带Blazor的ASP.NETCore7可以使用带有域提示的NavigateToLogin吗?

vbkedwbf  于 2022-12-15  发布在  .NET
关注(0)|答案(2)|浏览(113)

按照此处的建议在.NET 7的Blazor应用中使用新的.NavigateToLogin时,如何在调用NavigateToLogin(或NavigateToLogout)时传递域提示?或者是否有方法通过设置自动添加域提示?
如果没有域提示,我的用户现在登录和注销都需要一个额外的步骤。(我正在使用MSAL for Open ID Connect with Azure AD。
在这个页面中,似乎可以新建一个InteractiveRequestOptions对象,运行options.TryAddAdditionalParameter("domain_hint", "mydomain.com");,并将其传递给Navigation.NavigateToLogin--但它根本不工作;它根本是无效。

qgzx9mmu

qgzx9mmu1#

我认为这个问题仍然适用:https://github.com/dotnet/aspnetcore/issues/40046#issuecomment-1042575825-至少我是这么解决的,不知道是否有更好的方法。
因此,步骤1:添加类AuthExtensions:

using System.Text.Json.Serialization;
using Microsoft.AspNetCore.Components;
using Microsoft.AspNetCore.Components.WebAssembly.Authentication;
using Microsoft.Extensions.DependencyInjection.Extensions;
using Microsoft.Extensions.Options;

namespace Your.Namespace;
/// <summary>
/// https://github.com/dotnet/aspnetcore/issues/40046
/// </summary>
public static class AuthExtensions
{
    /// <summary>
    /// Adds support for Auth0 authentication for SPA applications using <see cref="Auth0OidcProviderOptions"/> and the <see cref="RemoteAuthenticationState"/>.
    /// </summary>
    /// <param name="services">The <see cref="IServiceCollection"/> to add the services to.</param>
    /// <param name="configure">An action that will configure the <see cref="RemoteAuthenticationOptions{TProviderOptions}"/>.</param>
    /// <returns>The <see cref="IServiceCollection"/> where the services were registered.</returns>
    public static IRemoteAuthenticationBuilder<RemoteAuthenticationState, RemoteUserAccount> AddAuth0OidcAuthentication(this IServiceCollection services, Action<RemoteAuthenticationOptions<Auth0OidcProviderOptions>> configure)
    {
        services.TryAddEnumerable(ServiceDescriptor.Scoped<IPostConfigureOptions<RemoteAuthenticationOptions<Auth0OidcProviderOptions>>, DefaultAuth0OidcOptionsConfiguration>());
        return services.AddRemoteAuthentication<RemoteAuthenticationState, RemoteUserAccount, Auth0OidcProviderOptions>(configure);
    }
}

public class Auth0OidcProviderOptions : OidcProviderOptions
{
    public MetadataSeed MetadataSeed { get; set; } = new();
}

public class MetadataSeed
{
    [JsonPropertyName("end_session_endpoint")]
    public string EndSessionEndpoint { get; set; } = null!;
}

// Copy/paste from Microsoft.AspNetCore.Components.WebAssembly.Authentication with the option type changed.
public class DefaultAuth0OidcOptionsConfiguration : IPostConfigureOptions<RemoteAuthenticationOptions<Auth0OidcProviderOptions>>
{
    private readonly NavigationManager _navigationManager;

    public DefaultAuth0OidcOptionsConfiguration(NavigationManager navigationManager) => _navigationManager = navigationManager;

    public void Configure(RemoteAuthenticationOptions<Auth0OidcProviderOptions> options)
    {
        if (options == null)
        {
            return;
        }

        options.UserOptions.AuthenticationType ??= options.ProviderOptions.ClientId;

        var redirectUri = options.ProviderOptions.RedirectUri;
        if (redirectUri == null || !Uri.TryCreate(redirectUri, UriKind.Absolute, out _))
        {
            redirectUri ??= "authentication/login-callback";
            options.ProviderOptions.RedirectUri = _navigationManager.ToAbsoluteUri(redirectUri).AbsoluteUri;
        }

        var logoutUri = options.ProviderOptions.PostLogoutRedirectUri;
        if (logoutUri == null || !Uri.TryCreate(logoutUri, UriKind.Absolute, out _))
        {
            logoutUri ??= "authentication/logout-callback";
            options.ProviderOptions.PostLogoutRedirectUri = _navigationManager.ToAbsoluteUri(logoutUri).AbsoluteUri;
        }
    }

    public void PostConfigure(string name, RemoteAuthenticationOptions<Auth0OidcProviderOptions> options)
    {
        if (string.Equals(name, Options.DefaultName, StringComparison.Ordinal))
        {
            Configure(options);
        }
    }
}

然后在program.cs中,你这样连接它:

builder.Services.AddAuth0OidcAuthentication(options =>
{
    var authority = builder.Configuration["GoogleAuth:Authority"];
    var clientId = builder.Configuration["GoogleAuth:ClientId"];
    options.ProviderOptions.MetadataSeed.EndSessionEndpoint = $"{authority}/v2/logout?client_id={clientId}&returnTo={builder.HostEnvironment.BaseAddress}";

    // Allowing only MyDomain.Com users
    options.ProviderOptions.AdditionalProviderParameters.Add("hd", builder.Configuration["GoogleAuth:hd"]);
});

请注意,我不是100%确定您应该添加哪个参数。“hd”是基于谷歌云的域的域提示参数:https://developers.google.com/identity/openid-connect/openid-connect#hd-param
根据本指南:https://learn.microsoft.com/en-us/azure/active-directory-b2c/direct-signin?pivots=b2c-user-flow-Azure域提示参数似乎为login_hintdomain_hint

ovfsdjhp

ovfsdjhp2#

在这个页面上,我发现我可以创建一个InteractiveRequestOptions对象,运行options.TryAddAdditionalParameter("domainHint", "mydomain.com");,并将其传递给Navigation.NavigateToLogin,它工作得很好。只是要小心使用domainHint而不是domain_hint,这与一些文档相反。

相关问题