Starts in:
1 DAY
15 HRS
17 MIN
39 SEC
Starts in:
1 D
15 H
17 M
39 S

Activities of "ldacnfinit"

好的。我将会试试使用 GitHub认证,跑下整个流程。

Hi, 我已经卡在这个问题上一天了,经过修改已经可以实现不设置 RequireAuthenticatedSignIn = false 使用 HttpContext.SingIn 不会报错,代码改动如下:

  var isUser = new IdentityServerUser(user.Id.ToString());
                var principal = isUser.CreatePrincipal();
                principal.AddIdentity(
                new ClaimsIdentity(
                                new List<Claim>
                                {
                                    new Claim(AbpClaimTypes.UserId,user.Id.ToString()),
                                    new Claim(AbpClaimTypes.UserName,user.UserName),
                                    new Claim(AbpClaimTypes.Email,user.Email)
                                }
                            )
                    );
                await HttpContext.SignInAsync(IdentityServerConstants.ExternalCookieAuthenticationScheme, principal);

但在跳转回 Angular 时,https://localhost:44361/api/abp/application-configuration 接口返回的仍然是没有登录,返回结果如下图所示:

所以我的问题的关键在于如何使当前用户登录上去,这块我理解的不到位,是否是根据 cookie 或者 access token 来实现校验的?api/abp/application-configuration 接口的源代码链接方便发我一下么。 另外想问下是否提供远程协助。

PS:不使用 Abp 框架中的 angular 部分, 采用 asp.net 来测试是否可以跑通,我认为意义不是很大。

随时期待您的回复。

很抱歉,因为第三方的认证需要内网才可以进行,这意味着您无法进行认证的调试,所以您是否还需要项目?

你好。我已经完成了第三方认证部分,获得了所需的用户信息,并且在数据库中查到了该用户,现在需要做的是登录并且返回到客户端站点,但我遇到了一个如上所示的异常信息,如果我将 ConfigureAuthentication 中的 RequireAuthenticatedSignIn 设置为 false 后,该问题即不存在,会跳转到客户端,但是并没有登录成功。希望能得到您的帮助。谢谢!

  • ABP Framework version: v4.4.3
  • UI type: Angular
  • DB provider: EF Core
  • Tiered Identity Server Separated (Angular): yes
  • Exception message and stack trace:

InvalidOperationException: SignInAsync when principal.Identity.IsAuthenticated is false is not allowed when AuthenticationOptions.RequireAuthenticatedSignIn is true. Microsoft.AspNetCore.Authentication.AuthenticationService.SignInAsync(HttpContext context, string scheme, ClaimsPrincipal principal, AuthenticationProperties properties) IdentityServer4.Hosting.IdentityServerAuthenticationService.SignInAsync(HttpContext context, string scheme, ClaimsPrincipal principal, AuthenticationProperties properties) Siemens.LDA.CleanOrder.Controllers.AuthenticationController.ExternalLoginBackAsync() in AuthenticationController.cs await HttpContext.SignInAsync(IdentityServerConstants.ExternalCookieAuthenticationScheme, lambda_method1783(Closure , object ) Microsoft.AspNetCore.Mvc.Infrastructure.ActionMethodExecutor+TaskOfActionResultExecutor.Execute(IActionResultTypeMapper mapper, ObjectMethodExecutor executor, object controller, object[] arguments) System.Threading.Tasks.ValueTask<TResult>.get_Result()

  • Steps to reproduce the issue:"

    • ConfigureAuthentication
         context.Services.AddAuthentication(options=>
            {
                //options.RequireAuthenticatedSignIn = false;
            })
                .AddJwtBearer(options =>
                {
                    options.Authority = configuration["AuthServer:Authority"];
                    options.RequireHttpsMetadata = Convert.ToBoolean(configuration["AuthServer:RequireHttpsMetadata"]);
                    options.Audience = "CleanOrder";
                    options.BackchannelHttpHandler = new HttpClientHandler
                    {
                        ServerCertificateCustomValidationCallback =
                            HttpClientHandler.DangerousAcceptAnyServerCertificateValidator
                    };
                })       //.AddCookie("CleanOrder.MyId")
       .AddOpenIdConnect("MyId", "OpenID Connect", options =>
         {
             options.SignInScheme = IdentityServerConstants.ExternalCookieAuthenticationScheme;
             options.SignOutScheme = IdentityServerConstants.SignoutScheme;
             options.Authority = "https://myid.siemens.com/";
             options.CallbackPath = "/";
             options.ClientSecret = configuration["MyIdAuthServer:ClientSecret"];
             options.ClientId = configuration["MyIdAuthServer:ClientId"];
             options.ResponseType = OpenIdConnectResponseType.Code;
             options.SaveTokens = true;
             //options.SignedOutRedirectUri = "http://localhost:4300";
             options.BackchannelHttpHandler = new HttpClientHandler
             {
                 ServerCertificateCustomValidationCallback =
                            HttpClientHandler.DangerousAcceptAnyServerCertificateValidator
             };       
    
    • Environment (Angular)
    oAuthConfig: {
    issuer: 'https://myid.siemens.com',
    redirectUri: 'https://localhost:44361/authentication/token',
    clientId: 'ClienID',
    responseType: 'code',
    scope: 'openid profile email',
    }
    
    • Controller
     [HttpGet("token")]
        public ActionResult AuthAsync()
        {
            Console.WriteLine("===========token==================");
            var callbackUrl = Url.Action("ExternalLoginback");
            var properties = new AuthenticationProperties()
            {
                // actual redirect endpoint for your app
                RedirectUri = callbackUrl,
                AllowRefresh = true,
            };
            return Challenge(properties, "MyId");
        }
    
        [HttpGet("signin-oidc")]
        public async Task<RedirectResult> ExternalLoginBackAsync()
        {
            Console.WriteLine("===========callback==================");
            // read external identity from the temporary cookie
            var result = await HttpContext.AuthenticateAsync(IdentityServerConstants.ExternalCookieAuthenticationScheme);
            if (result?.Succeeded != true)
            {
                throw new Exception("External authentication error");
            }
    
            // retrieve claims of the external user
            var externalUser = result.Principal;
            if (externalUser == null)
            {
                throw new Exception("External authentication error");
            }
    
            // retrieve claims of the external user
            var claims = externalUser.Claims.ToList();
    
            // try to determine the unique id of the external user - the most common claim type for that are the sub claim and the NameIdentifier
            // depending on the external provider, some other claim type might be used
            var userIdClaim = claims.FirstOrDefault(x => x.Type == JwtClaimTypes.Subject);
            if (userIdClaim == null)
            {
                userIdClaim = claims.FirstOrDefault(x => x.Type == ClaimTypes.NameIdentifier);
            }
            if (userIdClaim == null)
            {
                throw new Exception("Unknown userid");
            }
    
            var externalUserId = userIdClaim.Value;
            var externalProvider = userIdClaim.Issuer;
    
            // get userInfo
            var user = await _appUserService.GetByUserNameAsync(externalUserId.Split('|')[1]);
            var clientUrl = _configuration["App:ClientUrl"];
            if (user != null)
            {
                              // issue authentication cookie for user
                await HttpContext.SignInAsync(IdentityServerConstants.ExternalCookieAuthenticationScheme,
                    new ClaimsPrincipal(
                        new ClaimsIdentity(
                                    new List<Claim>
                                    {
                                    new Claim(AbpClaimTypes.UserId,user.Id.ToString()),
                                    new Claim(AbpClaimTypes.UserName,user.UserName),
                                    new Claim(AbpClaimTypes.Email,user.Email)
                                    }
                                )
                    )
              );
                //delete temporary cookie used during external authentication
                //await HttpContext.SignOutAsync(IdentityServerConstants.ExternalCookieAuthenticationScheme);
            }
            else
            {
                clientUrl += "/userNotExsit";
            }
            return Redirect(clientUrl);
        }
    

It is the first time to integrate third-party authentication system. I have limited knowledge of authentication and experience with JWT Access Token. I need help.

Showing 31 to 35 of 35 entries
Made with ❤️ on ABP v9.1.0-preview. Updated on November 20, 2024, 13:06