我有一个使用 OpenIdConnect 向 Azure Active Directory 进行身份验证的应用程序。一切工作正常,除非我从 Office 应用程序(excel/word)链接到我的网站。从这些应用程序中,我收到“异常:关联失败。”。
根据我的研究,办公室似乎首先执行 302 重定向,然后打开该页面而不是原始链接。
See: https://github.com/aspnet/Security/issues/1252 https://github.com/aspnet/Security/issues/1252
在提出如何处理这种情况的建议之后。我不想对身份验证流程进行很多更改并引入错误。
当检测到 Excel 用户代理时,我尝试重定向到网站上的其他页面。我认为这样就会设置正确的 cookie,并且我可以从那里重定向到请求的页面,然后触发授权。虽然没有运气
OnRedirectToIdentityProvider = context =>
{
if (context.Request.Headers["User-Agent"].ToString().Contains("Microsoft Office Excel"))
{
string redirect = context.Request.Scheme + "://" + context.Request.Host + context.Request.PathBase + "/Home/Office" + "?url=" + context.Request.Scheme + "://" + context.Request.Host + context.Request.PathBase + context.Request.Path;
context.Response.Clear();
context.Response.Redirect(redirect);
context.HandleResponse();
return Task.CompletedTask;
}
}
我能够使用 owin 中间件实现一个不错的解决方案。很大程度上是在这篇文章的帮助下:https://github.com/aspnet/AspNetKatana/issues/78 https://github.com/aspnet/AspNetKatana/issues/78
我曾经需要将其转换为.net core 2.0。这是转换后的代码:
public class MsOfficeLinkPrefetchMiddleware
{
RequestDelegate _next;
public MsOfficeLinkPrefetchMiddleware(RequestDelegate next)
{
_next = next;
}
public Task Invoke(HttpContext context)
{
if (Is(context, HttpMethod.Get, HttpMethod.Head) && IsMsOffice(context))
{
// Mitigate by preempting auth challenges to MS Office apps' preflight requests and
// let the real browser start at the original URL and handle all redirects and cookies.
// Success response indicates to Office that the link is OK.
context.Response.StatusCode = (int)HttpStatusCode.OK;
context.Response.Headers["Cache-Control"] = "no-cache, no-store, must-revalidate";
context.Response.Headers["Pragma"] = "no-cache";
context.Response.Headers["Expires"] = "0";
}
else if (_next != null)
{
return _next.Invoke(context);
}
return Task.CompletedTask;
}
private static bool Is(HttpContext context, params HttpMethod[] methods)
{
var requestMethod = context.Request.Method;
return methods.Any(method => StringComparer.OrdinalIgnoreCase.Equals(requestMethod, method.Method));
}
private static readonly Regex _msOfficeUserAgent = new Regex(
@"(^Microsoft Office\b)|([\(;]\s*ms-office\s*[;\)])",
RegexOptions.CultureInvariant | RegexOptions.IgnoreCase | RegexOptions.Singleline | RegexOptions.Compiled);
private static bool IsMsOffice(HttpContext context)
{
var headers = context.Request.Headers;
var userAgent = headers["User-Agent"];
return _msOfficeUserAgent.IsMatch(userAgent)
|| !string.IsNullOrWhiteSpace(headers["X-Office-Major-Version"]);
}
}
Startup
app.UseMiddleware<MsOfficeLinkPrefetchMiddleware>();
希望这能够帮助将来的人。
本文内容由网友自发贡献,版权归原作者所有,本站不承担相应法律责任。如您发现有涉嫌抄袭侵权的内容,请联系:hwhale#tublm.com(使用前将#替换为@)