问题
In the docs http://docs.identityserver.io/en/release/quickstarts/3_interactive_login.html
it says "Trigger the authentication handshake by navigating to the protected controller action". This would be by simply accessing any action in your MVC site with [Authorize]. After signin, this would redirect to the page they were trying to access, not to the page they last visited (which is good, expected behavior).
Great. But what about this scenario?
- User is in some anonymous part of the site.
- User clicks "Sign in" from the menu
- User Signs in at Identity server
- User is redirected back to the anonymous (un-secure) page they were last visiting (could be one of many) BUT is now signed in should she decide to later hit an [Authorize] page.
How do we initiate oidc Sign-in without hitting a secure page in MVC?
回答1:
That's just standard ASP.NET Core authentication - call
HttpContext.ChallengeAsync("name_of_oidc_scheme");
You also want to pass in an AuthenticationProperties object where you can set the URL where you want to end up after authentication.
来源:https://stackoverflow.com/questions/47294846/how-to-trigger-login-for-identityserver4-without-accessing-secure-page-in-the-mv