我试图在用户尝试登录时将自定义标头值(无cookie)传递给IdentityServer4。这是它的所有设置。
自定义授权属性:
[AttributeUsage(AttributeTargets ….
您可以将自定义参数传递给授权端点。如果您使用的是OpenID Connect Middleware,则可以将该值添加到授权请求的查询字符串中 OnRedirectToIdentityProvider 功能:
OnRedirectToIdentityProvider
services.AddAuthentication(options => { options.DefaultScheme = "Cookies"; options.DefaultChallengeScheme = "oidc"; }) .AddCookie("Cookies") //hybrid flow .AddOpenIdConnect("oidc", options => { options.SignInScheme = "Cookies"; options.Authority = "http://localhost:62888/"; options.RequireHttpsMetadata = false; options.ClientId = "mvc2"; options.ClientSecret = "secret"; options.ResponseType = "code id_token"; options.SaveTokens = true; options.GetClaimsFromUserInfoEndpoint = true; options.Scope.Add("api1"); options.Scope.Add("offline_access"); options.Events.OnRedirectToIdentityProvider = async n => { var headerValue = n.HttpContext.Request.Headers["X-CustomId"]; n.ProtocolMessage.SetParameter("X-CustomId", headerValue.ToString()); await Task.FromResult(0); }; });
然后在登录页面中,您可以轻松获取querString:
[HttpGet] [AllowAnonymous] public async Task<IActionResult> Login(string returnUrl = null) { var queryString = HttpContext.Request.Query["returnUrl"].ToString(); // Clear the existing external cookie to ensure a clean login process await HttpContext.SignOutAsync(IdentityConstants.ExternalScheme); ViewData["ReturnUrl"] = returnUrl; return View(); }
然后prase the queryString 获得X-CustomId的价值:
queryString