[英]SIgn-in error in .NET 6 web application using Microsoft Identity (aka: Azure Active Directory)
I'm trying to use Microsoft Identity (formerly: Azure AD) authentication in an ASP.NET web application running on .NET 6我正在尝试在 ASP.NET web 应用程序中使用 Microsoft Identity(以前:Azure AD)身份验证
I've used this code to configure authentication in my startup class ConfigureServices
method:我在启动 class
ConfigureServices
方法中使用此代码配置身份验证:
services.AddAuthentication(OpenIdConnectDefaults.AuthenticationScheme)
.AddMicrosoftIdentityWebApp(options => {
options.Instance = appSettings.UserSettings.AzIdInstance;
options.Domain = appSettings.UserSettings.AzIdDomain;
options.TenantId = appSettings.UserSettings.AzIdTenantId;
options.ClientId = appSettings.UserSettings.AzIdClientId;
options.CallbackPath = appSettings.UserSettings.AzIdCallbackPath;
options.SignedOutCallbackPath = appSettings.UserSettings.AzIdSignOutCallbackPath;
});
services.AddAuthorization();
Then in the Configure
method, I've added:然后在
Configure
方法中,我添加了:
app.UseAuthentication();
app.UseAuthorization();
When I try to access a controller action protected by the [Authorize]
attribute, it correctly redirects me to the microsoft login page, however after I log in when the app then tries to redirect to my callback path ( /signin-oidc
) the connection gets reset and I get this browser error:当我尝试访问受
[Authorize]
属性保护的 controller 操作时,它会正确地将我重定向到 Microsoft 登录页面,但是在我登录后,当应用程序尝试重定向到我的回调路径 ( /signin-oidc
) 时,连接被重置,我得到这个浏览器错误:
What am I doing wrong here?我在这里做错了什么? Is there a good example online on how to properly configure this?
网上有没有关于如何正确配置这个的好例子?
Apparently, this error was happening because I had set the cookie's SameSite
attribute to None
with this code (I need it to be None
for some cross-domain calls that are done to the server):显然,发生此错误是因为我已使用此代码将 cookie 的
SameSite
属性设置为None
(对于对服务器执行的一些跨域调用,我需要它为None
):
services.Configure<CookieAuthenticationOptions>(CookieAuthenticationDefaults.AuthenticationScheme, options =>
{
//In-memory cookie store, so sessions are forcibly killed when the webapp restarts
//This ensures that the user's Claims are up to date - remember to restart the service when Azure AD security group memberships are changed!
options.SessionStore = services.BuildServiceProvider().GetService<MemoryCacheTicketStore>();
//We want to disable the same-site policy, otherwise cross-domain API calls from JS won't work
options.Cookie.SameSite = SameSiteMode.None;
});
apparently this by itself causes the error.显然这本身会导致错误。 To fix it, I had to also add the following code:
要修复它,我还必须添加以下代码:
services.Configure<CookiePolicyOptions>(options =>
{
options.CheckConsentNeeded = context => true;
options.HandleSameSiteCookieCompatibility(s => false);
options.MinimumSameSitePolicy = SameSiteMode.None;
});
this seems to have fixed the problem.这似乎解决了这个问题。
声明:本站的技术帖子网页,遵循CC BY-SA 4.0协议,如果您需要转载,请注明本站网址或者原文地址。任何问题请咨询:yoyou2525@163.com.