问题
Following @leastprivilege answer in my previous question, I concluded that neither are possible solutions:
- The login service doesn't support REST authentication (thus, can't use
IUserService.AuthenticateLocalAsync
and just connect to it) - I don't need it to be an additional provider, I need it to substitute IS3 one, ie, instead of showing the local login + additional providers, I need the /login page to be the one from a different service.
Can this be customized or do I need to change IdentityService3 source? If so, what to I need to guarantee implementation wise in order for to achieve the authentication and not break the authorization?
UPDATE
Following this answer the solution might be creating a new provider and setting the automatic redirect somewhere using acr_values
回答1:
Solved it after some research. You'll need this three steps:
- A Owin Authentication middleware that redirects to the page you want, providing the protected state (this will let you finish the authentication process later). You can follow [Anders Abel tutorial]
- Custom user service that overrides the
PreAuthentication
method and sets theSignInMessage message.Idp
with your middleware id. Code sample: check it here - After the successful authentication, your page should redirect to the middleware callback with the state parameter. With the mentioned dummy middleware, it's set as
/signing-dummy
来源:https://stackoverflow.com/questions/30485401/substitute-identityserver3-login-system