我有一个现有的Blazor(服务器)应用程序正在处理.NET Core 3.1预览版2。
我需要追溯添加本地ADFS(不是Azure)安全性。我一直在尝试遵循Microsoft的Authenticate users with WS-Federation in ASP.NET Core,但它却顽固地忽略了安全性。当然,本文是为ASP.NET而编写的,不是Blazor ...
到目前为止我所做的是:
public static void ConfigureServices(IServiceCollection services)
{
services.AddIdentity<IdentityUser, IdentityRole>()
.AddEntityFrameworkStores<ApplicationDbContext>()
.AddDefaultTokenProviders();
services.AddAuthentication()
.AddWsFederation(options =>
{
options.MetadataAddress = "https://adfs.Server.com/FederationMetadata/2007-06/FederationMetadata.xml";
options.Wtrealm = "https://localhost:44323/";
});
services.AddAuthorization();
services.AddRazorPages();
services.AddServerSideBlazor();
....
一件令人担心的事情-数据库中目前有支持早期身份验证模式(成员身份?)的表(由我们正在重写的应用程序使用)。它具有表[AspNetRoles],[AspNetUserClaims],[AspNetUserLogins],[AspNetUserRoles]和[AspNetUsers]。这些都会被覆盖吗?
public class ApplicationDbContext : IdentityDbContext
{
public ApplicationDbContext(DbContextOptions<ApplicationDbContext> options)
: base(options)
{
}
protected override void OnConfiguring(DbContextOptionsBuilder optionsBuilder)
{
if (optionsBuilder != null)
{
if (optionsBuilder.IsConfigured == false)
{
IConfigurationRoot configuration = new ConfigurationBuilder()
.SetBasePath(AppDomain.CurrentDomain.BaseDirectory)
.AddJsonFile($"appsettings.{Startup.CurrentEnvironment}.json")
.Build();
optionsBuilder
.UseSqlServer(configuration.GetConnectionString("MyDatabase"),
providerOptions => providerOptions.CommandTimeout(60));
}
}
base.OnConfiguring(optionsBuilder);
}
}
在Configure方法中,我已经添加了(尽管不清楚是否需要:)>
app.UseAuthentication(); app.UseRouting(); app.UseAuthorization();
在App.razor中,我有:
<CascadingAuthenticationState> <Router AppAssembly="@typeof(Program).Assembly"> <Found Context="routeData"> @*<RouteView RouteData="@routeData" DefaultLayout="@typeof(MainLayout)" />*@ <AuthorizeRouteView RouteData="@routeData" DefaultLayout="@typeof(MainLayout)" />> </Found> <NotFound> <LayoutView Layout="@typeof(MainLayout)"> <p>Sorry, there's nothing at this address.</p> </LayoutView> </NotFound> </Router> </CascadingAuthenticationState>
并且在我的剃刀页面之一(MyPage.razor)中,我得到了:
@page "/myRoute" @attribute [Authorize]
当我浏览到具有Autorize属性的页面时,收到消息:
未授权
所以它没有呼出我的ADFS服务器。它不应该只是自动执行此操作-用户不必单击“登录我”按钮。
我已经引用了以下NuGet软件包:
<PackageReference Include="Microsoft.AspNetCore.Authentication.WsFederation" Version="3.1.0-preview2.19528.8" /> <PackageReference Include="Microsoft.AspNetCore.Identity.EntityFrameworkCore" Version="3.1.0-preview2.19528.8" />
[我什至都遵循了Microsoft的Use WS-Federation without ASP.NET Core Identity的示例,但是没有运气。
我有一个现有的Blazor(服务器)应用程序,其地址为.NET Core 3.1预览版2。我需要回顾性地添加本地ADFS(不是Azure)安全性。我一直在尝试关注Microsoft的身份验证用户...