分类:
.net后台框架
IIS 无需Secret 的Microsoft登录
核心代码
public static class FMicsorftLoginHepler{// For more information on configuring authentication, please visit https://go.microsoft.com/fwlink/?LinkId=301864// The Client ID (a.k.a. Application ID) is used by the application to uniquely identify itself to Azure ADstatic string clientId = System.Configuration.ConfigurationManager.AppSettings["ida:ClientId"];// RedirectUri is the URL where the user will be redirected to after they sign instatic string redirectUrl = System.Configuration.ConfigurationManager.AppSettings["ida:RedirectUrl"];// Tenant is the tenant ID (e.g. contoso.onmicrosoft.com, or 'common' for multi-tenant)static string tenant = System.Configuration.ConfigurationManager.AppSettings["ida:Tenant"];// Authority is the URL for authority, composed by Azure Active Directory endpoint and the tenant name (e.g. https://login.microsoftonline.com/contoso.onmicrosoft.com)static string authority = String.Format(System.Globalization.CultureInfo.InvariantCulture, System.Configuration.ConfigurationManager.AppSettings["ida:Authority"], tenant);/// <summary>/// Configure OWIN to use OpenIdConnect/// </summary>/// <param name="app"></param>public static void Configuration(this IAppBuilder app){app.SetDefaultSignInAsAuthenticationType(CookieAuthenticationDefaults.AuthenticationType);app.UseKentorOwinCookieSaver();app.UseCookieAuthentication(new CookieAuthenticationOptions{CookieManager = new SystemWebCookieManager(),CookieName = "MaterialWizardWeb_AuthCookie"});app.UseOpenIdConnectAuthentication(new OpenIdConnectAuthenticationOptions{// Sets the ClientId, authority, RedirectUri as obtained from web.configClientId = clientId,Authority = authority,//RedirectUri = redirectUrl,// PostLogoutRedirectUri is the page that users will be redirected to after sign-out. In this case, it is using the home pagePostLogoutRedirectUri = redirectUrl,//Scope is the requested scope: OpenIdConnectScopes.OpenIdProfileis equivalent to the string 'openid profile': in the consent screen, this will result in 'Sign you in and read your profile'Scope = OpenIdConnectScope.OpenIdProfile,// ResponseType is set to request the id_token - which contains basic information about the signed-in userResponseType = OpenIdConnectResponseType.IdToken,// ValidateIssuer set to false to allow work accounts from any organization to sign in to your application// To only allow users from a single organizations, set ValidateIssuer to true and 'tenant' setting in web.config to the tenant name or Id (example: contoso.onmicrosoft.com)// To allow users from only a list of specific organizations, set ValidateIssuer to true and use ValidIssuers parameterTokenValidationParameters = new TokenValidationParameters() { ValidateIssuer = false },// OpenIdConnectAuthenticationNotifications configures OWIN to send notification of failed authentications to OnAuthenticationFailed methodNotifications = new OpenIdConnectAuthenticationNotifications{SecurityTokenValidated = OnSecurityTokenValidated,RedirectToIdentityProvider = OnRedirectToIdentityProvider,AuthenticationFailed = OnAuthenticationFailed}});}private static Task OnSecurityTokenValidated(SecurityTokenValidatedNotification<OpenIdConnectMessage, OpenIdConnectAuthenticationOptions> context){ClaimsIdentity claimsId = context.AuthenticationTicket.Identity;//email dell'utentestring upn = context.AuthenticationTicket.Identity.Name;string oerlikonAlias = upn.Substring(0, upn.IndexOf('@'));using (FinderContext dal = new FinderContext()){var userobj = dal.Users.FirstOrDefault(x => x.Short_Key == oerlikonAlias);if (userobj == null){//Save a new oneuserobj = new User{Keyed_Name = upn,Short_Key = oerlikonAlias};dal.Users.Add(userobj);dal.SaveChanges();}var roleanduser = dal.RequestPathPermissionRoleAssociatedUser.FirstOrDefault(x => x.User_ID == userobj.ID);if (roleanduser == null){var baserole = dal.RequestPathPermissionRoles.FirstOrDefault(x => x.Default);if (baserole != null){roleanduser = new RequestPathPermissionRoleAssociatedUser(){Role_ID = baserole.ID,User_ID = userobj.ID};roleanduser.UpdateTime();dal.RequestPathPermissionRoleAssociatedUser.Add(roleanduser);dal.SaveChanges();}}else{roleanduser.UpdateTime();dal.SaveChanges();}claimsId.AddClaim(new Claim(ClaimTypes.Role, roleanduser.Role_ID.ToString()));}claimsId.AddClaim(new Claim(ClaimTypes.Name, oerlikonAlias));claimsId.AddClaim(new Claim(ClaimTypes.Email, upn));return Task.FromResult(0);}private static Task OnRedirectToIdentityProvider(RedirectToIdentityProviderNotification<OpenIdConnectMessage, OpenIdConnectAuthenticationOptions> ctx){bool isAjaxRequest = (ctx.Request.Headers != null && ctx.Request.Headers["X-Requested-With"] == "XMLHttpRequest");if (isAjaxRequest){ctx.Response.Headers.Remove("Set-Cookie");ctx.State = NotificationResultState.HandledResponse;}return Task.FromResult(0);}/// <summary>/// Handle failed authentication requests by redirecting the user to the home page with an error in the query string/// </summary>/// <param name="context"></param>/// <returns></returns>private static Task OnAuthenticationFailed(AuthenticationFailedNotification<OpenIdConnectMessage, OpenIdConnectAuthenticationOptions> context){context.HandleResponse();context.Response.Redirect(GetErrorUrl(context.Exception.Message));return Task.FromResult(0);}private static string GetErrorUrl(string errormessage){return $"{redirectUrl}/Home/Error?errormessage={errormessage}";}}
在Startup中启用。
[assembly: OwinStartup(typeof(INFinderDevExpress.Startup))]namespace INFinderDevExpress{public class Startup{public void Configuration(IAppBuilder app){app.Configuration();app.MapSignalR();}}}
同时支持windows登录和微软登录代码如下
public class WindowsLoginHelper{public (bool, WindowsIdentity) Login(string UserName, string Password, string Domain){string text1 = Domain.Trim();string text2 = UserName.Trim();text2 = text2.Replace("/", @"/");int num1 = text2.IndexOf("//");if (num1 != -1){text1 = text2.Substring(0, num1);text2 = text2.Substring(num1 + 1);}else{num1 = text2.IndexOf('@');if (num1 != -1){text1 = text2.Substring(num1 + 1);text2 = text2.Substring(0, num1);}}return this.authenticateUser(text2, Password.Trim(), text1);}private (bool, WindowsIdentity) authenticateUser(string UserName, string Password, string Domain){bool flag1 = false;try{int num1;IntPtr ptr1;if (!WindowsLoginHelper.LogonUser(UserName, Domain, Password, 2, 0, out num1)){return (flag1,null);}ptr1 = new IntPtr(num1);WindowsIdentity identity1 = new WindowsIdentity(ptr1);WindowsPrincipal principal1 = new WindowsPrincipal(identity1);HttpContext.Current.User = principal1;FormsAuthentication.SetAuthCookie(principal1.Identity.Name,false);//FormsAuthentication.RedirectFromLoginPage(UserName, false);flag1 = true;return (flag1, identity1);}catch (Exception ex){}return (flag1, null);}public (bool, string) Login2(string UserName, string Password, string Domain){string text1 = Domain.Trim();string text2 = UserName.Trim();text2 = text2.Replace("/", @"/");int num1 = text2.IndexOf("//");if (num1 != -1){text1 = text2.Substring(0, num1);text2 = text2.Substring(num1 + 1);}else{num1 = text2.IndexOf('@');if (num1 != -1){text1 = text2.Substring(num1 + 1);text2 = text2.Substring(0, num1);}}return this.authenticateUser2(text2, Password.Trim(), text1);}private (bool, string) authenticateUser2(string UserName, string Password, string Domain){bool flag1 = false;try{int num1;IntPtr ptr1;if (!WindowsLoginHelper.LogonUser(UserName, Domain, Password, 2, 0, out num1)){return (flag1, null);}ptr1 = new IntPtr(num1);WindowsIdentity identity1 = new WindowsIdentity(ptr1);WindowsPrincipal principal1 = new WindowsPrincipal(identity1);HttpContext.Current.User = principal1;FormsAuthentication.SetAuthCookie(principal1.Identity.Name, false);//FormsAuthentication.RedirectFromLoginPage(UserName, false);flag1 = true;return (flag1, principal1.Identity.Name);}catch (Exception ex){}return (flag1, null);}[DllImport("advapi32.dll")]public static extern bool LogonUser(string lpszUsername, string lpszDomain, string lpszPassword, int dwLogonType, int dwLogonProvider, out int phToken);}
SelectLoginPage是选择登录的页面。
/// <summary>/// Send an OpenID Connect sign-in request./// Alternatively, you can just decorate the SignIn method with the [Authorize] attribute/// </summary>public void SignIn(){if (!Request.IsAuthenticated){HttpContext.GetOwinContext().Authentication.Challenge(new AuthenticationProperties { RedirectUri = System.Configuration.ConfigurationManager.AppSettings["ida:RedirectUrl"] },OpenIdConnectAuthenticationDefaults.AuthenticationType);}}[AllowAnonymous][HttpPost]public ActionResult WindowsLogin(RequestWindowsLoginModelDto dto){var username = dto.username;var password = dto.password;var domain = "INDOM";WindowsLoginHelper loginHelper = new WindowsLoginHelper();var (resultpd,resultstr) = loginHelper.Login2(username, password, domain);// 如果失败重新登录if (!resultpd){return RedirectToAction("SelectLoginPage", "Home");}var claims = new List<System.Security.Claims.Claim>(){new System.Security.Claims.Claim(System.Security.Claims.ClaimTypes.Name,resultstr),new System.Security.Claims.Claim(System.Security.Claims.ClaimTypes.Role,"WindowsRole")};var claimsidentity = new System.Security.Claims.ClaimsIdentity(claims, CookieAuthenticationDefaults.AuthenticationType);var authmanager = HttpContext.GetOwinContext().Authentication;authmanager.SignIn(claimsidentity);return RedirectToAction("Index", "Home");}public ActionResult SelectLoginPage(){return View();}
public class RequestWindowsLoginModelDto{public string username { get; set; }public string password { get; set; }}
在filter中可以进行是否授权的判断。
filterContext.HttpContext.Request.IsAuthenticated
欢迎加群讨论技术,1群:677373950(满了,可以加,但通过不了),2群:656732739
评价
排名
2
文章
657
粉丝
44
评论
93
docker中Sware集群与service
尘叶心繁 : 想学呀!我教你呀
一个bug让程序员走上法庭 索赔金额达400亿日元
叼着奶瓶逛酒吧 : 所以说做程序员也要懂点法律知识
.net core 塑形资源
剑轩 : 收藏收藏
映射AutoMapper
剑轩 :
好是好,这个对效率影响大不大哇,效率高不高
一个bug让程序员走上法庭 索赔金额达400亿日元
剑轩 : 有点可怕
ASP.NET Core 服务注册生命周期
剑轩 :
http://www.tnblog.net/aojiancc2/article/details/167
ICP备案 :渝ICP备18016597号-1
网站信息:2018-2025TNBLOG.NET
技术交流:群号656732739
联系我们:contact@tnblog.net
公网安备:
50010702506256
50010702506256
欢迎加群交流技术