问题描述
它指出 here 展望未来,我们必须更喜欢身份验证代码流方法,因为“随着从浏览器中删除第三方 cookie 的计划,隐式授权流不再是合适的身份验证方法。”
我已经根据示例应用程序 here 设置了一个 asp.net mvc 4 Web 应用程序。当我在 AD B2C 目录中为访问令牌(用于隐式授权流)设置我的应用程序注册时,它会起作用。如果我按照文档的建议切换到“ID 令牌(用于隐式和混合流)”,我会收到错误消息,指出我的应用程序没有设置它。
正如我从文档中了解到的,我必须为 /authorize 和/token 指定单独的端点,以便在授权后获取令牌。我不确定从样本中看我如何才能做到这一点。下面是 ConfigureAuth 方法,您可以在提供的 github 链接上的示例代码中看到:
public void ConfigureAuth(IAppBuilder app)
{
// required for Azure webapps,as by default they force TLS 1.2 and this project attempts 1.0
ServicePointManager.SecurityProtocol = SecurityProtocolType.Tls12;
app.SetDefaultSignInAsAuthenticationType(CookieAuthenticationDefaults.AuthenticationType);
app.UseCookieAuthentication(new CookieAuthenticationoptions
{
// ASP.NET web host compatible cookie manager
CookieManager = new SystemWebChunkingCookieManager()
});
app.USEOpenIdConnectAuthentication(
new OpenIdConnectAuthenticationoptions
{
// Generate the Metadata address using the tenant and policy information
MetadataAddress = String.Format(WellKNownMetadata,Tenant,DefaultPolicy),// These are standard OpenID Connect parameters,with values pulled from web.config
ClientId = ClientId,RedirectUri = RedirectUri,PostlogoutRedirectUri = RedirectUri,// Specify the callbacks for each type of notifications
Notifications = new OpenIdConnectAuthenticationNotifications
{
RedirectToIdentityProvider = OnRedirectToIdentityProvider,AuthorizationCodeReceived = OnAuthorizationCodeReceived,AuthenticationFailed = OnAuthenticationFailed,},// Specify the claim type that specifies the Name property.
TokenValidationParameters = new TokenValidationParameters
{
NameClaimType = "name",ValidateIssuer = false
},// Specify the scope by appending all of the scopes requested into one string (separated by a blank space)
Scope = $"openid profile offline_access {ReadTasksScope} {WriteTasksScope}",// ASP.NET web host compatible cookie manager
CookieManager = new SystemWebCookieManager()
}
);
}
解决方法
暂无找到可以解决该程序问题的有效方法,小编努力寻找整理中!
如果你已经找到好的解决方法,欢迎将解决方案带上本链接一起发送给小编。
小编邮箱:dio#foxmail.com (将#修改为@)