如果客户端指定,我需要将用户自动重定向到idp . 我本质上是检查我的AuthenticationController的Login方法,如果设置了IDP,我会重定向到该控制器上的另一个方法,然后将该Challenge调用到IDP,这感觉有点乱,因为我真的想创建另一个控制器来处理外部身份验证,而不必使用IDP检查/重定向混淆本地登录 .

它让我思考,如果你设置一个idp,有没有办法让Identity Server 4自动重定向你?我已将客户端的EnableLocalLogin设置为false,并在客户端上指定了idp(这会按预期添加ACR) . 任何帮助将非常感激 .

Server Startup.cs:

services.AddAuthentication()
        .AddMicrosoftAccount("Microsoft", options =>
        {
            options.ClientId = this.Configuration["Credentials:AzureADClientID"];
            options.SignInScheme = "Identity.External";
            options.ClientSecret = this.Configuration["Credentials:AzureADClientSecret"];
            options.AuthorizationEndpoint = this.Configuration["IdentityServer:AzureADAuthorisationEndpoint"];
            options.TokenEndpoint = this.Configuration["IdentityServer:AzureADTokenEndpoint"];
        })
        .AddCookie(CookieAuthenticationDefaults.AuthenticationScheme, options =>
        {
            options.Cookie.Name = defaultSecurityPolicy.AuthenticationCookieName;
            options.Cookie.Expiration = TimeSpan.FromMinutes(defaultSecurityPolicy.CookieValidForMinutes);
            options.LoginPath = "/LogIn";
            options.SlidingExpiration = true;
            options.AccessDeniedPath = "/error/403";
            options.ReturnUrlParameter = CookieAuthenticationDefaults.ReturnUrlParameter;
        });

服务器AuthenticationController.cs

[HttpGet("login")]
public async Task<IActionResult> Login(string username, string returnUrl)
{
        await this.HttpContext.SignOutAsync(IdentityConstants.ExternalScheme);

        var context = await this.interactionService.GetAuthorizationContextAsync(returnUrl);
        if (context?.IdP != null)
        {
            var url = returnUrl;

            var redirectUrl = this.Url.Action(nameof(this.ExternalLoginCallback), new { returnUrl = url });

            var properties = this.signInManager.ConfigureExternalAuthenticationProperties("Microsoft", redirectUrl);
            return this.Challenge(properties, "Microsoft");
        }

        var vm = new LoginViewModel { Username = username, ReturnUrl = returnUrl };

        return this.View(vm);
    }

客户端Startup.cs

services.AddAuthentication(options =>
        {
            options.DefaultChallengeScheme = OpenIdConnectDefaults.AuthenticationScheme;
            options.DefaultAuthenticateScheme = CookieAuthenticationDefaults.AuthenticationScheme;
            options.DefaultSignInScheme = CookieAuthenticationDefaults.AuthenticationScheme;
        })
        .AddCookie(o =>
        {
            o.Cookie.Name = "CookieName";
            o.Cookie.SecurePolicy = Microsoft.AspNetCore.Http.CookieSecurePolicy.Always;
            o.Cookie.HttpOnly = true;
            o.AccessDeniedPath = "/error/403";
            o.Events.OnRedirectToAccessDenied = x =>
            {
                x.HttpContext.Response.StatusCode = 403;
                return Task.CompletedTask;
            };
        })
        .AddOpenIdConnect(OpenIdConnectDefaults.AuthenticationScheme, o =>
        {
            o.Authority = this.Configuration.GetSection("IdentityServer").GetValue<string>("Url");
            o.AuthenticationMethod = OpenIdConnectRedirectBehavior.RedirectGet;
            o.ClientId = this.Configuration.GetSection("IdentityServer").GetValue<string>("ClientId");
            o.ClientSecret = this.Configuration.GetSection("IdentityServer").GetValue<string>("ClientSecret");
            o.RequireHttpsMetadata = true;
            o.SaveTokens = true;
            o.ResponseType = "code id_token";
            o.GetClaimsFromUserInfoEndpoint = true;
            o.Scope.Add("openid profile");
            o.Events.OnRedirectToIdentityProvider = n =>
            {
                if (n.ProtocolMessage.RequestType == OpenIdConnectRequestType.Authentication)
                {
                    n.ProtocolMessage.AcrValues = "idp:Microsoft";
                }
                return Task.FromResult(0);
            };
        });
identityserver4 idp