Update OpenIdConnectSample
1. Add instruction for OpenIdConnectSample 2. Clear unused using statements 3. Hardcoded server URL in `Program.cs`
This commit is contained in:
parent
61d03b9316
commit
6cee57752f
|
|
@ -17,6 +17,7 @@ namespace OpenIdConnectSample
|
||||||
var serverCertificate = LoadCertificate();
|
var serverCertificate = LoadCertificate();
|
||||||
options.UseHttps(serverCertificate);
|
options.UseHttps(serverCertificate);
|
||||||
})
|
})
|
||||||
|
.UseUrls("https://localhost:44318")
|
||||||
.UseContentRoot(Directory.GetCurrentDirectory())
|
.UseContentRoot(Directory.GetCurrentDirectory())
|
||||||
.UseIISIntegration()
|
.UseIISIntegration()
|
||||||
.UseStartup<Startup>()
|
.UseStartup<Startup>()
|
||||||
|
|
|
||||||
|
|
@ -0,0 +1,44 @@
|
||||||
|
# How to set up the sample locally
|
||||||
|
|
||||||
|
The OpenIdConnect sample supports multilpe authentication providers. In these instruction, we will explore how to set up this sample with both Azure Active Directory and Google Identity Platform
|
||||||
|
|
||||||
|
## Determine your development environment and a few key variables
|
||||||
|
|
||||||
|
This sample is configured to run on port __44318__ locally. In Visual Studio, the setting is carried out in `.\properties\launchSettings.json`. When the application is run from command line, the URL is coded in `Program.cs`.
|
||||||
|
|
||||||
|
If the application is run from command line or terminal, environment variable ASPNETCORE_ENVIRONMENT should be set to DEVELOPMENT to enable user secret.
|
||||||
|
|
||||||
|
## Configure the Authorization server
|
||||||
|
|
||||||
|
### Configure with Azure Active Directory
|
||||||
|
|
||||||
|
1. Set up a new Azure Active Directory (AAD) in your Azure Subscription.
|
||||||
|
2. Open the newly created AAD in Azure web portal
|
||||||
|
3. Navigate to the Applications tab
|
||||||
|
4. Add a new Application to the AAD. Set the "Sign-on URL" to sample application's URL.
|
||||||
|
5. Naigate to the Application, and click the Configure tab.
|
||||||
|
6. Find and save the "Client Id".
|
||||||
|
7. Add a new key in the "Keys" section. Save value of the key, which is the "Client Secret".
|
||||||
|
8. Click the "View Endpoints" on the drawer, a dialog will shows six endpoint URLs. Copy the "OAuth 2.0 Authorization Endpoint" to a text editor and remove the "/oauth2/authorize" from the string. The remaining part is the __authority URL__. It looks like __https://login.microsoftonline.com/<guid>__
|
||||||
|
|
||||||
|
### Configure with Google Identity Platform
|
||||||
|
|
||||||
|
1. Create a new project through [Google APIs](console.developers.google.com)
|
||||||
|
2. In the sidebar choose "Credentials"
|
||||||
|
3. Navigate to "OAuth consent screen" tab, fill in the project name and save.
|
||||||
|
4. Navigate to "Credentials" tab. Click "Create credentials". Choose "OAuth client ID".
|
||||||
|
5. Select "Web application" as the application type. Fill in the "Authorized redirect URIs" with __https://localhost:44318/signin-oidc__
|
||||||
|
6. Save the "Client ID" and "Client Secret" shown in the dialog.
|
||||||
|
7. Save the "Authority URL" for Google Authentication is __https://accounts.google.com/
|
||||||
|
|
||||||
|
## Configure the sample application
|
||||||
|
|
||||||
|
1. Restore the application.
|
||||||
|
2. Set user secrets
|
||||||
|
|
||||||
|
```
|
||||||
|
dotnet user-secrets set oidc:clientid <Client Id>
|
||||||
|
dotnet user-secrets set oidc:clientsecret <Client Secret>
|
||||||
|
dotnet user-secrets set oidc:authority <Authority URL>
|
||||||
|
```
|
||||||
|
|
||||||
|
|
@ -86,6 +86,7 @@ namespace OpenIdConnectSample
|
||||||
await context.Response.WriteAsync($"</body></html>");
|
await context.Response.WriteAsync($"</body></html>");
|
||||||
return;
|
return;
|
||||||
}
|
}
|
||||||
|
|
||||||
if (context.Request.Path.Equals("/signout"))
|
if (context.Request.Path.Equals("/signout"))
|
||||||
{
|
{
|
||||||
await context.Authentication.SignOutAsync(CookieAuthenticationDefaults.AuthenticationScheme);
|
await context.Authentication.SignOutAsync(CookieAuthenticationDefaults.AuthenticationScheme);
|
||||||
|
|
@ -95,6 +96,7 @@ namespace OpenIdConnectSample
|
||||||
await context.Response.WriteAsync($"</body></html>");
|
await context.Response.WriteAsync($"</body></html>");
|
||||||
return;
|
return;
|
||||||
}
|
}
|
||||||
|
|
||||||
if (context.Request.Path.Equals("/signout-remote"))
|
if (context.Request.Path.Equals("/signout-remote"))
|
||||||
{
|
{
|
||||||
// Redirects
|
// Redirects
|
||||||
|
|
@ -105,6 +107,7 @@ namespace OpenIdConnectSample
|
||||||
});
|
});
|
||||||
return;
|
return;
|
||||||
}
|
}
|
||||||
|
|
||||||
if (context.Request.Path.Equals("/Account/AccessDenied"))
|
if (context.Request.Path.Equals("/Account/AccessDenied"))
|
||||||
{
|
{
|
||||||
await context.Authentication.SignOutAsync(CookieAuthenticationDefaults.AuthenticationScheme);
|
await context.Authentication.SignOutAsync(CookieAuthenticationDefaults.AuthenticationScheme);
|
||||||
|
|
|
||||||
|
|
@ -33,9 +33,10 @@
|
||||||
},
|
},
|
||||||
"userSecretsId": "aspnet5-OpenIdConnectSample-20151210110318",
|
"userSecretsId": "aspnet5-OpenIdConnectSample-20151210110318",
|
||||||
"tools": {
|
"tools": {
|
||||||
"Microsoft.AspNetCore.Server.IISIntegration.Tools": "1.0.0-*"
|
"Microsoft.AspNetCore.Server.IISIntegration.Tools": "1.0.0-*",
|
||||||
|
"Microsoft.Extensions.SecretManager.Tools": "1.0.0-*"
|
||||||
},
|
},
|
||||||
"scripts": {
|
"scripts": {
|
||||||
"postpublish": "dotnet publish-iis --publish-folder %publish:OutputPath% --framework %publish:FullTargetFramework%"
|
"postpublish": "dotnet publish-iis --publish-folder %publish:OutputPath% --framework %publish:FullTargetFramework%"
|
||||||
}
|
}
|
||||||
}
|
}
|
||||||
|
|
|
||||||
Loading…
Reference in New Issue