我的 Blazor 应用程序可以与 OIDC (AzureAD) 身份验证一起正常工作,但应用程序的任何页面始终需要此身份验证。换句话说,如果用户未登录,每个页面都会自动重定向到 Oauth2 登录,然后在用户登录后再次返回。
我想要一个带有登录按钮且不需要登录用户的“注销”页面,但找不到一种方法来执行此操作。我尝试过以下“空白”页面:
@page "/"
@layout LayoutEmpty
@attribute [Microsoft.AspNetCore.Authorization.AllowAnonymous]
Foo
和
LayoutEmpty.razor
:
@inherits LayoutComponentBase
<div class="main">
<div class="content px-4">
@Body
</div>
</div>
Program.cs
中的代码是(为了简洁起见,我省略了一些与身份验证无关的行):
builder.Services.AddAuthentication(OpenIdConnectDefaults.AuthenticationScheme)
.AddMicrosoftIdentityWebApp(builder.Configuration.GetSection("AzureAd"));
builder.Services.AddControllersWithViews()
.AddMicrosoftIdentityUI();
builder.Services.AddAuthorization(options => { options.FallbackPolicy = options.DefaultPolicy; });
builder.Services.AddRazorPages();
builder.Services.AddServerSideBlazor()
.AddMicrosoftIdentityConsentHandler();
app.UseHttpsRedirection();
app.UseStaticFiles();
app.UseRouting();
app.UseAuthentication();
app.UseAuthorization();
app.MapControllers();
app.MapBlazorHub();
app.MapFallbackToPage("/_Host");
app.Run();
但是,启动它仍然会直接进入 Oauth2 流程。
那是因为你在使用
builder.Services.AddAuthorization(options => { options.FallbackPolicy = options.DefaultPolicy; });
DefaultPolicy
是为所有页面配置全局授权。builder.Services.AddAuthorization()
并针对您需要的页面使用 @attribute [Authorize]
。DefaultPolicy
也可以被覆盖,例如
builder.Services.AddAuthorization(options =>
{
//It is also possible to filter the page route via context
options.AddPolicy("MyPolicy", policy =>
policy.RequireAssertion(context =>
context.User.Identity?.Name?.Equals("Tom") ?? false));
//override "Defaultpolicy"
options.DefaultPolicy = options.GetPolicy("MyPolicy");
// By default, all incoming requests will be authorized according to the default policy.
options.FallbackPolicy = options.DefaultPolicy;
});