How to implement Windows Authentication with IdentityServer 4

后端 未结 4 725
爱一瞬间的悲伤
爱一瞬间的悲伤 2021-01-31 11:10

How to correctly implement Windows Authentication with Identity server 4? Are there any samples to do that?

I looked at the source code of IdentityServer 4 and in the H

4条回答
  •  难免孤独
    2021-01-31 11:19

    Issue:

    Like me, you have probably ended up here after having followed all the ASP.NET Identity / IdentityServer 4 quickstarts and tutorials you can find in the hopes of getting your Windows Authentication working but failing with an exception of:

    Exception: External authentication error
        Host.Quickstart.Account.ExternalController.Callback() in ExternalController.cs, line 89
    

    You then may have discovered that result?.Succeeded is false after the call to HttpContext.AuthenticateAsync(...) in the Callback function and the rest of the results properties are null...


    Explanation:

    The reason for this is due to the fact that the authentication scheme being validated during the callback is IdentityConstants.ExternalScheme...

    However, during the ProcessWindowsLoginAsync function the call to HttpContext.SignInAsync is setup to use the authentication scheme of IdentityServerConstants.ExternalCookieAuthenticationScheme, which doesn't match what the callback is expecting and in turn causes your Windows Authentication attempt to fail.


    Solution:

    So all we need to do to resolve this problem is to change the call to HttpContext.SignInAsync to match the scheme expected by the callback:

    await HttpContext.SignInAsync(IdentityConstants.ExternalScheme, new ClaimsPrincipal(id), props);
    

    Having done this your login using Windows Authentication will be successful and your "victory dance" can begin!!!


    Big thanks to Dan for his answer!

    Without his solution I'd probably still be tearing hair out over this.

    Dan also mentions that you should change Properties.Items["scheme"] to "LoginProvider"...

    This is however unnecessary and will cause the FindUserFromExternalProviderAsync function to fail, as it expects the login provider to be supplied in the "scheme" property.

    The IdentityServer quickstart source seems to have been updated since Dan posted his answer, so I thought it best to post an update for those of you facing the same issue.

提交回复
热议问题