[英]Unable to login in multitenant application
I have some confusion in Azure Ad Multi-Tenant Authentication.我对 Azure 广告多租户身份验证有些困惑。
My application is the Devexpress XAF Blazor Application in Visual Studio 2019.我的应用程序是 Visual Studio 2019 中的 Devexpress XAF Blazor 应用程序。
Devexpress version 21.2.3 Devexpress 版本 21.2.3
I want azure ad multitenant authentication, single-tenant authentication is working fine.我想要 azure 广告多租户身份验证,单租户身份验证工作正常。
I have already followed below documents:-我已经遵循以下文件:-
https://docs.microsoft.com/en-us/azure/architecture/multitenant-identity/ https://docs.microsoft.com/en-us/azure/architecture/multitenant-identity/
https://itnext.io/why-you-should-be-using-azure-multi-tenant-apps-49d4704b926e https://itnext.io/why-you-should-be-using-azure-multi-tenant-apps-49d4704b926e
https://docs.devexpress.com/eXpressAppFramework/402197/data-security-and-safety/security-system/authentication/active-directory-and-oauth2-authentication-providers-in-blazor-applications https://docs.devexpress.com/eXpressAppFramework/402197/data-security-and-safety/security-system/authentication/active-directory-and-oauth2-authentication-providers-in-blazor-applications
My Azure Ad Configuration is as below:我的 Azure 广告配置如下:
"AzureAd": {
"Instance": "https://login.microsoftonline.com/common",
//"Instance": "https://login.microsoftonline.com",
"AppIDURL": "https://Mydomain.onmicrosoft.com/MyApp",
"Domain": "my Domain",
"TenantId": "My Tenant Id",
"ClientId": "My Client Id",
"ClientCertificates": [],
"CallbackPath": "/signin-oidc"
},
When I used the below code in a startup.cs file当我在 startup.cs 文件中使用以下代码时
var authentication = services.AddAuthentication(CookieAuthenticationDefaults.AuthenticationScheme);
authentication
.AddCookie(options =>
{
options.LoginPath = "/LoginPage";
}).AddMicrosoftIdentityWebApp(Configuration, configSectionName: "AzureAd", cookieScheme: null);
Getting below error:-出现以下错误:-
IOException: IDX20807 : Unable to retrieve document from: 'System.String'. IOException: IDX20807 :无法从“System.String”检索文档。 HttpResponseMessage: 'System.Net.Http.HttpResponseMessage', HttpResponseMessage.Content: 'System.String'.
HttpResponseMessage:'System.Net.Http.HttpResponseMessage',HttpResponseMessage.Content:'System.String'。
Or或者
When I used the below code当我使用下面的代码
var authentication = services.AddAuthentication(AzureADDefaults.AuthenticationScheme);
authentication
.AddCookie(options =>
{
options.LoginPath = "/LoginPage";
}).AddAzureAD(options => Configuration.Bind("AzureAd", options));
I was able to login into the application but was not able to log out of the application it login again and Devexpress login page was also not visible (as mentioned above LoginPath).我能够登录到应用程序,但无法退出它再次登录的应用程序,并且 Devexpress 登录页面也不可见(如上所述 LoginPath)。
We have multiple Authentication schemes like below:-我们有多种身份验证方案,如下所示:-
But which one was used in Azure Ad Multi-Tenant Application.但是哪一个用于 Azure 广告多租户应用程序。
Hellow,你好,
I sugest you to upload debug simbols too see the exat problem in the HttpDocumentRetriever.GetDocumentAsync我建议你上传调试符号也看到 HttpDocumentRetriever.GetDocumentAsync 中的 exat 问题
For me it's StatusCode 400 or 404 In VisualStudio go to: Tools->Options->Debugging->Symbols.对我来说,它是 VisualStudio go 中的 StatusCode 400 或 404 到:工具->选项->调试->符号。
The seccond problem with "was not able to log out" “无法注销”的第二个问题
I am not shure that you need to put the "AzureADDefaults.AuthenticationScheme" as a defaut scheme or I don't know a reason to do that.我不确定您需要将“AzureADDefaults.AuthenticationScheme”作为默认方案,否则我不知道这样做的理由。
It's better to try the authentication without XAF when you need some complex solution and XAF doesn't work with that from the box.当您需要一些复杂的解决方案并且 XAF 无法直接使用该解决方案时,最好尝试不使用 XAF 的身份验证。
Of cource you can override XAF log out logic where they perform context.SignOutAsync() by your own.当然,您可以覆盖 XAF 注销逻辑,他们自己执行 context.SignOutAsync()。 They use a middleware for it, you can write you own and register it before XAF middleware(s) registration, before
他们为此使用中间件,您可以编写自己的并在 XAF 中间件注册之前注册它,之前
app.UseXaf();应用程序.UseXaf();
Your middleware can look like你的中间件看起来像
using System;
using System.Threading.Tasks;
using DevExpress.ExpressApp.Blazor.Services;
using DevExpress.ExpressApp.Blazor.Utils;
using Microsoft.AspNetCore.Authentication;
using Microsoft.AspNetCore.Http;
using Microsoft.Extensions.Logging;
namespace MyApplication {
public class CustomSignInMiddleware {
private readonly RequestDelegate next;
public CustomSignInMiddleware(RequestDelegate next) {
this.next = next;
}
public async Task Invoke(HttpContext context, ILogger<CustomSignInMiddleware> logger = null) {
string requestPath = context.Request.Path.Value.TrimStart('/');
string returnUrl = ReturnUrlHelper.ExtractReturnUrl(context.Request);
if(requestPath.StartsWith(SignInMiddlewareDefaults.SignOutEndpointName, StringComparison.Ordinal)) {
await context.SignOutAsync();
context.Response.Redirect(returnUrl);
}
else {
await next(context);
}
}
}
}
and use SignOutAsync with desired scheme.并将 SignOutAsync 与所需方案一起使用。 Don't forget to register
不要忘记注册
app.UseMiddleware<CustomSignInMiddleware>();
app.UseXaf();
Thanks, Dima for your reply,谢谢,迪玛的回复,
But the problem is resolved with the correct setting suggested by Microsoft Team.但问题已通过 Microsoft Team 建议的正确设置得到解决。
"AzureAd": {
"Instance": "https://login.microsoftonline.com/",
"Domain": "Mydomain",
"ClientId": "My Client Id",
"TenantId": "organizations", // It is must in Multi Tenant application
"CallbackPath": "/signin-oidc"
},
And My Startup file as below我的启动文件如下
services.AddAuthentication(CookieAuthenticationDefaults.AuthenticationScheme).AddCookie(options =>
{
options.LoginPath = "/LoginPage";
}).AddMicrosoftIdentityWebApp(Configuration.GetSection("AzureAd"), cookieScheme: null);
声明:本站的技术帖子网页,遵循CC BY-SA 4.0协议,如果您需要转载,请注明本站网址或者原文地址。任何问题请咨询:yoyou2525@163.com.