本文介绍了替代IdentityServer3登录系统的处理方法,对大家解决问题具有一定的参考价值,需要的朋友们下面随着小编来一起学习吧!
问题描述
在我的上一个问题中,@ leastprivilege回答之后,我得出结论,两者均不可能解决方案:
Following @leastprivilege answer in my previous question, I concluded that neither are possible solutions:
- 登录服务不支持REST身份验证(因此,不能使用IUserService.AuthenticateLocalAsync并只能连接到它)
- 我不需要它成为其他提供者,我需要它来替代IS3,也就是说,除了显示本地登录名和其他提供者之外,我还需要/login页面成为来自其他服务的提供者.
- The login service doesn't support REST authentication (thus, can't use IUserService.AuthenticateLocalAsync and just connect to it)
- I don't need it to be an additional provider, I need it to substitute IS3 one, ie, instead of showing the local login + additional providers, I need the /login page to be the one from a different service.
这可以自定义,还是需要更改IdentityService3源?如果是这样,我该如何保证实施明智才能实现认证而不破坏授权?
Can this be customized or do I need to change IdentityService3 source? If so, what to I need to guarantee implementation wise in order for to achieve the authentication and not break the authorization?
更新
在此答案之后,解决方案可能是创建新的提供程序,并使用acr_values设置自动重定向. >
Following this answer the solution might be creating a new provider and setting the automatic redirect somewhere using acr_values
推荐答案经过一番研究后解决了该问题.您需要执行以下三个步骤:
Solved it after some research. You'll need this three steps:
- 一种Owin身份验证中间件,该中间件重定向到所需的页面,并提供受保护的状态(这将使您稍后完成身份验证过程).您可以按照[Anders Abel教程]
- 自定义用户服务,该服务将覆盖PreAuthentication方法并使用中间件ID设置SignInMessage message.Idp.代码示例:在此处检查
- 身份验证成功后,您的页面应使用state参数重定向到中间件回调.使用上述虚拟中间件,将其设置为/signing-dummy
- A Owin Authentication middleware that redirects to the page you want, providing the protected state (this will let you finish the authentication process later). You can follow [Anders Abel tutorial]
- Custom user service that overrides the PreAuthentication method and sets the SignInMessage message.Idp with your middleware id. Code sample: check it here
- After the successful authentication, your page should redirect to the middleware callback with the state parameter. With the mentioned dummy middleware, it's set as /signing-dummy
更多推荐
替代IdentityServer3登录系统
发布评论