ログイン ページへのリダイレクト (302) を引き起こす 401 応答に問題があります。私のアプリケーションでは、MVC と Web API の両方を使用しています。OpenID と Azure Active Directory を使用してユーザーを認証しています。私の認証設定は次のとおりです。
private static string clientId = ConfigurationManager.AppSettings["ida:ClientId"];
private static string appKey = ConfigurationManager.AppSettings["ida:AppKey"];
private static string aadInstance = ConfigurationManager.AppSettings["ida:AADInstance"];
private static string tenant = ConfigurationManager.AppSettings["ida:Tenant"];
private static string postLogoutRedirectUri = ConfigurationManager.AppSettings["ida:PostLogoutRedirectUri"];
private static string graphResourceId = ConfigurationManager.AppSettings["ida:GraphResourceId"];
public static readonly string authority = String.Format(CultureInfo.InvariantCulture, aadInstance, tenant);
MvcApplication mvcApplication = HttpContext.Current.ApplicationInstance as MvcApplication;
public void ConfigureAuth(IAppBuilder app)
{
OpenIdConnectAuthenticationOptions openIdConnectAuthenticationOptions = new OpenIdConnectAuthenticationOptions
{
ClientId = clientId,
Authority = authority,
PostLogoutRedirectUri = postLogoutRedirectUri,
AuthenticationMode = AuthenticationMode.Active,
Notifications = new OpenIdConnectAuthenticationNotifications()
{
SecurityTokenValidated = (context) =>
{
string userId = context.AuthenticationTicket.Identity.FindFirst(ClaimTypes.Name).Value;
IUserManager userManager = mvcApplication.CurrentContainer.Resolve<IUserManager>();
if(!userManager.IsUserEnrolled(userId))
{
string givenName = context.AuthenticationTicket.Identity.FindFirst(ClaimTypes.GivenName).Value;
string surname = context.AuthenticationTicket.Identity.FindFirst(ClaimTypes.Surname).Value;
userManager.EnrolUser(userId, givenName, surname);
Claim groupSuper = context.AuthenticationTicket.Identity.Claims.FirstOrDefault(c => c.Type == "groups" && c.Value.Equals(AADClaimTypes.Super, StringComparison.CurrentCultureIgnoreCase));
if(groupSuper != null)
{
userManager.AddClaim(userId, CharitableClaimTypes.Super, userId);
}
}
List<Claim> claims = userManager.GetUserClaims(userId);
if(claims != null && claims.Count() > 0)
{
OpenIdClaimsAuthenticationManager openIdClaimsAuthenticationManager = new OpenIdClaimsAuthenticationManager();
openIdClaimsAuthenticationManager.Authenticate(context.AuthenticationTicket.Identity, claims);
}
return Task.FromResult(0);
},
RedirectToIdentityProvider = (context) =>
{
context.ProtocolMessage.RedirectUri = context.Request.Uri.ToString();
context.ProtocolMessage.PostLogoutRedirectUri = postLogoutRedirectUri;
return Task.FromResult(0);
},
AuthorizationCodeReceived = (context) =>
{
Claim objectIdentifierClaim = context.AuthenticationTicket.Identity.FindFirst("http://schemas.microsoft.com/identity/claims/objectidentifier");
if(objectIdentifierClaim != null)
{
ClientCredential credential = new ClientCredential(clientId, appKey);
string objectIdentifier = objectIdentifierClaim.Value;
string code = context.Code;
Uri redirectUri = new Uri(HttpContext.Current.Request.Url.GetLeftPart(UriPartial.Path));
AuthenticationContext authContext = new AuthenticationContext(authority);//, new NaiveSessionCache(objectIdentifier));
AuthenticationResult result = authContext.AcquireTokenByAuthorizationCode(code, redirectUri, credential, graphResourceId);
}
return Task.FromResult(0);
}
}
};
CookieAuthenticationOptions cookieAuthenticationOptions = new CookieAuthenticationOptions()
{
AuthenticationType = OpenIdConnectAuthenticationDefaults.AuthenticationType
};
app.SetDefaultSignInAsAuthenticationType(OpenIdConnectAuthenticationDefaults.AuthenticationType);// CookieAuthenticationDefaults.AuthenticationType);
app.UseCookieAuthentication(cookieAuthenticationOptions);
app.UseOpenIdConnectAuthentication(openIdConnectAuthenticationOptions);
Web API 呼び出しで 401 が生成された場合、そのステータスをクライアントに返す必要があります。here、here、hereなどの多くの記事を読みましたが、実用的な解決策を得ることができませんでした。最後のリンクの返信で提案されているように、404 を返すこともできますが、そうしないことをお勧めします。誰でもアプローチを提案できますか?