我有一个ASP.Net MVC应用程序,使用Owin,并且还使用Azure Active Directory身份验证。
我想在用户被重定向到Azure AD身份验证页面时传递参数。因此,当用户登录或注册时,我想将ProjectId(int)作为参数传递。
在用户登录/注册并被重定向到我的应用程序后,我希望接收到我传递的ProjectId作为参数。
如何实现这一点?
编辑:添加代码
我想在用户被重定向到Azure AD身份验证页面时传递参数。因此,当用户登录或注册时,我想将ProjectId(int)作为参数传递。
在用户登录/注册并被重定向到我的应用程序后,我希望接收到我传递的ProjectId作为参数。
如何实现这一点?
编辑:添加代码
// The ACR claim is used to indicate which policy was executed
public const string AcrClaimType = "http://schemas.microsoft.com/claims/authnclassreference";
public const string PolicyKey = "b2cpolicy";
private const string OidcMetadataSuffix = "/.well-known/openid-configuration";
public void ConfigureAuth(IAppBuilder app)
{
app.SetDefaultSignInAsAuthenticationType(CookieAuthenticationDefaults.AuthenticationType);
app.UseCookieAuthentication(new CookieAuthenticationOptions());
OpenIdConnectAuthenticationOptions options = new OpenIdConnectAuthenticationOptions
{
// These are standard OpenID Connect parameters, with values pulled from web.config
ClientId = ClientId,
RedirectUri = RedirectUri,
PostLogoutRedirectUri = RedirectUri,
UseTokenLifetime = false,
Notifications = new OpenIdConnectAuthenticationNotifications
{
AuthenticationFailed = AuthenticationFailed,
RedirectToIdentityProvider = OnRedirectToIdentityProvider,
SecurityTokenValidated = OnSecurityTokenValidated
},
Scope = "openid",
ResponseType = "id_token",
// The PolicyConfigurationManager takes care of getting the correct Azure AD authentication
// endpoints from the OpenID Connect metadata endpoint. It is included in the PolicyAuthHelpers folder.
ConfigurationManager = new PolicyConfigurationManager(
string.Format(CultureInfo.InvariantCulture, AadInstance, Tenant, "/v2.0", OidcMetadataSuffix),
new[] { SignUpPolicyId, SignInPolicyId, ProfilePolicyId }),
// This piece is optional - it is used for displaying the user's name in the navigation bar.
TokenValidationParameters = new TokenValidationParameters
{
NameClaimType = "name"
}
};
app.UseOpenIdConnectAuthentication(options);
}
private Task OnRedirectToIdentityProvider(
RedirectToIdentityProviderNotification<OpenIdConnectMessage, OpenIdConnectAuthenticationOptions> notification)
{
if (notification.ProtocolMessage.RequestType == OpenIdConnectRequestType.LogoutRequest)
{
var currentPolicy =
notification.OwinContext.Authentication.AuthenticationResponseRevoke.AuthenticationTypes
.FirstOrDefault(x => x.StartsWith("b2c"));
notification.ProtocolMessage.IssuerAddress = notification.ProtocolMessage.IssuerAddress.Split('?')[0];
notification.ProtocolMessage.Parameters.Add("p", currentPolicy);
}
else
{
**// The value right now for the state is sort of "hijacked" and assigned by Microsoft**
//notification.ProtocolMessage.Parameters["state"] = "OpenIdConnect.AuthenticationProperties=sRt-teBcxsd239viWo...... ";
var currentPolicy = notification.OwinContext.Authentication.AuthenticationResponseChallenge.Properties
.Dictionary[PolicyKey];
notification.ProtocolMessage.IssuerAddress = notification.ProtocolMessage.IssuerAddress.Split('?')[0];
notification.ProtocolMessage.Parameters.Add("p", currentPolicy);
}
return Task.FromResult(0);
}
private async Task OnSecurityTokenValidated(SecurityTokenValidatedNotification<OpenIdConnectMessage, OpenIdConnectAuthenticationOptions> notification)
{
await MyClass.CreatePrincipal(notification.AuthenticationTicket.Identity);
}
private Task AuthenticationFailed(
AuthenticationFailedNotification<OpenIdConnectMessage, OpenIdConnectAuthenticationOptions> notification)
{
notification.HandleResponse();
notification.Response.Redirect("/Home/Error?message=" + notification.Exception.Message);
return Task.FromResult(0);
}