我想Azure的AD与食人鱼CMS认证集成。
这是我的配置至今:
启动
public IServiceProvider ConfigureServices(IServiceCollection services) {
services.AddPiranhaImageSharp();
services.AddPiranhaEF(options => options.UseMySql(Configuration["ConnectionStrings:DefaultConnection"]));
services.AddPiranhaIdentityWithSeed<IdentityMySQLDb>(
options => options.UseMySql(Configuration["ConnectionStrings:DefaultConnection"]));
services.AddPiranhaManager();
services.AddAuthentication(options =>
{
options.DefaultAuthenticateScheme = CookieAuthenticationDefaults.AuthenticationScheme;
options.DefaultSignInScheme = CookieAuthenticationDefaults.AuthenticationScheme;
options.DefaultChallengeScheme = OpenIdConnectDefaults.AuthenticationScheme;
}).AddOpenIdConnect(options =>
{
options.Authority = "https://login.microsoftonline.com/" + this.TenantId;
options.ClientId = this.ClientId;
options.ResponseType = OpenIdConnectResponseType.IdToken;
options.CallbackPath = "/signin-callback";
options.SignedOutRedirectUri = "https://localhost:5001/";
options.SaveTokens = true;
options.Events.OnTokenValidated = async context => { await TokenValidated(context); };
}).AddCookie();
}
通过上述配置,我成功地使用Azure的AD为公众网站的用户进行身份验证。
当我试图进入管理区,我无法使用默认的用户名/密码组合来访问它。这是我需要一点帮助。
后来编辑:
为了让两个工作我已经做了以下修改:
services.AddAuthentication(/*specify no options, leave defaults*/)
.AddOpenIdConnect(options =>
{
options.Authority = "https://login.microsoftonline.com/" + this.TenantId;
options.ClientId = this.ClientId;
options.ResponseType = OpenIdConnectResponseType.IdToken;
options.CallbackPath = "/signin-callback";
options.RemoteSignOutPath = "/signout-oidc";
options.SignedOutRedirectUri = "https://localhost:5001/";
options.SignedOutCallbackPath = "/signout-callback";
options.SignOutScheme = OpenIdConnectDefaults.AuthenticationScheme;
options.Events.OnTokenValidated = async context => { await TokenValidated(context); };
})
.AddCookie(options => options.Cookie.SameSite = SameSiteMode.None);
然后,当我尝试登录/注销,我创建了一个SecurityController如下:
public class SecurityController : Controller
{
public IActionResult Login()
{
return Challenge(new AuthenticationProperties
{
RedirectUri = "/about"
}, OpenIdConnectDefaults.AuthenticationScheme);
}
public async Task<IActionResult> Logout()
{
await HttpContext.SignOutAsync("Identity.External");
return Redirect("/");
}
}
该方法AddPiranhaIdentityWithSeed
具有设置标识选项和Cookie的选项两个可选参数,但你不提供这些方法是设置默认选项。由于这些可能与你后来添加的选项干扰你可能要覆盖这些设置,看看这里的文档:
http://piranhacms.org/docs/components/authentication/identity-security
此外,为了使用户访问经理有索赔的一大堆指定用户可以做什么,你需要添加到本地用户身份。你可以在这里读到他们:
http://piranhacms.org/docs/components/authentication
最好的祝福
哈坎