1. 首页
  2. 问答
  3. 不接收来自使用Owin的Azure AD登录的电子邮件OpenIdConnect

不接收来自使用Owin的Azure AD登录的电子邮件OpenIdConnect

2015-11-17 33 views
0

我有一个MVC Web应用程序,它使用Owin的OpenIdConnector OAuth提供程序对多租户Azure AD目录进行身份验证。不接收来自使用Owin的Azure AD登录的电子邮件OpenIdConnect

我可以重定向到Microsoft登录页面并返回到我的应用程序,但是当我调用GetExternalLoginInfo方法时,Email属性始终为空。

我怀疑这是因为我在应用程序上设置的权限,但我无法找到我应该请求的电子邮件的正确权限。

我请求的权限: permissions requested

我OpenIDConnect配置Startup.Auth.cs

string clientId = "ClientId"; 
string appKey = "Client Secret"; 
string graphResourceID = "https://graph.windows.net"; 
string Authority = "https://login.microsoftonline.com/common/"; 

app.UseOpenIdConnectAuthentication(
    new OpenIdConnectAuthenticationOptions 
    { 
     ClientId = clientId, 
     Authority = Authority, 
     TokenValidationParameters = new System.IdentityModel.Tokens.TokenValidationParameters 
     { 
      ValidateIssuer = false, 
     }, 
     Notifications = new OpenIdConnectAuthenticationNotifications() 
     { 
      AuthorizationCodeReceived = (context) => 
      { 
       var code = context.Code; 
       ClientCredential credential = new ClientCredential(clientId, appKey); 
       string tenantID = context.AuthenticationTicket.Identity.FindFirst("http://schemas.microsoft.com/identity/claims/tenantid").Value; 
       string signedInUserID = context.AuthenticationTicket.Identity.FindFirst(ClaimTypes.NameIdentifier).Value; 

       AuthenticationContext authContext = new AuthenticationContext(string.Format("https://login.microsoftonline.com/{0}", tenantID)); 
       AuthenticationResult result = authContext.AcquireTokenByAuthorizationCode(
          code, new Uri(HttpContext.Current.Request.Url.GetLeftPart(UriPartial.Path)), credential, graphResourceID); 

       return Task.FromResult(0); 
       }, 
       RedirectToIdentityProvider = (context) => 
       { 
        string appBaseUrl = context.Request.Scheme + "://" + context.Request.Host + context.Request.PathBase; 
        context.ProtocolMessage.RedirectUri = appBaseUrl + "/"; 
        context.ProtocolMessage.PostLogoutRedirectUri = appBaseUrl; 
        return Task.FromResult(0); 
       }, 
       SecurityTokenValidated = (context) => 
       { 
        // retriever caller data from the incoming principal 
        string issuer = context.AuthenticationTicket.Identity.FindFirst("iss").Value; 
        string UPN = context.AuthenticationTicket.Identity.FindFirst(ClaimTypes.Name).Value; 
        string tenantID = context.AuthenticationTicket.Identity.FindFirst("http://schemas.microsoft.com/identity/claims/tenantid").Value; 

        return Task.FromResult(0); 
       }, 
       AuthenticationFailed = (context) => 
       {       context.OwinContext.Response.Redirect("/Home/Error"); 
        context.HandleResponse(); // Suppress the exception 
        return Task.FromResult(0); 
       } 
      } 
     });

来源

2015-11-17 Steve

回答

0

建立OpenIdConnectOptions时,您可能需要指定挑战的范围。当您的认证方案发出“挑战”时,范围决定请求/挑战的要求。

var options = new OpenIdConnectOptions() 
{ 
    // .... Your existing options   
}; 

//You'll need to check what sort of attributes you can request from azure 
options.Scope.Add("profile") 

app.UseOpenIdConnectAuthentication(options);

来源

2016-03-13 23:58:19

相关问题

 相关问题