使用 Azure AD 时将用户重定向到自定义登录页面

问题描述

我正在使用以下代码示例将 Azure AD 登录插入我的应用程序 (https://github.com/AzureADSamples/WebApp-OpenIDConnect-DotNet).

I'm using the following code example to plug in Azure AD login to my application (https://github.com/AzureADSamples/WebApp-OpenIDConnect-DotNet).

我发现代码工作得很好，但是如果用户尚未登录或他们的会话已过期，我希望能够将用户重定向到自定义登录页面.然而，我正在努力让它发挥作用，并想知道这是否真的可能?

I'm finding that the code works just fine however I want to have to ability to redirect a user to a custom login page if the user hasn't logged in yet or their session has expired. I'm struggling however to get this to work and was wondering if this is indeed possible at all?

用户是否总是被重定向到 Azure AD 的 Microsoft 登录页面而不是您自己的自定义页面，还是我遗漏了某个设置?

Is it by design that the user is always redirected to the Microsoft Login page for Azure AD rather than your own custom page or is there a setting I've missed?

我修改了 FilterConfig.cs 中提供的代码以启用授权过滤器属性:

I've amended the supplied code in FilterConfig.cs to enable the Authorize filter attribute:

filters.Add(new AuthorizeAttribute());

我还在 web.config 中添加了以下内容，但没有效果:

I've also added the following to web.config but to no effect:

<authorization>
<allow users="?" />
</authorization>

在 Startup.Auth.cs 文件中，我看不到任何可能对 app.UseOpenIdConnectAuthentication 进行的更改，以允许我尽可能设置通用登录页面可能使用基于 cookie 的身份验证.

Within the Startup.Auth.cs file I cannot see any changes that are possible to app.UseOpenIdConnectAuthentication to allow me to set up a generic login page as I may possibly do with cookies based auth.

推荐答案

在重新检查代码后，我找到了问题的解决方案.

After some re going over the code I've found the solution to my issue.

在Startup.Auth.cs内:

app.UseCookieAuthentication(new CookieAuthenticationOptions {
   LoginPath = new PathString("/Account/Login")
});

app.UseOpenIdConnectAuthentication(
   new OpenIdConnectAuthenticationOptions {
      ClientId = clientId,
      Authority = authority,
      PostLogoutRedirectUri = postLogoutRedirectUri,
      AuthenticationMode = AuthenticationMode.Passive
});

包含 AuthenticationMode = AuthenticationMode.Passive 行似乎阻止 OpenIdConnectAuth 执行自动 302 重定向到 AAD 登录页面.

It's the inclusion of the AuthenticationMode = AuthenticationMode.Passive line which seems to stop OpenIdConnectAuth from performing the automatic 302 redirect to the AAD login pages.