Login über SSO
This commit is contained in:
@@ -1,7 +1,40 @@
|
||||
@page "/"
|
||||
@using Microsoft.AspNetCore.Components.Authorization
|
||||
@inject AuthenticationStateProvider AuthStateProvider
|
||||
|
||||
<PageTitle>Home</PageTitle>
|
||||
<MudText Typo="Typo.h3" Class="mb-4">Zahlen-Analyse</MudText>
|
||||
|
||||
<h1>Hello, world!</h1>
|
||||
<AuthorizeView>
|
||||
<Authorized>
|
||||
<MudText Typo="Typo.body1">Willkommen zurück, @context.User.Identity?.Name!</MudText>
|
||||
<MudText Typo="Typo.body2" Color="Color.Secondary">Deine Pocket-ID (Sub): @_userId</MudText>
|
||||
|
||||
Welcome to your new app.
|
||||
<MudButton Link="/logout" Variant="Variant.Filled" Color="Color.Error" Class="mt-2">
|
||||
Abmelden
|
||||
</MudButton>
|
||||
</Authorized>
|
||||
<NotAuthorized>
|
||||
<MudText Typo="Typo.body1" Class="mb-2">Bitte melde dich an, um deine Workspaces zu verwalten.</MudText>
|
||||
<MudButton Link="/login" Variant="Variant.Filled" Color="Color.Primary">
|
||||
Mit Pocket-ID anmelden
|
||||
</MudButton>
|
||||
</NotAuthorized>
|
||||
</AuthorizeView>
|
||||
|
||||
@code {
|
||||
private string _userId = string.Empty;
|
||||
|
||||
protected override async Task OnInitializedAsync()
|
||||
{
|
||||
var authState = await AuthStateProvider.GetAuthenticationStateAsync();
|
||||
var user = authState.User;
|
||||
|
||||
if (user.Identity?.IsAuthenticated == true)
|
||||
{
|
||||
// Das ist der "sub"-Claim (Subject), den wir als OwnerId in RavenDB nutzen
|
||||
_userId = user.FindFirst(c => c.Type == "http://schemas.xmlsoap.org/ws/2005/05/identity/claims/nameidentifier")?.Value
|
||||
?? user.FindFirst("sub")?.Value
|
||||
?? string.Empty;
|
||||
}
|
||||
}
|
||||
}
|
||||
+62
-2
@@ -1,6 +1,13 @@
|
||||
using ZahlenAnalyse.Web.Components;
|
||||
using MudBlazor.Services;
|
||||
using Raven.Client.Documents;
|
||||
using Microsoft.AspNetCore.Authentication;
|
||||
using Microsoft.AspNetCore.Authentication.Cookies;
|
||||
using Microsoft.AspNetCore.Authentication.OpenIdConnect;
|
||||
using Microsoft.IdentityModel.Tokens;
|
||||
using DotNetEnv;
|
||||
|
||||
Env.Load();
|
||||
|
||||
var builder = WebApplication.CreateBuilder(args);
|
||||
|
||||
@@ -11,12 +18,43 @@ builder.Services.AddMudServices();
|
||||
|
||||
var store = new DocumentStore
|
||||
{
|
||||
Urls = new[] { "http://localhost:8080" },
|
||||
Database = "ZahlenAnalyse"
|
||||
Urls = new[] { builder.Configuration["RavenDb:Urls"] },
|
||||
Database = builder.Configuration["RavenDb:Database"]
|
||||
};
|
||||
store.Initialize();
|
||||
builder.Services.AddSingleton<IDocumentStore>(store);
|
||||
|
||||
builder.Services.AddCascadingAuthenticationState();
|
||||
|
||||
builder.Services.AddAuthentication(options =>
|
||||
{
|
||||
options.DefaultScheme = CookieAuthenticationDefaults.AuthenticationScheme;
|
||||
options.DefaultChallengeScheme = OpenIdConnectDefaults.AuthenticationScheme;
|
||||
})
|
||||
.AddCookie(CookieAuthenticationDefaults.AuthenticationScheme)
|
||||
.AddOpenIdConnect(OpenIdConnectDefaults.AuthenticationScheme, options =>
|
||||
{
|
||||
var pocketIdConfig = builder.Configuration.GetSection("PocketId");
|
||||
|
||||
options.Authority = pocketIdConfig["Authority"];
|
||||
options.ClientId = pocketIdConfig["ClientId"];
|
||||
options.ClientSecret = pocketIdConfig["ClientSecret"];
|
||||
|
||||
options.ResponseType = "code";
|
||||
options.SaveTokens = true;
|
||||
|
||||
// Wichtig für lokale Dev-Umgebungen ohne HTTPS-Zertifikatsprüfung (falls nötig)
|
||||
// options.RequireHttpsMetadata = false;
|
||||
|
||||
options.TokenValidationParameters = new TokenValidationParameters
|
||||
{
|
||||
NameClaimType = "name",
|
||||
RoleClaimType = "roles"
|
||||
};
|
||||
});
|
||||
|
||||
builder.Services.AddAuthorization();
|
||||
|
||||
|
||||
var app = builder.Build();
|
||||
|
||||
@@ -33,7 +71,29 @@ app.UseHttpsRedirection();
|
||||
app.UseAntiforgery();
|
||||
|
||||
app.MapStaticAssets();
|
||||
|
||||
app.UseAuthentication();
|
||||
app.UseAuthorization();
|
||||
|
||||
app.MapRazorComponents<App>()
|
||||
.AddInteractiveServerRenderMode();
|
||||
|
||||
|
||||
app.MapGet("/login", async (HttpContext context) =>
|
||||
{
|
||||
await context.ChallengeAsync(OpenIdConnectDefaults.AuthenticationScheme, new AuthenticationProperties
|
||||
{
|
||||
RedirectUri = "/"
|
||||
});
|
||||
});
|
||||
|
||||
app.MapGet("/logout", async (HttpContext context) =>
|
||||
{
|
||||
await context.SignOutAsync(CookieAuthenticationDefaults.AuthenticationScheme);
|
||||
await context.SignOutAsync(OpenIdConnectDefaults.AuthenticationScheme, new AuthenticationProperties
|
||||
{
|
||||
RedirectUri = "/"
|
||||
});
|
||||
});
|
||||
|
||||
app.Run();
|
||||
|
||||
@@ -8,6 +8,8 @@
|
||||
</PropertyGroup>
|
||||
|
||||
<ItemGroup>
|
||||
<PackageReference Include="DotNetEnv" Version="3.2.0" />
|
||||
<PackageReference Include="Microsoft.AspNetCore.Authentication.OpenIdConnect" Version="10.0.8" />
|
||||
<PackageReference Include="MudBlazor" Version="9.5.0" />
|
||||
<PackageReference Include="RavenDB.Client" Version="7.2.2" />
|
||||
</ItemGroup>
|
||||
|
||||
Reference in New Issue
Block a user