azure - 如何向我的 azure 广告登录链接添加附加参数以修改登录功能?

标签 azure azure-active-directory azure-ad-msal

现在我正在使用一个应用程序,该应用程序在用户输入凭据一次后自动通过微软帐户登录用户。这就是我尝试调用微软登录的方式:

public partial class Startup
    {
        // Load configuration settings from PrivateSettings.config
        private static string appId = ConfigurationManager.AppSettings["ida:AppId"];
        private static string appSecret = ConfigurationManager.AppSettings["ida:AppSecret"];
        private static string redirectUri = ConfigurationManager.AppSettings["ida:RedirectUri"];
        private static string tenantId = ConfigurationManager.AppSettings["ida:tenantId"];
        private static string aadInstance = ConfigurationManager.AppSettings["ida:AADInstance"];
        public static string authority = aadInstance + tenantId;

        public void Configuration(IAppBuilder app)
        {
            // For more information on how to configure your application, visit https://go.microsoft.com/fwlink/?LinkID=316888
            app.SetDefaultSignInAsAuthenticationType(CookieAuthenticationDefaults.AuthenticationType);
            app.UseKentorOwinCookieSaver();
            app.UseCookieAuthentication(new CookieAuthenticationOptions());

            app.UseOpenIdConnectAuthentication(
                new OpenIdConnectAuthenticationOptions
                {
                    ClientId = appId,
                    Authority = authority,
                    RedirectUri = redirectUri,
                    TokenValidationParameters = new TokenValidationParameters
                    {
                        ValidateIssuer = true
                    },
                    Notifications = new OpenIdConnectAuthenticationNotifications
                    {
                        AuthenticationFailed = OnAuthenticationFailedAsync,
                        AuthorizationCodeReceived = OnAuthorizationCodeReceivedAsync
                    }
                }
            );
        }
        private static Task OnAuthenticationFailedAsync(AuthenticationFailedNotification<OpenIdConnectMessage,
            OpenIdConnectAuthenticationOptions> notification)
        {
            notification.HandleResponse();

            string redirect = $"Home/Error?message={notification.Exception.Message}";
            if (notification.ProtocolMessage != null && !string.IsNullOrEmpty(notification.ProtocolMessage.ErrorDescription))
            {
                redirect += $"&debug={notification.ProtocolMessage.ErrorDescription}";
            }
            notification.Response.Redirect(redirect);
            return Task.FromResult(0);
        }

        private async Task OnAuthorizationCodeReceivedAsync(AuthorizationCodeReceivedNotification notification)
        {
            var idClient = ConfidentialClientApplicationBuilder.Create(appId)
                .WithRedirectUri(redirectUri)
                .WithTenantId(tenantId)
                .WithClientSecret(appSecret)
                .Build();

            string email = string.Empty;
            try
            {
                string[] scopes = null;

                var result = await idClient.AcquireTokenByAuthorizationCode(
                    scopes, notification.Code).ExecuteAsync();

                email = await GraphHelper.GetUserDetailsAsync(result.AccessToken);
                var account = await idClient.GetAccountAsync(result.Account.HomeAccountId.Identifier);
                await idClient.RemoveAsync(account);//
            }
            catch (MsalException ex)
            {
                System.Diagnostics.Trace.TraceError(ex.Message);
            }
            notification.HandleResponse();
            notification.Response.Redirect($"Account/SignInAzureEmailAsync?email={email}");
        }
    }

<add key="ida:AADInstance" value="https://login.microsoftonline.com/" />

我读了这个Microsoft document建议我使用 prompt=login 来强制用户每次单击登录按钮时登录。我不知道如何在我的链接中应用此修改。请问有什么建议吗?

最佳答案

您可以使用RedirectToIdentityProvider函数来配置prompt属性

Notifications = new OpenIdConnectAuthenticationNotifications()
            {
                RedirectToIdentityProvider = context =>
                    {
                        context.ProtocolMessage.SetParameter("prompt", "login");
                        return Task.FromResult(0);
                    }
                
            }
        };

关于azure - 如何向我的 azure 广告登录链接添加附加参数以修改登录功能?,我们在Stack Overflow上找到一个类似的问题: https://stackoverflow.com/questions/72654831/

上一篇:c# - 具有链接和并行工作流程的 Azure Durable 功能

下一篇:c# - 目前支持 Graphclient ArgumentException : Only HTTP/1. 0 和 HTTP/1.1 版本请求。参数名称:值

相关文章:

azure - 使用 Bicep 设置 Web 应用程序 IP 安全限制的 header

azure - 是否可以更改 Azure SQL 实例进行身份验证所依据的 Azure AD?

azure - login_hint/将电子邮件设置为只读 - azure ad b2c

java - 如何使用 Java 中的 MSAL 从 Microsoft Outlook 发送电子邮件?

Azure CPU 性能基准和/或规范

php - 如何从外部网站连接到 Azure 的数据存储?

azure - 为什么 Azure 中的所有虚拟机均呈灰色且无法使用?如何选择虚拟机?

具有 Windows Live ID 身份验证的 Azure Multi-Tenancy 应用程序

c# - 如何将 "resource principal named https://management.azure.net"添加到 Azure 中的默认目录?

asp.net - MSAL 3.x GetAuthorizationRequestUrlParameterBuilder 返回错误的数据类型

©2024 IT工具网  联系我们