使用Azure Active Directory-一个应用程序在本地和发布时登录
[英]Using Azure Active Directory - one application to login locally and when published
问题描述
I'm building an MVC application with Azure Active Directory authentication. 
我正在使用Azure Active Directory身份验证构建MVC应用程序。 When I develop locally I would like to be able to sign-in for testing/development purposes. 当我在本地开发时,我希望能够登录以进行测试/开发。 And the app url is like http://localhost:43400 . 应用程序的网址类似于http://localhost:43400 。 This is also encoded in the AD application in Sign-On Url and Reply Url . 这也在AD应用程序的“ Sign-On Url和“ Reply Url中进行了编码。
When I deploy the same app to the server, the app url is changed - becomes something like myappname.azurewebsites.net and I can't login using the same AD application. 当我将同一应用程序部署到服务器时,该应用程序的URL会更改-变成类似于myappname.azurewebsites.net类的myappname.azurewebsites.net并且我无法使用同一AD应用程序登录。 The best I could manage is to get through login process, but then AD redirects me back to localhost:43400 which is wrong. 我能管理的最好的办法是完成登录过程,但随后AD将我重定向回localhost:43400 ,这是错误的。
There is PostLogoutRedirectUri property in Startup.Auth.cs that I give to the app, but it makes no difference at all. 我提供给应用程序的Startup.Auth.cs中有PostLogoutRedirectUri属性,但没有任何区别。
Any way to have local application and deployed application using the same Azure AD? 是否可以使用相同的Azure AD使用本地应用程序和已部署的应用程序?
I can do 2 AD Applicaitons with different urls and keys and rewrite the values in web.config on deploy. 我可以使用不同的URL和密钥执行2个AD应用程序,并在部署时重写web.config的值。 But that does not sound like the best solution. 但这听起来并不是最好的解决方案。 Anything else I can do? 我还能做什么?
UPD UPD
Here is the bit I'm referring to in Startup.Auth.cs : 这是我在Startup.Auth.cs所指的位:
app.UseOpenIdConnectAuthentication(
new OpenIdConnectAuthenticationOptions
{
ClientId = clientId,
Authority = Authority,
PostLogoutRedirectUri = postLogoutRedirectUri, // <-- this is coming from web.config, different in dev and prod
Notifications = new OpenIdConnectAuthenticationNotifications()
{
.....
}
});
See full code listing here . 在此处查看完整的代码清单。
And in Azure AD application I tried both addresses as a Reply URL at the same time: 在Azure AD应用程序中,我同时尝试将两个地址都用作回复URL:
But the AD used only one of the addresses to redirect, even though the client specified the redirection that matches one of the records. 但是,即使客户端指定与记录之一匹配的重定向,AD也仅使用地址之一进行重定向。
1 个解决方案
解决方案1
9 已采纳 2015-09-09 17:12:25
You can add multiple redirect uri to your app, that's why the property is implemented as a list! 您可以将多个重定向uri添加到您的应用程序,这就是将该属性实现为列表的原因! You just need to make sure that you specify which URI to use at runtime. 您只需要确保指定在运行时使用哪个URI。 You can do that in many ways - you can specify the return URI at middleware init time, or you can add dynamic code that will inject a redirect URI in the sign in message. 您可以通过多种方式执行此操作-您可以在中间件初始化时指定返回URI,也可以添加动态代码,以在登录消息中注入重定向URI。 For an example of the latter approach, please see RedirectToIdentityProvider in https://github.com/AzureADSamples/WebApp-MultiTenant-OpenIdConnect-DotNet/blob/master/TodoListWebApp/App_Start/Startup.Auth.cs 有关后一种方法的示例,请参见https://github.com/AzureADSamples/WebApp-MultiTenant-OpenIdConnect-DotNet/blob/master/TodoListWebApp/App_Start/Startup.Auth.cs中的 RedirectToIdentityProvider。
声明:本站的技术帖子网页,遵循CC BY-SA 4.0协议,如果您需要转载,请注明本站网址或者原文地址。任何问题请咨询:yoyou2525@163.com.