[英]Azure AD RBAC User.IsInRole throws Trust Relationship error when not on domain
I've written ac# app that uses Azure AD. 我已经编写了使用Azure AD的ac#应用程序。 Below is my Startup.Auth.cs file.
以下是我的Startup.Auth.cs文件。 Everything works fine when I am connected to the domain.
当我连接到域时,一切正常。 However, when I use
User.IsInRole
when not on domain I get a Trust Relationship error. 但是,当我不在域上时使用
User.IsInRole
时,会出现“信任关系”错误。 What could be the cause? 可能是什么原因?
Additionally: Using the [Authorize(Roles="MyRole")]
WORKS! 另外:使用
[Authorize(Roles="MyRole")]
可行! The exact error is: The trust relationship between this workstation and the primary domain failed.
确切的错误是:
The trust relationship between this workstation and the primary domain failed.
// Startup.Auth.cs
private static string clientId = ConfigurationManager.AppSettings["ida:ClientId"];
private static string aadInstance = ConfigurationManager.AppSettings["ida:AADInstance"];
private static string tenantId = ConfigurationManager.AppSettings["ida:TenantId"];
private static string postLogoutRedirectUri = ConfigurationManager.AppSettings["ida:PostLogoutRedirectUri"];
private static string redirectUri = ConfigurationManager.AppSettings["ida:RedirectUri"];
string authority = aadInstance + tenantId;
public void ConfigureAuth(IAppBuilder app)
{
app.SetDefaultSignInAsAuthenticationType(CookieAuthenticationDefaults.AuthenticationType);
app.UseCookieAuthentication(new CookieAuthenticationOptions());
app.UseOpenIdConnectAuthentication(
new OpenIdConnectAuthenticationOptions
{
ClientId = clientId,
Authority = authority,
PostLogoutRedirectUri = postLogoutRedirectUri,
RedirectUri = redirectUri,
TokenValidationParameters = new System.IdentityModel.Tokens.TokenValidationParameters()
{
ValidateIssuer = true, // For Single-Tenant App.
RoleClaimType = "roles" // Grab roles when user authenticates.
},
Notifications = new OpenIdConnectAuthenticationNotifications()
{
AuthenticationFailed = (context) =>
{
return System.Threading.Tasks.Task.FromResult(0);
}
}
});
// This makes any middleware defined above this line run before the Authorization rule is applied in web.config
app.UseStageMarker(PipelineStage.Authenticate);
}
I finally figured this out. 我终于想通了。 Here is an example of what I was doing in my controller:
这是我在控制器中执行的示例:
var entitiesToDisplay = db.myEntities
.where(x => x.RequiredRole == string.empty || User.IsInRole(x.RequiredRole);
I changed this to: 我将其更改为:
IEnumerable<Entities> entitiesToDisplay;
if (Request.IsAuthenticated) {
entitiesToDisplay = db.myEntities
.where(x => x.RequiredRole == string.empty || User.IsInRole(x.RequiredRole);
}
else {
entitiesToDisplay = new List();
}
Ultimately, it turns out that User.IsInRole
throws the exception when Request.IsAuthenticated
i not true. 最终,事实证明当
Request.IsAuthenticated
不正确时, User.IsInRole
会引发异常。 Checking Request.IsAuthenticated
resolved my issue. 检查
Request.IsAuthenticated
解决了我的问题。
声明:本站的技术帖子网页,遵循CC BY-SA 4.0协议,如果您需要转载,请注明本站网址或者原文地址。任何问题请咨询:yoyou2525@163.com.