单租户到多租户

Question

I have a website MVC 5 with a single tenant.我有一个只有一个租户的网站 MVC 5。 I use single tenant but some users log on my website with a different tenant.我使用单租户，但有些用户使用不同的租户登录我的网站。

I have this error: AADSTS50020: User account .我有这个错误： AADSTS50020: User account 。

CAN you help me please?你能帮我吗？

Thanks.谢谢。

Answer 1

I have this error: AADSTS50020: User account .我有这个错误： AADSTS50020: User account 。

If you don't update your website to be multi-tenant, upon other tenant users want to log on your website, it will prompt this same error.如果您不将您的网站更新为多租户，当其他租户用户想要登录您的网站时，也会提示同样的错误。

I create a website with a multiple tenant but i have 400 error.我创建了一个有多个租户的网站，但出现 400 错误。

For the multi-tenant, you need to change your endpoint from your tenant (like https://login.microsoftonline.com/contoso.onmicrosoft.com ) to be common (like https://login.microsoftonline.com/common ).对于多租户，您需要将您的租户的终结点（如https://login.microsoftonline.com/contoso.onmicrosoft.com ）更改为common （如https://login.microsoftonline.com/common ） . By this, the login request could be sent to an endpoint that multiplexes across all Azure AD tenants.通过这种方式，登录请求可以发送到跨所有 Azure AD 租户多路复用的终结点。

For the details, you could refer to here .有关详细信息，您可以参考此处。

Answer 2

Thanks for your answer.感谢您的回答。

How I have to modify my code :我必须如何修改我的代码：

  public partial class Startup
{
    private static string clientId = ConfigurationManager.AppSettings["ida:ClientId"];
    private static string appKey = ConfigurationManager.AppSettings["ida:ClientSecret"];
    private static string aadInstance = ConfigurationManager.AppSettings["ida:AADInstance"];
    private static string tenantId = ConfigurationManager.AppSettings["ida:TenantId"];
    private static string postLogoutRedirectUri = ConfigurationManager.AppSettings["ida:PostLogoutRedirectUri"];

    public static readonly string Authority = aadInstance + tenantId;

    // This is the resource ID of the AAD Graph API.  We'll need this to request a token to call the Graph API.
    string graphResourceId = "https://graph.windows.net";

    public void ConfigureAuth(IAppBuilder app)
    {
        ApplicationDbContext db = new ApplicationDbContext();

        app.SetDefaultSignInAsAuthenticationType(CookieAuthenticationDefaults.AuthenticationType);

        app.UseCookieAuthentication(new CookieAuthenticationOptions());

        app.UseOpenIdConnectAuthentication(
            new OpenIdConnectAuthenticationOptions
            {
                ClientId = clientId,
                Authority = Authority,
                PostLogoutRedirectUri = postLogoutRedirectUri,

                Notifications = new OpenIdConnectAuthenticationNotifications()
                {

                   AuthorizationCodeReceived = (context) => 
                   {
                       var code = context.Code;
                       ClientCredential credential = new ClientCredential(clientId, appKey);
                       string signedInUserID = context.AuthenticationTicket.Identity.FindFirst(ClaimTypes.NameIdentifier).Value;
                       AuthenticationContext authContext = new AuthenticationContext(Authority, new ADALTokenCache(signedInUserID));
                       AuthenticationResult result = authContext.AcquireTokenByAuthorizationCode(
                       code, new Uri(HttpContext.Current.Request.Url.GetLeftPart(UriPartial.Path)), credential, graphResourceId);

                       return Task.FromResult(0);
                   }
                }
            });
    }
}

Thanks谢谢

单租户到多租户

问题描述

2 个解决方案

解决方案1
0 2018-10-25 03:23:25

解决方案2
0 2018-10-25 09:20:19

单租户到多租户

问题描述

2 个解决方案

解决方案1 0 2018-10-25 03:23:25

解决方案2 0 2018-10-25 09:20:19

解决方案1
0 2018-10-25 03:23:25

解决方案2
0 2018-10-25 09:20:19