Я борюсь с ADFS UseOpenIdConnectAuthentication уже более недели. Это расстраивает.
Вот мой код Startup.Auth.cs. переменная "dero" имеет значение false => не аутентифицирована. Почему?
using System;
using System.Configuration;
using System.Net.Http;
using System.Web;
using IdentityModel.Client;
using Microsoft.AspNet.Identity;
using Microsoft.IdentityModel.Clients.ActiveDirectory;
using Microsoft.Owin.Security;
using Microsoft.Owin.Security.OpenIdConnect;
using Owin;
namespace Intel.Web
{
public partial class Startup
{
private readonly string authority = ConfigurationManager.AppSettings["auth:Authority"];
private readonly string clientId = ConfigurationManager.AppSettings["auth:ClientId"];
private readonly string clientSecret = ConfigurationManager.AppSettings["auth:ClientSecret"];
private readonly string metadataAddress = ConfigurationManager.AppSettings["auth:MetadataAddress"];
private readonly string postLogoutRedirectUri = ConfigurationManager.AppSettings["auth:PostLogoutRedirectUri"];
private readonly string redirectUri = ConfigurationManager.AppSettings["auth:RedirectUri"];
private readonly string tokenEndpoint = ConfigurationManager.AppSettings["auth:TokenEndpoint"];
private readonly string userInfoEndpoint = ConfigurationManager.AppSettings["auth:UserInfoEndpoint"];
public void ConfigureAuth(IAppBuilder app)
{
app.SetDefaultSignInAsAuthenticationType(DefaultAuthenticationTypes.ApplicationCookie);
app.UseOpenIdConnectAuthentication(new OpenIdConnectAuthenticationOptions
{
ClientId = this.clientId,
Authority = this.authority,
MetadataAddress = this.metadataAddress,
ResponseType = "code id_token",
RedirectUri = this.redirectUri,
PostLogoutRedirectUri = this.postLogoutRedirectUri,
ClientSecret = this.clientSecret,
// AuthenticationMode = AuthenticationMode.Passive,
Notifications = new OpenIdConnectAuthenticationNotifications
{
AuthorizationCodeReceived = async n =>
{
var authContext = new AuthenticationContext("https://dev.adfs.myServer.com/adfs/", false);
var result = await authContext.AcquireTokenByAuthorizationCodeAsync(n.ProtocolMessage.Code,
new Uri(this.redirectUri), new ClientCredential(this.clientId, this.clientSecret));
var userInfoReq = new UserInfoRequest
{
Address = this.userInfoEndpoint,
Token = result.AccessToken
};
var client = new HttpClient();
var response = await client.GetUserInfoAsync(userInfoReq);
if (response.IsError) throw new Exception("Invalid access token");
n.AuthenticationTicket.Identity.AddClaims(response.Claims);
var dero = HttpContext.Current.User.Identity.IsAuthenticated;
//FormsAuthentication.SetAuthCookie("userName unic gen", false);
HttpContext.Current.GetOwinContext().Authentication.Challenge(new AuthenticationProperties { RedirectUri = "/FOGWeb" }, OpenIdConnectAuthenticationDefaults.AuthenticationType);
dero = HttpContext.Current.User.Identity.IsAuthenticated;
}
}
});
}
}
}