问题描述
我正在使用 Azure Active Directory 身份验证构建 MVC 应用程序.当我在本地开发时,我希望能够登录以进行测试/开发.应用 url 类似于 http://localhost:43400
.这也在 Sign-On Url
和 Reply Url
中的 AD 应用程序中进行了编码.
当我将同一个应用程序部署到服务器时,应用程序 url 发生了变化 - 变成类似于 myappname.azurewebsites.net
的东西,我无法使用同一个 AD 应用程序登录.我能做到的最好的办法是通过登录过程,但随后 AD 将我重定向回 localhost:43400
这是错误的.
Startup.Auth.cs
中有 PostLogoutRedirectUri
属性,我提供给应用程序,但它根本没有区别.
有什么方法可以让本地应用程序和部署的应用程序使用同一个 Azure AD?
我可以使用不同的 url 和键执行 2 个 AD 应用程序,并在部署时重写 web.config
中的值.但这听起来不是最好的解决方案.我还能做什么?
UPD
这是我在 Startup.Auth.cs
中所指的位:
app.UseOpenIdConnectAuthentication(新的 OpenIdConnectAuthenticationOptions{客户 ID = 客户 ID,权威=权威,PostLogoutRedirectUri = postLogoutRedirectUri,//<-- 这是来自 web.config,在 dev 和 prod 中不同通知 = 新 OpenIdConnectAuthenticationNotifications(){......}});
查看完整的代码清单
但 AD 仅使用其中一个地址进行重定向,即使客户端指定了与其中一个记录匹配的重定向.
您可以向您的应用添加多个重定向 uri,这就是该属性被实现为列表的原因!您只需要确保指定在运行时使用哪个 URI.您可以通过多种方式做到这一点 - 您可以在中间件初始化时指定返回 URI,或者您可以添加将在登录消息中注入重定向 URI 的动态代码.有关后一种方法的示例,请参阅 https://github.com/AzureADSamples/WebApp-MultiTenant-OpenIdConnect-DotNet/blob/master/TodoListWebApp/App_Start/Startup.Auth.cs
I'm building an MVC application with Azure Active Directory authentication. When I develop locally I would like to be able to sign-in for testing/development purposes. And the app url is like http://localhost:43400
. This is also encoded in the AD application in Sign-On Url
and Reply Url
.
When I deploy the same app to the server, the app url is changed - becomes something like myappname.azurewebsites.net
and I can't login using the same AD application. The best I could manage is to get through login process, but then AD redirects me back to localhost:43400
which is wrong.
There is PostLogoutRedirectUri
property in Startup.Auth.cs
that I give to the app, but it makes no difference at all.
Any way to have local application and deployed application using the same Azure AD?
I can do 2 AD Applicaitons with different urls and keys and rewrite the values in web.config
on deploy. But that does not sound like the best solution. Anything else I can do?
UPD
Here is the bit I'm referring to in Startup.Auth.cs
:
app.UseOpenIdConnectAuthentication(
new OpenIdConnectAuthenticationOptions
{
ClientId = clientId,
Authority = Authority,
PostLogoutRedirectUri = postLogoutRedirectUri, // <-- this is coming from web.config, different in dev and prod
Notifications = new OpenIdConnectAuthenticationNotifications()
{
.....
}
});
See full code listing here.
And in Azure AD application I tried both addresses as a Reply URL at the same time:
But the AD used only one of the addresses to redirect, even though the client specified the redirection that matches one of the records.
You can add multiple redirect uri to your app, that's why the property is implemented as a list! You just need to make sure that you specify which URI to use at runtime. You can do that in many ways - you can specify the return URI at middleware init time, or you can add dynamic code that will inject a redirect URI in the sign in message. For an example of the latter approach, please see RedirectToIdentityProvider in https://github.com/AzureADSamples/WebApp-MultiTenant-OpenIdConnect-DotNet/blob/master/TodoListWebApp/App_Start/Startup.Auth.cs
这篇关于使用 Azure Active Directory - 一个应用程序在本地登录并在发布时登录的文章就介绍到这了,希望我们推荐的答案对大家有所帮助,也希望大家多多支持跟版网!