我是 .net core 的新手,我的公司正开始在新应用程序上迁移到 .net 7。该应用程序甚至不会尝试调用 ADFS(我们将其用于 SSO)。这是我的程序文件:
using Microsoft.AspNetCore.Authentication.Cookies;
using Microsoft.AspNetCore.Authentication.WsFederation;
using Microsoft.AspNetCore.Cors.Infrastructure;
using Microsoft.AspNetCore.Identity;
using Microsoft.AspNetCore.OData;
using Microsoft.EntityFrameworkCore;
var builder = WebApplication.CreateBuilder(args);
builder.Configuration.AddJsonFile("appsettings.json");
builder.Services.AddControllers().AddOData(
options => options.Select().Filter().OrderBy().Expand().Count().SetMaxTop(null)
);
builder.Services.Configure<GlobalAppSettings.ConnectionString>(builder.Configuration.GetSection("ConnectionStrings"));
builder.Services.Configure<GlobalAppSettings.AppEnvironment>(builder.Configuration.GetSection("AppSettings"));
builder.Services.AddAuthentication(sharedOptions =>
{
sharedOptions.DefaultScheme = CookieAuthenticationDefaults.AuthenticationScheme;
sharedOptions.DefaultChallengeScheme = WsFederationDefaults.AuthenticationScheme;
})
.AddWsFederation(options =>
{
options.UseTokenLifetime = false;
options.Wtrealm = "urn:app";
options.MetadataAddress = "https://sso.app.com/FederationMetadata/2007-06/FederationMetadata.xml";
options.Wreply = "https://localhost:44307/app/";
})
.AddCookie(options =>
{
options.Cookie.Name = "app";
options.Cookie.Path = "/app";
options.SlidingExpiration = true;
options.ExpireTimeSpan = new TimeSpan(0, 40, 0);
});
builder.Services.AddHttpContextAccessor();
builder.Services.AddDbContext<DBcontext>(options => options.UseSqlServer(builder.Configuration.GetConnectionString("PrimaryConnectionString")!));
builder.Services.AddScoped<Utility>();
builder.Services.AddAutoMapper(AppDomain.CurrentDomain.GetAssemblies());
var app = builder.Build();
// Configure the HTTP request pipeline.
app.UsePathBase("/app");
app.UseAuthentication();
app.UseRouting();
app.UseAuthorization();
app.UseEndpoints(configure: endpoints => endpoints.MapControllers());
app.Run();
我已验证 wsfederation 元数据和 wtrealm 是否正确,并且 ADFS 已按此设置。谁能明白为什么这不会调用 ADFS 来获取声明身份?
因此,对于任何发现此问题并遇到同样麻烦的人来说,答案(至少对我来说)是如此简单。我只需要向控制器本身添加一个授权属性。
像这样:[Microsoft.AspNetCore.Authorization.Authorize]
将其放在控制器上告诉应用程序进行调用,因为您必须告诉它您希望它执行的所有操作。在我之前在 .net core 之前开发的应用程序中,我们使用了 IIS Express 和 .net 4.5.2,它们为您做了一些事情,包括这个。我从开始使用 .net core 时就读到,你必须指定所有内容;这使得它更加可定制,这很好。但我并不认为这对你没有任何帮助。现在学起来,不会了。如果您的 .net core 应用程序没有执行某些操作,则可能是您没有具体告诉它。