IdentityServer4 Windows 身份验证缺少回调实现

Question

设置 Windows 身份验证的文档在这里：https://docs.identityserver.io/en/latest/topics/windows.html

但我不知道如何配置RedirectUri = Url.Action("Callback"), 行中提到的Callback() 方法，否则我什至应该使用它。

我尝试手动重定向回我的 Angular 应用程序的 https://<client:port>/auth-callback 路由，但出现错误：

Error: No state in response
    at UserManager.processSigninResponse (oidc-client.js:8308)

有人有建议的Callback 方法我可以使用代码+ pkce 与SPA 一起使用吗？我试过在 Google 上搜索，但目前没有使用 Windows 身份验证的示例应用程序，而且确实存在的应用程序很旧。

Answer 1

看看ExternalLoginCallback 方法。我还在下面粘贴了截至 2020 年 10 月 26 日的代码版本，以供将来参考，以防回购消失。

    /// <summary>
    /// Post processing of external authentication
    /// </summary>
    [HttpGet]
    public async Task<IActionResult> ExternalLoginCallback()
    {
        // read external identity from the temporary cookie
        var result = await HttpContext.AuthenticateAsync(IdentityConstants.ExternalScheme);
        if (result?.Succeeded != true)
        {
            throw new Exception("External authentication error");
        }

        // lookup our user and external provider info
        var (user, provider, providerUserId, claims) = await FindUserFromExternalProviderAsync(result);
        if (user == null)
        {
            // this might be where you might initiate a custom workflow for user registration
            // in this sample we don't show how that would be done, as our sample implementation
            // simply auto-provisions new external user
            user = await AutoProvisionUserAsync(provider, providerUserId, claims);
        }

        // this allows us to collect any additonal claims or properties
        // for the specific prtotocols used and store them in the local auth cookie.
        // this is typically used to store data needed for signout from those protocols.
        var additionalLocalClaims = new List<Claim>();
        additionalLocalClaims.AddRange(claims);

        var localSignInProps = new AuthenticationProperties();
        ProcessLoginCallbackForOidc(result, additionalLocalClaims, localSignInProps);
        ProcessLoginCallbackForWsFed(result, additionalLocalClaims, localSignInProps);
        ProcessLoginCallbackForSaml2p(result, additionalLocalClaims, localSignInProps);

        // issue authentication cookie for user
        // we must issue the cookie maually, and can't use the SignInManager because
        // it doesn't expose an API to issue additional claims from the login workflow
        var principal = await _signInManager.CreateUserPrincipalAsync(user);
        additionalLocalClaims.AddRange(principal.Claims);

        var name = principal.FindFirst(JwtClaimTypes.Name)?.Value ?? user.Id;
        await _events.RaiseAsync(new UserLoginSuccessEvent(provider, providerUserId, user.Id, name));

        // issue authentication cookie for user
        var isuser = new IdentityServerUser(principal.GetSubjectId())
        {
            DisplayName = name,
            IdentityProvider = provider,
            AdditionalClaims = additionalLocalClaims
        };

        await HttpContext.SignInAsync(isuser, localSignInProps);

        // delete temporary cookie used during external authentication
        await HttpContext.SignOutAsync(IdentityConstants.ExternalScheme);

        // validate return URL and redirect back to authorization endpoint or a local page
        var returnUrl = result.Properties.Items["returnUrl"];
        if (_interaction.IsValidReturnUrl(returnUrl) || Url.IsLocalUrl(returnUrl))
        {
            return Redirect(returnUrl);
        }

        return Redirect("~/");
    }