[英]Microsoft Azure Active Directory Authentication login URL for Dev environment
Update:更新:
As suggested I changed my Startup.auth.cs to code below
public partial class Startup
{
private static string clientId = ConfigurationManager.AppSettings["ida:ClientId"];
private static string appKey = ConfigurationManager.AppSettings["ida:ClientSecret"];
private static string aadInstance = ConfigurationManager.AppSettings["ida:AADInstance"];
private static string tenantId = ConfigurationManager.AppSettings["ida:TenantId"];
private static string postLogoutRedirectUri = ConfigurationManager.AppSettings["ida:PostLogoutRedirectUri"];
public static readonly string Authority = aadInstance + tenantId;
// This is the resource ID of the AAD Graph API. We'll need this to request a token to call the Graph API.
string graphResourceId = "https://graph.windows.net";
public void ConfigureAuth(IAppBuilder app)
{
ApplicationDbContext db = new ApplicationDbContext();
app.SetDefaultSignInAsAuthenticationType(CookieAuthenticationDefaults.AuthenticationType);
app.UseCookieAuthentication(new CookieAuthenticationOptions());
app.UseOpenIdConnectAuthentication(
new OpenIdConnectAuthenticationOptions
{
ClientId = clientId,
Authority = Authority,
PostLogoutRedirectUri = postLogoutRedirectUri,
Notifications = new OpenIdConnectAuthenticationNotifications()
{
// If there is a code in the OpenID Connect response, redeem it for an access token and refresh token, and store those away.
AuthorizationCodeReceived = (context) =>
{
var code = context.Code;
ClientCredential credential = new ClientCredential(clientId, appKey);
string signedInUserID = context.AuthenticationTicket.Identity.FindFirst(ClaimTypes.NameIdentifier).Value;
AuthenticationContext authContext = new AuthenticationContext(Authority, new ADALTokenCache(signedInUserID));
AuthenticationResult result =
authContext.AcquireTokenByAuthorizationCode(
code,
new Uri(HttpContext.Current.Request.Url.GetLeftPart(UriPartial.Path)),
credential,
graphResourceId);
return Task.FromResult(0);
},
RedirectToIdentityProvider = context =>
{
string appBaseUrl = context.Request.Scheme + "://" + context.Request.Host + context.Request.PathBase;
string currentUrl = context.Request.Scheme + "://" + context.Request.Host + context.Request.Path;
context.ProtocolMessage.RedirectUri = currentUrl;
context.ProtocolMessage.PostLogoutRedirectUri = appBaseUrl;
return Task.FromResult(0);
}
}
});
}
}
And now I have this:现在我有这个:
Sometimes a DbEntityValidationException happens on my ApplicationDbContext (used to store ADALTokenCache)有时 DbEntityValidationException 发生在我的 ApplicationDbContext 上(用于存储 ADALTokenCache)
When coding a web application using Azure AD ou Office 365 for user authentication you need to create a application key and configure an url for Azure redirect to your application after login.使用 Azure AD 或 Office 365 为用户身份验证编写 Web 应用程序时,您需要创建应用程序密钥并配置登录后 Azure 重定向到应用程序的 URL。 This url should be configured in web.config, but Azure AD ignores URI parameter that your application sends and redirects you to production URI instead of development URI.
此 url 应在 web.config 中配置,但 Azure AD 会忽略应用程序发送的 URI 参数并将您重定向到生产 URI 而不是开发 URI。
my development url: https://localhost:44315/ production url: http://timesheet.tecnun.com.br/我的开发网址: https://localhost:44315/生产网址: http ://timesheet.tecnun.com.br/
the application ignores web.config and redirects to production url always应用程序总是忽略 web.config 并重定向到生产 url
web.config:网络配置:
<appSettings>
<add key="webpages:Version" value="3.0.0.0" />
<add key="webpages:Enabled" value="false" />
<add key="ClientValidationEnabled" value="true" />
<add key="UnobtrusiveJavaScriptEnabled" value="true" />
<add key="ida:ClientId" value="xxxxx" />
<add key="ida:AADInstance" value="https://login.microsoftonline.com/" />
<add key="ida:ClientSecret" value="xxxx" />
<add key="ida:Domain" value="tecnun.com.br" />
<add key="ida:TenantId" value="xxx" />
<add key="ida:PostLogoutRedirectUri" value="https://localhost:44315/" />
</appSettings>
my azure configuration:我的天蓝色配置:
Id like to work with two environments, development and production/real.我喜欢在两种环境下工作,开发和生产/真实。 But I can't find out how to do this without creating two applications.
但是我不知道如何在不创建两个应用程序的情况下做到这一点。
To make the same application works for the different redirect URL, we can change it dynamically before the web app redirect to the identity data provider.为了使相同的应用程序适用于不同的重定向 URL,我们可以在 Web 应用程序重定向到身份数据提供者之前动态更改它。
Here is the code sample for your reference:这是供您参考的代码示例:
app.UseOpenIdConnectAuthentication(
new OpenIdConnectAuthenticationOptions
{
ClientId = clientId,
Authority = authority,
Notifications = new OpenIdConnectAuthenticationNotifications
{
RedirectToIdentityProvider=context=>
{
string appBaseUrl = context.Request.Scheme + "://" + context.Request.Host + context.Request.PathBase;
string currentUrl = context.Request.Scheme + "://" + context.Request.Host + context.Request.Path;
context.ProtocolMessage.RedirectUri = currentUrl;
context.ProtocolMessage.PostLogoutRedirectUri = appBaseUrl;
return Task.FromResult(0);
}
}
});
声明:本站的技术帖子网页,遵循CC BY-SA 4.0协议,如果您需要转载,请注明本站网址或者原文地址。任何问题请咨询:yoyou2525@163.com.