0
我是新来azure,令牌等...... 我有“挖掘”微软文档和谷歌和stackoverflow,但仍然没有得到充分的理解。Azure OpenId令牌验证
因此,我使用openId与Owin库从web应用程序(VS2013 .net 4.5.1)连接到天蓝色。我有一个代码做到这一点:
public void Configuration(IAppBuilder app)
{
app.SetDefaultSignInAsAuthenticationType(
CookieAuthenticationDefaults.AuthenticationType);
app.UseCookieAuthentication(new CookieAuthenticationOptions());
app.UseOpenIdConnectAuthentication(
new OpenIdConnectAuthenticationOptions
{
MetadataAddress = String.Format(aadInstance, tenant, policy),
AuthenticationType = policy,
ClientId = clientId,
RedirectUri = redirectUri,
PostLogoutRedirectUri = redirectUri,
Notifications = new OpenIdConnectAuthenticationNotifications
{
AuthenticationFailed = AuthenticationFailed
,SecurityTokenValidated = OnSecurityTokenValidated
,AuthorizationCodeReceived = OnAuthorizationCodeReceived
,SecurityTokenReceived = OnSecurityTokenReceived
},
Scope = "openid profile",
ResponseType = "id_token"
};
);
}
private Task OnSecurityTokenValidated(SecurityTokenValidatedNotification<OpenIdConnectMessage, OpenIdConnectAuthenticationOptions> notification)
{
var identity = notification.AuthenticationTicket.Identity;
var claims = notification.OwinContext.Authentication.User.Claims;
ClaimsPrincipal.Current.AddIdentity(identity);
return Task.FromResult(0);
}
而且它的工作,但微软文档中我发现下一个指令“目前,ID令牌签名但未加密当您的应用程序接收ID令牌,它必须。验证签名以证明令牌的真实性并验证令牌中的一些声明以证明其有效性。应用验证的声明取决于场景要求,但您的应用必须在每种情况下执行一些常见声明验证。
但有SecurityTokenValidated回调,其中有AuthenticationTicket。所以我仍然需要以某种方式验证令牌/打勾,或者现在它自动处理(我在军队中很强硬,没有任何事情自动发生,但仍然)?