value;
redirectContext.HandleResponse();
}
return Task.CompletedTask;
}