经过长时间的搜寻后,这是修复:
的OWIN中间件UseOpenIdConnectAuthentication
已在Options
属性的属性Notifications
。 This Notifications
property has func
SecurityTokenValidated
。在这个函数中你可以修改重定向Uri。
app.UseOpenIdConnectAuthentication(
new OpenIdConnectAuthenticationOptions
{
Authority = "https://idp.io",
ClientId = "clientid",
RedirectUri = "https://mywebsite.io",
ResponseType = "code id_token token",
Scope = "openid profile",
SignInAsAuthenticationType = "Cookies",
UseTokenLifetime = false,
Notifications = new OpenIdConnectAuthenticationNotifications
{
SecurityTokenValidated = notification =>
{
notification.AuthenticationTicket.Properties.RedirectUri = RewriteToPublicOrigin(notification.AuthenticationTicket.Properties.RedirectUri);
return Task.CompletedTask;
}
}
});
这是重写URL到公共原点功能:
private static string RewriteToPublicOrigin(string originalUrl)
{
var publicOrigin = ConfigurationManager.AppSettings["app:identityServer.PublicOrigin"];
if (!string.IsNullOrEmpty(publicOrigin))
{
var uriBuilder = new UriBuilder(originalUrl);
var publicOriginUri = new Uri(publicOrigin);
uriBuilder.Host = publicOriginUri.Host;
uriBuilder.Scheme = publicOriginUri.Scheme;
uriBuilder.Port = publicOriginUri.Port;
var newUrl = uriBuilder.Uri.AbsoluteUri;
return newUrl;
}
return originalUrl;
}
现在OpenIdConnect
将用户重定向到公众的URL,而不是非公开的Web服务器的URL。