Welcome to OGeek Q&A Community for programmer and developer-Open, Learning and Share
Welcome To Ask or Share your Answers For Others

Categories

0 votes
293 views
in Technique[技术] by (71.8m points)

c# - ASP.NET MVC 5中的Azure AD身份验证(Azure AD authentication in ASP.NET MVC 5)

My problem is that I cannot make Azure AD auth work when creating the App registrations (in Azure portal) manually.

(我的问题是,当手动创建应用程序注册(在Azure门户中)时,无法使Azure AD身份验证起作用。)

It all works fine if I create a new website using the MVC 5 template and let Visual Studio (2017) create a new App registration.

(如果我使用MVC 5模板创建新网站并让Visual Studio(2017)创建新的App注册,则一切正常。)

在此处输入图片说明

When I try to use the one I created it doesn't work and I'm getting this exception:

(当我尝试使用自己创建的程序时,它不起作用,并且出现此异常:)

在此处输入图片说明

stack trace:

(堆栈跟踪:)

at Microsoft.IdentityModel.Protocols.HttpDocumentRetriever.d__8.MoveNext() --- End of stack trace from previous location where exception was thrown --- at System.Runtime.CompilerServices.TaskAwaiter.ThrowForNonSuccess(Task task) at System.Runtime.CompilerServices.TaskAwaiter.HandleNonSuccessAndDebuggerNotification(Task task) Microsoft.IdentityModel.Protocols.OpenIdConnect.OpenIdConnectConfigurationRetriever.d__3.MoveNext() --- End of stack trace from previous location where exception was thrown --- at System.Runtime.CompilerServices.TaskAwaiter.ThrowForNonSuccess(Task task) at System.Runtime.CompilerServices.TaskAwaiter.HandleNonSuccessAndDebuggerNotification(Task task) at System.Runtime.CompilerServices.TaskAwaiter.ValidateEnd(Task task)

(在Microsoft.IdentityModel.Protocols.HttpDocumentRetriever.d__8.MoveNext()处-从上次引发异常的位置开始的堆栈跟踪-在System.Runtime处System.Runtime.CompilerServices.TaskAwaiter.ThrowForNonSuccess(任务任务)处CompilerServices.TaskAwaiter.HandleNonSuccessAndDebuggerNotification(任务任务)Microsoft.IdentityModel.Protocols.OpenIdConnect.OpenIdConnectConfigurationRetriever.d__3.MoveNext()---从上次引发异常的位置开始的堆栈跟踪---位于System.Runtime.CompilerServices.TaskAwaiter。 System.Runtime.CompilerServices.TaskAwaiter.HandleNonSuccessAndDebuggerNotification(Task任务)位于System.Runtime.CompilerServices.TaskAwaiter.ValidateEnd(任务任务)处的ThrowForNonSuccess(任务任务))
at Microsoft.IdentityModel.Protocols.ConfigurationManager`1.d__24.MoveNext()

(在Microsoft.IdentityModel.Protocols.ConfigurationManager`1.d__24.MoveNext())

Startup code I use in both:

(我在两个中都使用的启动代码:)

private static string aadInstance = ConfigurationManager.AppSettings["ida:AADInstance"];
    private static string clientId = ConfigurationManager.AppSettings["ida:ClientId"];
    private static string postLogoutRedirectUri = ConfigurationManager.AppSettings["ida:PostLogoutRedirectUri"];
    private static string tenant = ConfigurationManager.AppSettings["ida:TenantId"];
    private string authority = String.Format(CultureInfo.InvariantCulture, aadInstance, tenant);

    public void ConfigureAuth(IAppBuilder app)
    {
        app.SetDefaultSignInAsAuthenticationType(CookieAuthenticationDefaults.AuthenticationType);

        app.UseCookieAuthentication(new CookieAuthenticationOptions());

        app.UseOpenIdConnectAuthentication(
            new OpenIdConnectAuthenticationOptions
            {
                ClientId = clientId,
                Authority = authority,
                PostLogoutRedirectUri = postLogoutRedirectUri,
                RedirectUri = postLogoutRedirectUri,
                Notifications = new OpenIdConnectAuthenticationNotifications
                {
                    AuthenticationFailed = context =>
                    {
                        context.HandleResponse();
                        context.Response.Redirect("/Error?message=" + context.Exception.Message);
                        return Task.FromResult(0);
                    }
                },
                TokenValidationParameters = new TokenValidationParameters
                {

                    RequireSignedTokens = false,

                },
            });
    }

The only difference I was able to find is that the automatically created App registration has one key and its manifest contains "passwordCredentials".

(我能够找到的唯一区别是,自动创建的App注册具有一个密钥,其清单包含“ passwordCredentials”。)

在此处输入图片说明

Manually created app doesn't have it.

(手动创建的应用没有此应用。)

I use the IIS Express for both websites.

(我对两个网站都使用IIS Express。)

Both Application ID and Tenant ID are correct as well as HTTPS port.

(Application ID和Tenant ID以及HTTPS端口都是正确的。)

All OWIN packages have the same version (in both apps).

(所有OWIN软件包都具有相同的版本(在两个应用程序中)。)

I think IIS Express somehow uses that key from above but I couldn't find where or how it's applied as my startup code is exactly the same.

(我认为IIS Express以某种方式从上方使用了该密钥,但是由于启动代码完全相同,所以我找不到它在哪里或如何应用。)

Any help appreciated

(任何帮助表示赞赏)

PS: I also tried to host it on local IIS with the same result...

(PS:我也尝试将其托管在本地IIS上,结果相同。)

  ask by vhr translate from so

与恶龙缠斗过久,自身亦成为恶龙;凝视深渊过久,深渊将回以凝视…
Welcome To Ask or Share your Answers For Others

1 Reply

0 votes
by (71.8m points)

I wasn't able to make it work with tenant ID (still have no idea why) but when I use tenant name it finally works with manually created App registration.

(我无法使其与租户ID一起使用(仍然不知道为什么),但是当我使用租户名称时,它最终可以与手动创建的应用程序注册一起使用。)

public partial class Startup
{
    private static string aadInstance = ConfigurationManager.AppSettings["ida:AADInstance"];
    private static string clientId = ConfigurationManager.AppSettings["ida:ClientId"];
    private static string postLogoutRedirectUri = ConfigurationManager.AppSettings["ida:PostLogoutRedirectUri"];
    private static string tenant = ConfigurationManager.AppSettings["ida:Tenant"];
    private string authority = string.Format(CultureInfo.InvariantCulture, aadInstance, tenant);

    /// <summary>
    /// Configures the authentication.
    /// </summary>
    /// <param name="app">The application.</param>
    public void ConfigureAuth(IAppBuilder app)
    {
        app.SetDefaultSignInAsAuthenticationType(CookieAuthenticationDefaults.AuthenticationType);

        app.UseCookieAuthentication(new CookieAuthenticationOptions());

        app.UseOpenIdConnectAuthentication(
            new OpenIdConnectAuthenticationOptions
            {
                ClientId = clientId,
                Authority = authority,
                PostLogoutRedirectUri = postLogoutRedirectUri,
                RedirectUri = postLogoutRedirectUri,
                Notifications = new OpenIdConnectAuthenticationNotifications
                {
                    AuthenticationFailed = context =>
                    {
                        context.HandleResponse();
                        context.Response.Redirect("/Error?message=" + context.Exception.Message);
                        return Task.FromResult(0);
                    }
                }
            });
    }
}

与恶龙缠斗过久,自身亦成为恶龙;凝视深渊过久,深渊将回以凝视…
OGeek|极客中国-欢迎来到极客的世界,一个免费开放的程序员编程交流平台!开放,进步,分享!让技术改变生活,让极客改变未来! Welcome to OGeek Q&A Community for programmer and developer-Open, Learning and Share
Click Here to Ask a Question

...