[英]Error when performing the authentication process by Azure Active Directory in test environment
I'm implementing authentication by AD, for web project.我正在为 web 项目实施 AD 身份验证。 When I run locally the authentication run successfully, but when it is take to the test environment it generates the following error:
当我在本地运行时,身份验证运行成功,但是当它进入测试环境时,它会生成以下错误:
System.InvalidOperationException: IDX20803: Unable to obtain configuration from: '[PII is hidden]'. ---> System.IO.IOException: IDX20804: Unable to retrieve document from: '[PII is hidden]'. ---> System.Threading.Tasks.TaskCanceledException: A task was canceled.
at System.Runtime.CompilerServices.TaskAwaiter.ThrowForNonSuccess(Task task)
at System.Runtime.CompilerServices.TaskAwaiter.HandleNonSuccessAndDebuggerNotification(Task task)
at Microsoft.IdentityModel.Protocols.HttpDocumentRetriever.<GetDocumentAsync>d__8.MoveNext()
--- End of inner exception stack trace ---
at Microsoft.IdentityModel.Protocols.HttpDocumentRetriever.<GetDocumentAsync>d__8.MoveNext()
--- End of stack trace from previous location where exception was thrown ---
at System.Runtime.CompilerServices.TaskAwaiter.ThrowForNonSuccess(Task task)
at System.Runtime.CompilerServices.TaskAwaiter.HandleNonSuccessAndDebuggerNotification(Task task)
at Microsoft.IdentityModel.Protocols.OpenIdConn
settings made in the portal在门户中进行的设置
settings Startup.Auth设置 Startup.Auth
public partial class Startup
{
// Para obtener más información sobre cómo configurar la autenticación, visite https://go.microsoft.com/fwlink/?LinkId=301864
private static string clientId = ConfigurationManager.AppSettings["ida:ClientId"];
private static string appKey = ConfigurationManager.AppSettings["ida:ClientSecret"];
private static string aadInstance = ConfigurationManager.AppSettings["ida:AADInstance"];
private static string tenantId = ConfigurationManager.AppSettings["ida:TenantId"];
private static string postLogoutRedirectUri = ConfigurationManager.AppSettings["ida:PostLogoutRedirectUri"];
private static string postLoginRedirectUri = ConfigurationManager.AppSettings["ida:PostLogoutRedirectUri"];
public static readonly string Authority = aadInstance + tenantId;
public void ConfigureAuth(IAppBuilder app)
{
app.SetDefaultSignInAsAuthenticationType(CookieAuthenticationDefaults.AuthenticationType);
//https://www.jamessturtevant.com/posts/ASPNET-Identity-Custom-Database-and-OWIN/
app.CreatePerOwinContext(ApplicationDbContext.Create);
app.UseCookieAuthentication(new CookieAuthenticationOptions());
app.UseOpenIdConnectAuthentication(
new OpenIdConnectAuthenticationOptions
{
ClientId = clientId,
Authority = Authority,
PostLogoutRedirectUri = postLogoutRedirectUri,
RedirectUri = postLoginRedirectUri
});
app.UseCookieAuthentication(new CookieAuthenticationOptions
{
AuthenticationType = DefaultAuthenticationTypes.ApplicationCookie
});
}
}
Controller SingIn and SingOut Controller 输入和输出
public void SignIn()
{
// Enviar una solicitud de inicio de sesión a OpenID Connect.
if (!Request.IsAuthenticated)
{
HttpContext.GetOwinContext().Authentication.Challenge(new AuthenticationProperties { RedirectUri = "/" }, OpenIdConnectAuthenticationDefaults.AuthenticationType);
}
}
public void SignOut()
{
if (true)
{
// Send an OpenID Connect sign-out request.
HttpContext.GetOwinContext().Authentication.SignOut(
OpenIdConnectAuthenticationDefaults.AuthenticationType, CookieAuthenticationDefaults.AuthenticationType);
}
}
Please check if proper internet connection is the issue while running on azure.请检查在 azure 上运行时是否存在正确的 Internet 连接问题。
The error means the application is not able to download the OpenId configuration document which has almost information that is required for that app in order to sign-in such as the URLs, location of the public signing keys of service's.该错误意味着应用程序无法下载 OpenId 配置文档,该文档几乎包含该应用程序登录所需的信息,例如 URL、服务的公共签名密钥的位置。
Please make sure these two lines are in order otherwise it will error:请确保这两行是有序的,否则会出错:
.UseAuthentication().UseAuthorization()
Also this error could be using the wrong tenantId or authority
url in web.config file and “Instance": "https://login.microsoftonline.com/"
To find out the error clearly. Set IdentityModelEventSource.ShowPII = true in your Startup.cs
.此外,此错误可能是在 web.config 文件和“实例”中使用了错误的
tenantId or authority
url 和“Instance": "https://login.microsoftonline.com/"
要清楚地找出错误。在您的Startup.cs
中设置IdentityModelEventSource.ShowPII = true Startup.cs
。
if (env.IsDevelopment()) { // IdentityModelEventSource.ShowPII = true; // }
And Please make sure to use the latest version (or to 4.7.2) of your dot-net framework as some of the tasks may require updated / latest version of .NET framework to work properly.并且请确保使用您的 dot-net 框架的最新版本(或 4.7.2),因为某些任务可能需要更新/最新版本的 .NET 框架才能正常工作。
Check and use the protocol - TLS 1.2 for application as TLS 1.1 or TLS 1.0 are depreciated.
检查并使用协议 - TLS 1.2 用于应用程序,因为
TLS 1.1 or TLS 1.0 are depreciated.
In some cases packages maybe still defaulting to TLS 1.1 even after changing that when loading that metadata and it may take time to reflect the correct one.在某些情况下,即使在加载元数据时更改了 TLS 1.1 后,包可能仍默认为 TLS 1.1,并且可能需要时间来反映正确的。
To resolve, try to add the following in Global.asax.cs which will allow the openid-configuration to be obtained as it is pointed to tls1.2 or above and also change the tls to 1.2 in portal also.要解决此问题,请尝试在 Global.asax.cs 中添加以下内容,这将允许获取 openid 配置,因为它指向 tls1.2 或更高版本,并且还在门户中将 tls 更改为 1.2。
protected void Application_Start() { ServicePointManager.SecurityProtocol = SecurityProtocolType.Tls12 | SecurityProtocolType.Ssl3; // allow TLSV1.2 and SSL3 only //or System.Net.ServicePointManager.SecurityProtocol = System.Net.SecurityProtocolType.Tls12; //other code }
References:参考:
声明:本站的技术帖子网页,遵循CC BY-SA 4.0协议,如果您需要转载,请注明本站网址或者原文地址。任何问题请咨询:yoyou2525@163.com.