Geek Answers Handbook

User parameter with Microsoft.Owin.Security.OpenIdConnect and AzureAD v 2.0 endpoint

I am migrating my secure Azure AD application to v2.0 endpoint.

I need to pass a user parameter in the uri of the response. With the previous Azure AD endpoint, I did this by adding the usual request parameter to the response URL.e.g. https://myserver.com/myredirect_uri?mycustomparamerter=myvalue

Unfortunately, with the endpoint 2.0, I received an error stating that the uri response did not match the registered one. Of course, my custom parameter value is dynamic, and I can't hard code it.

I tried to use the "state" parameter described in the OAUTH stream . However I am using Microsoft.Owin.Security.OpenIdConnect, and it looks like the parameter is already set, so I can not use it. I am using a thread implementation that is based on MVC that looks like this sample .

Can anyone suggest a workaround so that my server receives a custom parameter in the response URL that was set at the beginning of the stream?

+3
source share
1 answer

, , , , auth OWIN.

Startup.Auth.cs OpenIdConnectAuthenticationOptions :

app.UseOpenIdConnectAuthentication(
  new OpenIdConnectAuthenticationOptions
  {
    //...
    Notifications = new OpenIdConnectAuthenticationNotifications
    {
      RedirectToIdentityProvider = OnRedirectToIdentityProvider,
      MessageReceived = OnMessageReceived
    },
  });

RedirectToIdentityProvider , - :

private Task OnRedirectToIdentityProvider(RedirectToIdentityProviderNotification<OpenIdConnectMessage, OpenIdConnectAuthenticationOptions> notification)
{
  var stateQueryString = notification.ProtocolMessage.State.Split('=');
  var protectedState = stateQueryString[1];
  var state = notification.Options.StateDataFormat.Unprotect(protectedState);
  state.Dictionary.Add("mycustomparameter", "myvalue");
  notification.ProtocolMessage.State = stateQueryString[0] + "=" + notification.Options.StateDataFormat.Protect(state);
  return Task.FromResult(0);
}

MessageReceived, , :

private Task OnMessageReceived(MessageReceivedNotification<OpenIdConnectMessage, OpenIdConnectAuthenticationOptions> notification)
{
  string mycustomparameter;
  var protectedState = notification.ProtocolMessage.State.Split('=')[1];
  var state = notification.Options.StateDataFormat.Unprotect(protectedState);
  state.Dictionary.TryGetValue("mycustomparameter", out mycustomparameter);
  return Task.FromResult(0);
}

, , / , .

+3

More articles:


All Articles