问题描述
我正在尝试构建一个简单的 ASP.Net Core 2.2 Web 应用程序,它允许 AzureAD 作为外部提供者".我在 Visual Studio 2019 中执行此操作.
I'm trying to build a simple ASP.Net Core 2.2 web app that allows AzureAD as an "external provider". I'm doing this in Visual Studio 2019.
作为一个超级简单的演示项目,我首先创建了一个使用 Azure AD 作为登录提供程序的新项目:
As a super-simple demo project, I started by creating a new project that uses Azure AD as the login provider:
- 选择 ASP.NET Core Web 应用程序
- 选择 Web 应用程序(模型-视图-控制器)
- 将身份验证更改为工作或学校帐户".它自动填写了我的域名(因为我登录了VS)
这将创建一个 Web 应用程序设置以在所有页面上强制执行用户身份验证.当我运行应用程序时,它会转到 Azure AD 并在导航到 /home
页面之前让我登录.
This creates a web application set up to enforce user authentication on all pages. When I run the application, it goes to Azure AD and logs me in prior to navigating to the /home
page.
回想一下,我说过我想将 Azure AD 添加为外部提供程序.所以我在 Startup.cs
中找到了这一行:
Recall that I said I wanted to add Azure AD as an external provider. So I found this line in Startup.cs
:
services.AddAuthentication(AzureADDefaults.AuthenticationScheme)
.AddAzureAD(options => Configuration.Bind("AzureAd", options));
并且我删除了默认的身份验证方案以防止自动登录,如下所示:
and I removed the default authentication scheme to prevent the auto-login, like this:
services.AddAuthentication()
.AddAzureAD(options => Configuration.Bind("AzureAd", options));
现在,当我运行该应用程序时,它会导航到 Login
页面,它会为我提供一个蓝色的大按钮,让我可以使用 Azure Active Directory 登录.但是点击那个按钮我并没有登录.
Now, when I run the app, it navigates to the Login
page, and it gives me a big blue button offering to let me log in with Azure Active Directory. But clicking on that button does not log me in.
所以我搭建了身份页面,并在 ExternalLogin
GET 例程处设置了一个断点.果然,点击蓝色的大按钮会找到它的方式.单步执行代码,我看到 对 _signInManager.GetExternalLoginInfoAsync()
的调用返回 null.
So I scaffolded the Identity pages, and I set a breakpoint at the ExternalLogin
GET routine. Sure enough, clicking the big blue button finds its way there. Stepping through the code, I see that the call to _signInManager.GetExternalLoginInfoAsync()
returns null.
我被困住了.显然,(未记录的)配置魔法没有正确设置某些东西来满足对 GetExternalLoginInfoAsync
的调用.
I'm stuck. Apparently, the (undocumented) configuration magic doesn't set something up correctly to satisfy the call to GetExternalLoginInfoAsync
.
推荐答案
场景是您使用 asp.net 身份和 Azure AD 登录作为外部身份提供者.
The scenario is you are using asp.net identity with Azure AD login as external identity provider .
您应该将 IdentityConstants.ExternalScheme
设置为 Azure AD 身份验证的登录架构,以便您可以通过 _signInManager.GetExternalLoginInfoAsync()
获取外部用户信息:p>
You should set IdentityConstants.ExternalScheme
as the signin schema of Azure AD authentication , so that you can get the external user information with _signInManager.GetExternalLoginInfoAsync()
:
services.AddDbContext<ApplicationDbContext>(options =>
options.UseSqlServer(
Configuration.GetConnectionString("DefaultConnection")));
services.AddDefaultIdentity<IdentityUser>()
.AddDefaultUI(UIFramework.Bootstrap4)
.AddEntityFrameworkStores<ApplicationDbContext>();
services.AddAuthentication(AzureADDefaults.AuthenticationScheme)
.AddAzureAD(options => Configuration.Bind("AzureAd", options));
services.Configure<OpenIdConnectOptions>(AzureADDefaults.OpenIdScheme, options => {
options.SignInScheme= IdentityConstants.ExternalScheme;
//other config
});
然后您可以搭建 asp.net 身份并进行修改以满足您的要求,在任何页面触发外部登录(ExternalLogin.cshtml.cs
中的OnPost
函数)为默认模板(蓝色大按钮")可以.
Then you can scaffold the asp.net identity and modify to fit your requirement , in any page trigger external login(OnPost
function in ExternalLogin.cshtml.cs
) as the default template("big blue button") does .
这篇关于Azure AD 作为“外部提供者"?的文章就介绍到这了,希望我们推荐的答案对大家有所帮助,也希望大家多多支持跟版网!