Azure AD 未在 .NET Core 3.1 中进行身份验证

Question

I'm trying to get Azure AD working in an existing application. I've followed the instructions and looked at the sample code from Microsoft's site ( https://docs.microsoft.com/en-us/azure/active-directory/develop/quickstart-v2-aspnet-core-webapp ) with no luck. The sample code is using .NET Core 2.1. I can get it to work with .NET Core 2.1 but 3.1 is throwing a fit for a couple reasons.

1. Compared to sample code one needs to set the EnableEndpointRouting to false.
2. Compared to sample code I tried removing the set compatibilityversion on AddMvc and also tried using it as being set to 3.0.

When I run it in .NET Core 3.1 all it does is load the page and never calls out/perform the authentication and is behaving as if there is not Authorize tag on the controller.

I have an Authorize tag on the class level in controller.

Startup.cs:

...
            services.Configure<CookiePolicyOptions>(options =>
            {
                options.CheckConsentNeeded = context => true;
                options.MinimumSameSitePolicy = SameSiteMode.None;
            });

            services.AddAuthentication(AzureADDefaults.AuthenticationScheme)
                .AddAzureAD(options => Configuration.Bind("AzureAd", options));

            services.Configure<OpenIdConnectOptions>(AzureADDefaults.OpenIdScheme, options =>
            {
                options.Authority = options.Authority + "/v2.0/";
                options.TokenValidationParameters.ValidateIssuer = false;
            });

            services.AddMvc(options =>
            {
                var policy = new AuthorizationPolicyBuilder()
                    .RequireAuthenticatedUser()
                    .Build();
                options.Filters.Add(new AuthorizeFilter(policy));
                options.EnableEndpointRouting = false;
            });

Then down below in the Configure function:

...
app.UseHttpsRedirection();
            app.UseStaticFiles();
            app.UseCookiePolicy();

            app.UseAuthentication();

            app.UseMvc(routes =>
            {
                routes.MapRoute(
                    name: "default",
                    template: "{controller=Home}/{action=Index}/{id?}");
            });

Then in my appsettings.json I have:

{
  "AzureAd": {
    "Instance": "https://login.microsoftonline.com/",
    "Domain": "domain.onmicrosoft.com",
    "TenantId": "guid",
    "ClientId": "guid",
    "CallbackPath": "/signin-oidc"
  },
...

My question is why is it treating the requests as if their is no authentication? I have also tried using the UseAuthorization below the UseAuthentication.

Thanks!

Answer 1

According to my test, if you want to configure Azure AD for .net core 3.1 web app, please refer to the following steps

1. Register Azure AD web application

2. Configure application

   a. Install SDK Microsoft.AspNetCore.Authentication.AzureAD.UI

     <Project Sdk="Microsoft.NET.Sdk.Web">

      <PropertyGroup>
        <TargetFramework>netcoreapp3.1</TargetFramework>
      </PropertyGroup>

      <ItemGroup>
        <PackageReference Include="Microsoft.AspNetCore.Authentication.AzureAD.UI" Version="3.1.1" />
      </ItemGroup>

    </Project>

b.Update appsettings.json

      "AzureAd": {
    "Instance": "https://login.microsoftonline.com/",
    "Domain": "domain.onmicrosoft.com",
    "TenantId": "guid",
    "ClientId": "guid",
    "CallbackPath": "/signin-oidc"
  },
...  

c. Update startup.cs

• add the following code in ConfigureServices function

  public void ConfigureServices(IServiceCollection services) { services.Configure<CookiePolicyOptions>(options => { options.CheckConsentNeeded = context => true; options.MinimumSameSitePolicy = SameSiteMode.Unspecified; }); services.AddAuthentication(AzureADDefaults.AuthenticationScheme) .AddAzureAD(options => Configuration.Bind("AzureAd", options)); services.Configure<OpenIdConnectOptions>(AzureADDefaults.OpenIdScheme, options => { options.Authority = options.Authority + "/v2.0/"; options.TokenValidationParameters.ValidateIssuer = false; }); services.AddControllersWithViews(options => { var policy = new AuthorizationPolicyBuilder() .RequireAuthenticatedUser() .Build(); options.Filters.Add(new AuthorizeFilter(policy)); }); services.AddRazorPages(); }

• Add the following code in Configure Function

  public void Configure(IApplicationBuilder app, IWebHostEnvironment env)
     {
        ...
         app.UseHttpsRedirection();
         app.UseStaticFiles();

         app.UseRouting();

         app.UseCookiePolicy();
         app.UseAuthentication();
         app.UseAuthorization();

         app.UseEndpoints(endpoints =>
         {
             endpoints.MapControllerRoute(
                 name: "default",
                 pattern: "{controller=Home}/{action=Index}/{id?}");
         });
     }

For more details, please refer to the sample