与Azure的AD集成食人鱼CMS

问题描述 投票:1回答:1

我想Azure的AD与食人鱼CMS认证集成。

这是我的配置至今:

启动

public IServiceProvider ConfigureServices(IServiceCollection services) {
    services.AddPiranhaImageSharp();
    services.AddPiranhaEF(options => options.UseMySql(Configuration["ConnectionStrings:DefaultConnection"]));
    services.AddPiranhaIdentityWithSeed<IdentityMySQLDb>(
                options => options.UseMySql(Configuration["ConnectionStrings:DefaultConnection"]));
    services.AddPiranhaManager();

    services.AddAuthentication(options =>
    {
        options.DefaultAuthenticateScheme = CookieAuthenticationDefaults.AuthenticationScheme;
        options.DefaultSignInScheme = CookieAuthenticationDefaults.AuthenticationScheme;
        options.DefaultChallengeScheme = OpenIdConnectDefaults.AuthenticationScheme;
    }).AddOpenIdConnect(options =>
    {
        options.Authority = "https://login.microsoftonline.com/" + this.TenantId;
        options.ClientId = this.ClientId;
        options.ResponseType = OpenIdConnectResponseType.IdToken;
        options.CallbackPath = "/signin-callback";
        options.SignedOutRedirectUri = "https://localhost:5001/";
        options.SaveTokens = true;
        options.Events.OnTokenValidated = async context => { await TokenValidated(context); };
    }).AddCookie(); 
}

通过上述配置,我成功地使用Azure的AD为公众网站的用户进行身份验证。

当我试图进入管理区,我无法使用默认的用户名/密码组合来访问它。这是我需要一点帮助。

后来编辑:

为了让两个工作我已经做了以下修改:

services.AddAuthentication(/*specify no options, leave defaults*/)
    .AddOpenIdConnect(options =>
        {
            options.Authority = "https://login.microsoftonline.com/" + this.TenantId;
            options.ClientId = this.ClientId;
            options.ResponseType = OpenIdConnectResponseType.IdToken;
            options.CallbackPath = "/signin-callback";
            options.RemoteSignOutPath = "/signout-oidc";
            options.SignedOutRedirectUri = "https://localhost:5001/";
            options.SignedOutCallbackPath = "/signout-callback";
            options.SignOutScheme = OpenIdConnectDefaults.AuthenticationScheme;
            options.Events.OnTokenValidated = async context => { await TokenValidated(context); };
        })
    .AddCookie(options => options.Cookie.SameSite = SameSiteMode.None);

然后,当我尝试登录/注销,我创建了一个SecurityController如下:

public class SecurityController : Controller
{
    public IActionResult Login()
    {
        return Challenge(new AuthenticationProperties
        {
            RedirectUri = "/about"
        }, OpenIdConnectDefaults.AuthenticationScheme);
    }


    public async Task<IActionResult> Logout()
    {
        await HttpContext.SignOutAsync("Identity.External");

        return Redirect("/");
    }
}
asp.net-core azure-active-directory piranha-cms
1个回答
0
投票

该方法AddPiranhaIdentityWithSeed具有设置标识选项和Cookie的选项两个可选参数,但你不提供这些方法是设置默认选项。由于这些可能与你后来添加的选项干扰你可能要覆盖这些设置,看看这里的文档:

http://piranhacms.org/docs/components/authentication/identity-security

此外,为了使用户访问经理有索赔的一大堆指定用户可以做什么,你需要添加到本地用户身份。你可以在这里读到他们:

http://piranhacms.org/docs/components/authentication

最好的祝福

哈坎

© www.soinside.com 2019 - 2024. All rights reserved.