问题
I'm migrating a Web Forms application from Forms Authentication to OpenID Connect (using OWIN and IdentityServer3). The application already has a lot of 'authorization' elements (for various locations) in the web.config which I would like to reuse after migrating to OWIN.
<authorization>
<deny users="?" />
</authorization>
<location path="Path/Page.aspx">
<system.web>
<authorization>
<allow users="*" />
</authorization>
</system.web>
</location>
...
The problem is that after I switch to OWIN instead of being redirected to the login page and I get a 401 (unauthorized).
At the moment the only way to redirect the user to the login page is to manually make a challenge in the Page_Load event:
if (!Request.IsAuthenticated)
{
HttpContext.Current.GetOwinContext().Authentication.Challenge();
}
This is how my Startup.Auth looks like:
public void ConfigureAuth(IAppBuilder app)
{
//reset the mapping dictionary to ensure the claims are not mapped to .NET standard claims
JwtSecurityTokenHandler.InboundClaimTypeMap = new Dictionary<string, string>();
app.UseCookieAuthentication(new CookieAuthenticationOptions
{
AuthenticationType = "ApplicationCookie",
AuthenticationMode = AuthenticationMode.Active
});
app.UseOpenIdConnectAuthentication(new OpenIdConnectAuthenticationOptions
{
ClientId = "id",
Authority = IdentityConstants.BaseAddress,
RedirectUri = "uri",
ResponseType = "code id_token token",
SignInAsAuthenticationType = "ApplicationCookie",
Scope = "openid profile email roles offline_access",
...
}
...
Is there a way to leverage the existing authorization elements in web config so that I don't have to make these checks again in the code?
回答1:
Add following code after app.UseOpenIdConnectAuthentication:
app.UseStageMarker(PipelineStage.Authenticate);
This will instruct Owin to run in the integrated pipeline.
来源:https://stackoverflow.com/questions/37295183/owin-challenge-not-triggered-when-using-web-config-authorization-elements