MVC到Azure Active Directory签署回复“错误请求”和消息“无法创建以从中获取配置”

Question

What am I doing wrong? 我究竟做错了什么？

I'm trying to sign on to an Azure Active Directory from a sample MVC app and getting "Bad Request". 我正在尝试从示例MVC应用程序登录Azure Active Directory并获取“错误请求”。

I'm following the example (dated 7/17/2015) here: 我在这里关注这个例子（2015年7月17日）：

azure.microsoft.com example azure.microsoft.com的例子

and here is a more detailed step by step of the same data by someone else: 以下是其他人对相同数据的逐步详细说明：

azure example expanded by blogger 由博客扩展的azure示例

I've replaced the name of my active directory with "myActiveDirectory" below. 我用下面的“myActiveDirectory”替换了我的活动目录的名称。

Here is my webconfig data: 这是我的webconfig数据：

<add key="ida:AppKey" value="<snip my key>" />
<add key="ida:ClientId" value="d2bfc007-<snip my client ID>-9f" />
<add key="ida:Tenant" value="myActiveDirectory.onmicrosoft.com" />
<add key="ida:AADInstance" value="https://login.windows.net/{0}" />
<add key="ida:PostLogoutRedirectUri" value="https://localhost:44320/" />

AccountController.cs AccountController.cs

using System.Web;
using System.Web.Mvc;
// OWIN 
using Microsoft.Owin.Security;
using Microsoft.Owin.Security.OpenIdConnect;
using Microsoft.Owin.Security.Cookies;


namespace TodoListWebApp.Controllers
{
    public class AccountController : Controller
    {
        public void SignIn()
        {
            // Sends an OpenID sign-in request. 
            if (!Request.IsAuthenticated)
            {
                HttpContext.GetOwinContext().
                Authentication.Challenge(new AuthenticationProperties { RedirectUri = "/" },
                OpenIdConnectAuthenticationDefaults.AuthenticationType);
            }
        }


        public void SignOut()
        {
            // Sends an OpenID sign-out request. 
            HttpContext.GetOwinContext().Authentication.SignOut(
                OpenIdConnectAuthenticationDefaults.AuthenticationType,
                CookieAuthenticationDefaults.AuthenticationType);
        }
    }
}

Startup.cs Startup.cs

// OWIN 
using Owin;

namespace ActiveDirSample
{
    public partial class Startup
    {
        public void Configuration(IAppBuilder app)
        {
            ConfigureAuth(app);
        }
    }
}

Startup.Auth.cs Startup.Auth.cs

using System;
using System.Collections.Generic;
using System.Linq;
using System.Web;
using System.Configuration;


// OWIN 
using Owin;
using Microsoft.Owin;
using Microsoft.Owin.Security;
using Microsoft.Owin.Security.OpenIdConnect;
using Microsoft.Owin.Security.Cookies;
using System.Globalization;


[assembly: OwinStartup(typeof(ActiveDirSample.Startup))]

namespace ActiveDirSample
{



  public partial class Startup
    {

        private static string clientId = ConfigurationManager.AppSettings["ida:ClientId"];
        private static string appKey = ConfigurationManager.AppSettings["ida:AppKey"];
        private static string aadInstance = ConfigurationManager.AppSettings["ida:AADInstance"];
        private static string tenant = ConfigurationManager.AppSettings["ida:Tenant"];
        private static string postLogoutRedirectUri = ConfigurationManager.AppSettings["ida:PostLogoutRedirectUri"];

        string authority = String.Format(CultureInfo.InvariantCulture, aadInstance, tenant);

        public void ConfigureAuth(IAppBuilder app)
        {
            app.SetDefaultSignInAsAuthenticationType(CookieAuthenticationDefaults.AuthenticationType);

            app.UseCookieAuthentication(new CookieAuthenticationOptions());

            app.UseOpenIdConnectAuthentication(
                new OpenIdConnectAuthenticationOptions
                {
                    ClientId = clientId,
                    Authority = authority,
                    PostLogoutRedirectUri = postLogoutRedirectUri,
                });
        }
    }
}

Here is the response I get: 以下是我得到的回复：

Server Error in '/' Application.

Response status code does not indicate success: 400 (Bad Request). 
  Description: An unhandled exception occurred during the execution of the current web request. Please review the stack trace for more information about the error and where it originated in the code. 

 Exception Details: System.Net.Http.HttpRequestException: Response status code does not indicate success: 400 (Bad Request).

Source Error: 


 An unhandled exception was generated during the execution of the current web request. Information regarding the origin and location of the exception can be identified using the exception stack trace below.  

Stack Trace: 



[HttpRequestException: Response status code does not indicate success: 400 (Bad Request).]
   System.Net.Http.HttpResponseMessage.EnsureSuccessStatusCode() +92108
   Microsoft.IdentityModel.Protocols.<GetDocumentAsync>d__0.MoveNext() in c:\workspace\WilsonForDotNet45Release\src\Microsoft.IdentityModel.Protocol.Extensions\Configuration\HttpDocumentRetriever.cs:54

[IOException: Unable to get document from: https://login.windows.net/myActiveDirectory.onmicrosoft.com/.well-known/openid-configuration]
   Microsoft.IdentityModel.Protocols.<GetDocumentAsync>d__0.MoveNext() in c:\workspace\WilsonForDotNet45Release\src\Microsoft.IdentityModel.Protocol.Extensions\Configuration\HttpDocumentRetriever.cs:59
   System.Runtime.CompilerServices.TaskAwaiter.ThrowForNonSuccess(Task task) +99
   System.Runtime.CompilerServices.TaskAwaiter.HandleNonSuccessAndDebuggerNotification(Task task) +58
   Microsoft.IdentityModel.Protocols.<GetAsync>d__0.MoveNext() in c:\workspace\WilsonForDotNet45Release\src\Microsoft.IdentityModel.Protocol.Extensions\Configuration\OpenIdConnectConfigurationRetriever.cs:81
   System.Runtime.CompilerServices.TaskAwaiter.ThrowForNonSuccess(Task task) +99
   System.Runtime.CompilerServices.TaskAwaiter.HandleNonSuccessAndDebuggerNotification(Task task) +58
   System.Runtime.CompilerServices.TaskAwaiter.ValidateEnd(Task task) +25
   Microsoft.IdentityModel.Protocols.<GetConfigurationAsync>d__3.MoveNext() in c:\workspace\WilsonForDotNet45Release\src\Microsoft.IdentityModel.Protocol.Extensions\Configuration\ConfigurationManager.cs:198

[InvalidOperationException: IDX10803: Unable to create to obtain configuration from: 'https://login.windows.net/myActiveDirectory.onmicrosoft.com/.well-known/openid-configuration'.]
   Microsoft.IdentityModel.Protocols.<GetConfigurationAsync>d__3.MoveNext() in c:\workspace\WilsonForDotNet45Release\src\Microsoft.IdentityModel.Protocol.Extensions\Configuration\ConfigurationManager.cs:212
   System.Runtime.CompilerServices.TaskAwaiter.ThrowForNonSuccess(Task task) +99
   System.Runtime.CompilerServices.TaskAwaiter.HandleNonSuccessAndDebuggerNotification(Task task) +58
   Microsoft.Owin.Security.OpenIdConnect.<ApplyResponseChallengeAsync>d__c.MoveNext() +599
   System.Runtime.CompilerServices.TaskAwaiter.ThrowForNonSuccess(Task task) +99
   System.Runtime.CompilerServices.TaskAwaiter.HandleNonSuccessAndDebuggerNotification(Task task) +58
   Microsoft.Owin.Security.Infrastructure.<ApplyResponseCoreAsync>d__b.MoveNext() +292
   System.Runtime.CompilerServices.TaskAwaiter.ThrowForNonSuccess(Task task) +99
   System.Runtime.CompilerServices.TaskAwaiter.HandleNonSuccessAndDebuggerNotification(Task task) +58
   Microsoft.Owin.Security.Infrastructure.<ApplyResponseAsync>d__8.MoveNext() +278
   System.Runtime.CompilerServices.TaskAwaiter.ThrowForNonSuccess(Task task) +99
   System.Runtime.CompilerServices.TaskAwaiter.HandleNonSuccessAndDebuggerNotification(Task task) +58
   Microsoft.Owin.Security.Infrastructure.<TeardownAsync>d__5.MoveNext() +165
   System.Runtime.CompilerServices.TaskAwaiter.ThrowForNonSuccess(Task task) +99
   System.Runtime.CompilerServices.TaskAwaiter.HandleNonSuccessAndDebuggerNotification(Task task) +58
   Microsoft.Owin.Security.Infrastructure.<Invoke>d__0.MoveNext() +716
   System.Runtime.CompilerServices.TaskAwaiter.ThrowForNonSuccess(Task task) +99
   System.Runtime.CompilerServices.TaskAwaiter.HandleNonSuccessAndDebuggerNotification(Task task) +58
   Microsoft.Owin.Host.SystemWeb.IntegratedPipeline.<RunApp>d__5.MoveNext() +187
   System.Runtime.CompilerServices.TaskAwaiter.ThrowForNonSuccess(Task task) +99
   System.Runtime.CompilerServices.TaskAwaiter.HandleNonSuccessAndDebuggerNotification(Task task) +58
   Microsoft.Owin.Security.Infrastructure.<Invoke>d__0.MoveNext() +561
   System.Runtime.CompilerServices.TaskAwaiter.ThrowForNonSuccess(Task task) +99
   System.Runtime.CompilerServices.TaskAwaiter.HandleNonSuccessAndDebuggerNotification(Task task) +58
   Microsoft.Owin.Host.SystemWeb.IntegratedPipeline.<RunApp>d__5.MoveNext() +187
   System.Runtime.CompilerServices.TaskAwaiter.ThrowForNonSuccess(Task task) +99
   System.Runtime.CompilerServices.TaskAwaiter.HandleNonSuccessAndDebuggerNotification(Task task) +58
   Microsoft.Owin.Host.SystemWeb.IntegratedPipeline.<DoFinalWork>d__2.MoveNext() +185
   Microsoft.Owin.Host.SystemWeb.IntegratedPipeline.StageAsyncResult.End(IAsyncResult ar) +69
   Microsoft.Owin.Host.SystemWeb.IntegratedPipeline.IntegratedPipelineContext.EndFinalWork(IAsyncResult ar) +64
   System.Web.AsyncEventExecutionStep.System.Web.HttpApplication.IExecutionStep.Execute() +380
   System.Web.HttpApplication.ExecuteStep(IExecutionStep step, Boolean& completedSynchronously) +155




Version Information: Microsoft .NET Framework Version:4.0.30319; ASP.NET Version:4.6.81.0

Answer 1

It is difficult to diagnose this problem from the call stack. 从调用堆栈中很难诊断出这个问题。 You might try the following: 您可以尝试以下方法：

Use the Tenant Guid rather than the name (you can find the Guid eg in the URL when you are on your Azure AD instance in the management portal). 使用租户Guid而不是名称（当您在管理门户中的Azure AD实例上时，可以在URL中找到Guid）。 I had problems before that the name could not be resolved properly, and using the Guid helped. 我之前遇到问题，名称无法正确解决，并使用Guid帮助。
SOLUTION 解
In Portal, navigate to Azure Active Directory > App registrations > Endpoints, and then copy the guid from the endpoint URIs. 在Portal中，导航到Azure Active Directory>应用程序注册>端点，然后从端点URI复制guid。 This is the Tenant ID. 这是租户ID。
replace the tenant name with the guid in the web.config file 使用web.config文件中的guid替换租户名称
```
 <add key="ida:Tenant" value="myenantGuid" /> 
```
In Azure AD, you must register your application with sufficient privileges. 在Azure AD中，您必须以足够的权限注册您的应用程序。 You will need to have privileges configured to read directory information. 您需要配置权限才能读取目录信息。

Answer 2

This worked for me; 这对我有用;

1- Open the Web.config file for the app. 1-打开应用程序的Web.config文件。

2- In the Web.config file, verify that the app key "ida:SignUpPolicyId" exists. 2-在Web.config文件中，验证应用程序密钥“ida：SignUpPolicyId”是否存在。

3- Replace the value of the app key with the name of the sign-up policy that you provided in the Azure AD B2C admin portal. 3-将app key的值替换为您在Azure AD B2C管理门户中提供的注册策略的名称。

4-The changed part of the file will resemble the following: 4 - 文件的更改部分将类似于以下内容：

<appSettings>
  <add key="ida:SignUpPolicyId" value="B2C_Signup_Policy_Name">
</appSettings>

You need to make sure about all the configurations in web config match wtih the web.config 您需要确保web配置中的所有配置与web.config匹配

MVC到Azure Active Directory签署回复“错误请求”和消息“无法创建以从中获取配置”

问题描述

2 个解决方案

解决方案1
5 已采纳 2015-10-14 19:58:27

解决方案2
0 2017-11-04 17:23:52

MVC到Azure Active Directory签署回复“错误请求”和消息“无法创建以从中获取配置”

问题描述

2 个解决方案

解决方案1 5 已采纳 2015-10-14 19:58:27

解决方案2 0 2017-11-04 17:23:52

解决方案1
5 已采纳 2015-10-14 19:58:27

解决方案2
0 2017-11-04 17:23:52