[英]Using Azure Active Directory - one application to login locally and when published
I'm building an MVC application with Azure Active Directory authentication. 我正在使用Azure Active Directory身份验证构建MVC应用程序。 When I develop locally I would like to be able to sign-in for testing/development purposes.
当我在本地开发时,我希望能够登录以进行测试/开发。 And the app url is like
http://localhost:43400
. 应用程序的网址类似于
http://localhost:43400
。 This is also encoded in the AD application in Sign-On Url
and Reply Url
. 这也在AD应用程序的“
Sign-On Url
和“ Reply Url
中进行了编码。
When I deploy the same app to the server, the app url is changed - becomes something like myappname.azurewebsites.net
and I can't login using the same AD application. 当我将同一应用程序部署到服务器时,该应用程序的URL会更改-变成类似于
myappname.azurewebsites.net
类的myappname.azurewebsites.net
并且我无法使用同一AD应用程序登录。 The best I could manage is to get through login process, but then AD redirects me back to localhost:43400
which is wrong. 我能管理的最好的办法是完成登录过程,但随后AD将我重定向回
localhost:43400
,这是错误的。
There is PostLogoutRedirectUri
property in Startup.Auth.cs
that I give to the app, but it makes no difference at all. 我提供给应用程序的
Startup.Auth.cs
中有PostLogoutRedirectUri
属性,但没有任何区别。
Any way to have local application and deployed application using the same Azure AD? 是否可以使用相同的Azure AD使用本地应用程序和已部署的应用程序?
I can do 2 AD Applicaitons with different urls and keys and rewrite the values in web.config
on deploy. 我可以使用不同的URL和密钥执行2个AD应用程序,并在部署时重写
web.config
的值。 But that does not sound like the best solution. 但这听起来并不是最好的解决方案。 Anything else I can do?
我还能做什么?
UPD UPD
Here is the bit I'm referring to in Startup.Auth.cs
: 这是我在
Startup.Auth.cs
所指的位:
app.UseOpenIdConnectAuthentication(
new OpenIdConnectAuthenticationOptions
{
ClientId = clientId,
Authority = Authority,
PostLogoutRedirectUri = postLogoutRedirectUri, // <-- this is coming from web.config, different in dev and prod
Notifications = new OpenIdConnectAuthenticationNotifications()
{
.....
}
});
See full code listing here . 在此处查看完整的代码清单。
And in Azure AD application I tried both addresses as a Reply URL at the same time: 在Azure AD应用程序中,我同时尝试将两个地址都用作回复URL:
But the AD used only one of the addresses to redirect, even though the client specified the redirection that matches one of the records. 但是,即使客户端指定与记录之一匹配的重定向,AD也仅使用地址之一进行重定向。
You can add multiple redirect uri to your app, that's why the property is implemented as a list! 您可以将多个重定向uri添加到您的应用程序,这就是将该属性实现为列表的原因! You just need to make sure that you specify which URI to use at runtime.
您只需要确保指定在运行时使用哪个URI。 You can do that in many ways - you can specify the return URI at middleware init time, or you can add dynamic code that will inject a redirect URI in the sign in message.
您可以通过多种方式执行此操作-您可以在中间件初始化时指定返回URI,也可以添加动态代码,以在登录消息中注入重定向URI。 For an example of the latter approach, please see RedirectToIdentityProvider in https://github.com/AzureADSamples/WebApp-MultiTenant-OpenIdConnect-DotNet/blob/master/TodoListWebApp/App_Start/Startup.Auth.cs
有关后一种方法的示例,请参见https://github.com/AzureADSamples/WebApp-MultiTenant-OpenIdConnect-DotNet/blob/master/TodoListWebApp/App_Start/Startup.Auth.cs中的 RedirectToIdentityProvider。
声明:本站的技术帖子网页,遵循CC BY-SA 4.0协议,如果您需要转载,请注明本站网址或者原文地址。任何问题请咨询:yoyou2525@163.com.