堆栈内存溢出
  简体   繁体   English

如何允许公开登录我的 Azure 租户中的应用注册?

[英]How can I allow public login on my app registration in my Azure Tenant?

 原文  2020-10-23 15:04:01       azure/ authentication/ azure-active-directory/ openid

问题描述

I'm trying to create an app hosted in Azure that (should) allow public login, as long as you have a Microsoft account.我正在尝试创建一个托管在 Azure 中的应用程序,只要您拥有 Microsoft 帐户,它(应该)允许公共登录。 I don't care if it's a business or personal account.我不在乎它是企业帐户还是个人帐户。 You just need to be able to log in. I'm creating a SPA and an API.您只需要能够登录。我正在创建一个 SPA 和一个 API。

So I went to the Azure portal and created an app registration and configured the app reg to allow all users from within, or outside the organization with a valid personal or business Microsoft account.因此,我转到 Azure 门户并创建了一个应用程序注册并配置了应用程序注册以允许来自组织内部或外部的所有用户使用有效的个人或企业 Microsoft 帐户。

Now the SPA is an Angular app and I use Damien Bod's OpenId library to log in. When I point the stsServer to my login endpoint ( https://login.microsoftonline.com/{my-tenant-id}/v2.0 ) and log in, all works fine, except when I log in using an account outside the organization (for example my personal account).现在 SPA 是一个 Angular 应用程序,我使用 Damien Bod 的 OpenId 库登录。当我将 stsServer 指向我的登录端点 ( https://login.microsoftonline.com/{my-tenant-id}/v2.0 )并登录,一切正常,除非我使用组织外部的帐户(例如我的个人帐户)登录。

I get receive the following error:我收到以下错误:

AADSTS50020: User account 'xxxx@xxxx.xxx' from identity provider 'https://sts.windows.net/xxxxxxxx-xxxx-xxxx-xxxx-xxxxxxxxxxxx/' does not exist in tenant 'Default Directory' and cannot access the application 'xxxxxxxx-xxxx-xxxx-xxxx-xxxxxxxxxxxx'(App Name) in that tenant. The account needs to be added as an external user in the tenant first. Sign out and sign in again with a different Azure Active Directory user account.

Now the problem is that I simply don't want to add all these users, but allow them access to this app.现在的问题是我不想添加所有这些用户,而是允许他们访问这个应用程序。 How can I do that?我怎样才能做到这一点?

Thanks a bunch!谢谢一堆!

1 个解决方案

解决方案1
 3 已采纳  2020-10-24 08:25:12

If you want to allow any account to sign in, you can't use your tenant-specific login endpoint.如果要允许任何帐户登录,则不能使用租户特定的登录端点。 You need to use the "common" endpoint: https://login.microsoftonline.com/common/v2.0 .您需要使用“通用”端点: https://login.microsoftonline.com/common/v2.0 : https://login.microsoftonline.com/common/v2.0 This allows login with any Azure AD / Personal Microsoft account.这允许使用任何 Azure AD/个人 Microsoft 帐户登录。

暂无
暂无

声明:本站的技术帖子网页,遵循CC BY-SA 4.0协议,如果您需要转载,请注明本站网址或者原文地址。任何问题请咨询:yoyou2525@163.com.

相关问题 如何使用其他租户的Azure AD应用程序? - How can I use my Azure AD app from another tenant? 如何允许客户租户在我的多租户 Azure AD 应用程序中添加自定义角色 - How to allow Client Tenants to add custom roles in my multi tenant Azure AD app 当用户从市场点击我的应用程序时,如何将正确的租户 ID 发送到 Azure AD 以进行用户授权? - How can I send the right tenant id to Azure AD for user authorization when a user clicks on my app from the marketplace? 如何使用Microsoft Azure中的多租户应用程序在客户端的活动目录中注册应用程序? - How do I register an app in client's active directory using my multi tenant app in microsoft azure? 如何在我的WP 8.1应用程序中使用Azure移动服务和SQL Azure StoredProc功能进行用户注册页面 - How can I use Azure Mobile Services and SQL Azure StoredProc function in my WP 8.1 App for user registration page 我可以在自己的登录/注册页(MVC)中使用Azure AD B2C吗? - Can I use Azure AD B2C in my own login/registration page(MVC)? 如何使用 AAD 凭据登录到 Azure VM? - how can i login to my Azure VM with my AAD credentials? 如何将自定义属性添加到我的 Azure AD 租户成员(非 B2C 用户) - How can i add Custom Attributes to my Azure AD tenant members (Not B2C users) 如何找出组织/租户中 Azure AD 刷新令牌的 MaxInactiveTime 设置? - How can I find out the MaxInactiveTime setting for Azure AD refresh tokens in my organization/tenant? 服务主体如何登录到我的Azure应用程序服务? - How can a service principal login to my Azure app-service?
相关标签
 
粤ICP备18138465号  © 2020-2024 STACKOOM.COM