我有一个现有的Blazor(服务器)应用程序,其地址指向.NET Core 3.1预览版2。
我需要追溯添加本地ADFS(不是Azure)安全性。我一直在尝试遵循microsoft的Authenticate users with WS-Federation in ASP.NET Core,但它一直顽固地忽略了安全性。这篇文章当然是为ASP.NET写的,而不是Blazor ...
到目前为止,我所做的是:
public static void ConfigureServices(IServiceCollection services)
{
services.AddIdentity<IdentityUser,IdentityRole>()
.AddEntityFrameworkStores<ApplicationDbContext>()
.AddDefaultTokenProviders();
services.AddAuthentication()
.AddWsFederation(options =>
{
options.MetadataAddress = "https://adfs.Server.com/Federationmetadata/2007-06/Federationmetadata.xml";
options.Wtrealm = "https://localhost:44323/";
});
services.AddAuthorization();
services.AddRazorPages();
services.AddServerSideBlazor();
....
一件令人关注的事情-数据库当前具有支持早期身份验证模式(成员身份?)的表(由我们正在重写的应用程序使用)。它具有表[AspNetRoles],[AspNetUserClaims],[AspNetUserLogins],[AspNetUserRoles]和[AspNetUsers]。这些都会被覆盖吗?
public class ApplicationDbContext : IdentityDbContext
{
public ApplicationDbContext(DbContextOptions<ApplicationDbContext> options)
: base(options)
{
}
protected override void Onconfiguring(DbContextOptionsBuilder optionsBuilder)
{
if (optionsBuilder != null)
{
if (optionsBuilder.IsConfigured == false)
{
IConfigurationRoot configuration = new ConfigurationBuilder()
.SetBasePath(AppDomain.CurrentDomain.BaseDirectory)
.AddJsonFile($"appsettings.{Startup.CurrentEnvironment}.json")
.Build();
optionsBuilder
.UseSqlServer(configuration.getconnectionString("MyDatabase"),providerOptions => providerOptions.CommandTimeout(60));
}
}
base.Onconfiguring(optionsBuilder);
}
}
在Configure方法中,我已经添加了(尽管不清楚是否需要这样做):
app.UseAuthentication();
app.UseRouting();
app.UseAuthorization();
在App.razor中,我有:
<CascadingAuthenticationState>
<Router AppAssembly="@typeof(Program).Assembly">
<Found Context="routeData">
@*<RouteView RouteData="@routeData" DefaultLayout="@typeof(Mainlayout)" />*@
<AuthorizeRouteView RouteData="@routeData" DefaultLayout="@typeof(Mainlayout)" />>
</Found>
<NotFound>
<LayoutView Layout="@typeof(Mainlayout)">
<p>Sorry,there's nothing at this address.</p>
</LayoutView>
</NotFound>
</Router>
</CascadingAuthenticationState>
在我的剃须刀页面之一(MyPage.razor)中,我得到了:
@page "/myRoute"
@attribute [Authorize]
当我浏览到具有“自动”属性的页面时,收到消息:
未授权
因此它没有呼出我的ADFS服务器。它不应该只是自动执行此操作-用户不必单击“登录我”按钮。
我引用了以下NuGet软件包:
<PackageReference Include="microsoft.AspNetCore.Authentication.WsFederation" Version="3.1.0-preview2.19528.8" />
<PackageReference Include="microsoft.AspNetCore.Identity.EntityFrameworkCore" Version="3.1.0-preview2.19528.8" />
我什至遵循微软的Use WS-Federation without ASP.NET Core Identity榜样,但没有运气。