Home / Index MVC控制器将启动Angular 2 SPA,Home / Index需要通过cookie身份验证进行保护.我设法使用OpenIdConnectAuthentication – OnAuthorizationCodeReceived事件获取令牌.
我需要使用基于Cookie的身份验证和使用承载身份验证的API来保护MVC控制器(除了Home / Index之外还有更少的控制器),我可以从API获取令牌到Angular,然后在每次后续API调用时使用该令牌.
在不久的将来,将会有使用Bearer令牌调用相同API端点的移动应用程序.
这是我的出发点:
https://docs.microsoft.com/en-us/azure/active-directory/active-directory-appmodel-v2-overview
Startup.cs
public void ConfigureServices(IServiceCollection services) { services.AddMvc().AddJsonoptions(config => { config.SerializerSettings.ContractResolver = new DefaultContractResolver(); }); services.AddAuthentication(sharedOptions => sharedOptions.SignInScheme = CookieAuthenticationDefaults.AuthenticationScheme); } public void Configure(IApplicationBuilder app,IHostingEnvironment env,ILoggerFactory loggerFactory) { app.UseCookieAuthentication(new CookieAuthenticationoptions()); Authority = $"https://login.microsoftonline.com/AAAAA}"; ClientId = "BBBB"; ClientSecret = "CCCC"; Audience = "https://localhost:44333/"; app.USEOpenIdConnectAuthentication(new OpenIdConnectOptions { ClientId = ClientId,Authority = Authority,PostlogoutRedirectUri = Audience,ResponseType = OpenIdConnectResponseType.CodeIdToken,GetClaimsFromUserInfoEndpoint = false,Events = new OpenIdConnectEvents { OnTokenValidated = TokenValidated,OnRemoteFailure = OnAuthenticationFailed,OnAuthorizationCodeReceived = OnAuthorizationCodeReceived } }); app.UseMvc(....); }
题:
如何配置API以仅使用“Bearer”auth和MVC来使用Cookie?
更新
嗨Adem
谢谢您的回复.
我从不厌倦第一选择,现在就试试吧.
但是我之前已经厌倦了第二个选项,并且只是如下所述累了.
在下面添加了app.USEOpenIdConnectAuthentication(…
app.UseJwtBearerAuthentication(new JwtBearerOptions
{
Authority = "https://login.microsoftonline.com/AAAA",Audience = "https://BBB.onmicrosoft.com/CCCC"
});
对于API控制器[授权(ActiveAuthenticationSchemes =“Bearer”)]
对于MVC控制器[授权(ActiveAuthenticationSchemes =“Cookies”)]
当它击中我的Home Controller时会出现此错误
不支持指定的方法.
这个堆栈跟踪
在Microsoft.AspNetCore.Authentication.RemoteAuthenticationHandler1.HandleSignInAsync(SignInContext context)
在Microsoft.AspNetCore.Authentication.AuthenticationHandler1.d__66.MoveNext()
—从抛出异常的先前位置开始的堆栈跟踪结束—
在System.Runtime.CompilerServices.TaskAwaiter.ThrowForNonSuccess(任务任务)
在System.Runtime.CompilerServices.TaskAwaiter.HandleNonSuccessAndDebuggerNotification(任务任务)
在Microsoft.AspNetCore.Http.Authentication.Internal.DefaultAuthenticationManager.d__14.MoveNext()
—从抛出异常的先前位置开始的堆栈跟踪结束—
在System.Runtime.CompilerServices.TaskAwaiter.ThrowForNonSuccess(任务任务)
在System.Runtime.CompilerServices.TaskAwaiter.HandleNonSuccessAndDebuggerNotification(任务任务)
在Microsoft.AspNetCore.Authentication.RemoteAuthenticationHandler1.< HandleRemoteCallbackAsync> d__6.MoveNext()
—从抛出异常的先前位置开始的堆栈跟踪结束—
在System.Runtime.CompilerServices.TaskAwaiter.ThrowForNonSuccess(任务任务)
在System.Runtime.CompilerServices.TaskAwaiter.HandleNonSuccessAndDebuggerNotification(任务任务)
在Microsoft.AspNetCore.Authentication.RemoteAuthenticationHandler1.d__5.MoveNext()
—从抛出异常的先前位置开始的堆栈跟踪结束—
在System.Runtime.CompilerServices.TaskAwaiter.ThrowForNonSuccess(任务任务)
在System.Runtime.CompilerServices.TaskAwaiter.HandleNonSuccessAndDebuggerNotification(任务任务)
在Microsoft.AspNetCore.Authentication.OpenIdConnect.OpenIdConnectHandler.d__15.MoveNext()
—从抛出异常的先前位置开始的堆栈跟踪结束—
在System.Runtime.CompilerServices.TaskAwaiter.ThrowForNonSuccess(任务任务)
在System.Runtime.CompilerServices.TaskAwaiter.HandleNonSuccessAndDebuggerNotification(任务任务)
在Microsoft.AspNetCore.Authentication.AuthenticationMiddleware1.< Invoke> d__18.MoveNext()
—从抛出异常的先前位置开始的堆栈跟踪结束—
在Microsoft.AspNetCore.Authentication.AuthenticationMiddleware1.d__18.MoveNext()
—从抛出异常的先前位置开始的堆栈跟踪结束—
在System.Runtime.CompilerServices.TaskAwaiter.ThrowForNonSuccess(任务任务)
在System.Runtime.CompilerServices.TaskAwaiter.HandleNonSuccessAndDebuggerNotification(任务任务)
在Microsoft.AspNetCore.Diagnostics.ExceptionHandlerMiddleware.d__6.MoveNext()
更新2:
我已经厌倦了为API和MVC配置2个不同的auth,如下所示
app.UseWhen(context =>
context.Request.Path.StartsWithSegments("/api"),appBuilder =>
{
app.UseJwtBearerAuthentication(new JwtBearerOptions
{
Authority = Authority,Audience = Configuration["Authentication:AzureAd:Audience"]
});
});
app.UseWhen(context =>
!context.Request.Path.StartsWithSegments("/api"),appBuilder =>
{
app.USEOpenIdConnectAuthentication(new OpenIdConnectOptions
{
ClientId = ClientId,OnAuthorizationCodeReceived = OnAuthorizationCodeReceived
}
});
});
但API似乎仍在使用cookie身份验证.我仍然可以看到请求中包含cookie.
谢谢
Asanka
解决方法
app.UseWhen(context => <isApiRequest>,appBuilder =>
{
appBuilder.UseJwtBearerAuthentication();
}
app.UseWhen(context => <isNotApiRequest>,appBuilder =>
{
appBuilder.UseCookieAuthentication();
}
注意:您可以使用“/ api”前缀分支您的api,在这种情况下< isApiRequest>将是context.Request.Path.StartsWithSegment(“/ api”)
另一种方法是使用AuthenticationScheme:
app.UseCookieAuthentication(//....); app.UseJwtBearerAuthentication(//...);
然后在api动作中使用Bearer方案:
[Authoırize(ActiveAuthenticationSchemes = "Bearer")]
public IActionResult ApiAction(){}
对于mvc操作,请使用Cookies方案
[Authoırize(ActiveAuthenticationSchemes = "Cookies")]
public IActionResult MvcAction(){}
版权声明:本文内容由互联网用户自发贡献,该文观点与技术仅代表作者本人。本站仅提供信息存储空间服务,不拥有所有权,不承担相关法律责任。如发现本站有涉嫌侵权/违法违规的内容, 请发送邮件至 [email protected] 举报,一经查实,本站将立刻删除。
