Azure AD authentication
Question
I am trying to migrate an ASP.NET MVC app from forms authentication to Azure AD. Locally it works fine, but when I deployed to the dev server I get this error :
[InvalidOperationException: IDX10803: Unable to create to obtain configuration from: 'https://login.microsoftonline.com/mydomain.onmicrosoft.com/.well-known/openid-configuration'.]
This is the Startup class:
public partial class Startup
{
private static readonly string clientId = ConfigurationManager.AppSettings["ida:ClientId"];
private static readonly string aadInstance = ConfigurationManager.AppSettings["ida:AADInstance"];
private static readonly string postLogoutRedirectUri = ConfigurationManager.AppSettings["ida:PostLogoutRedirectUri"];
private static readonly string redirectUri = ConfigurationManager.AppSettings["ida:RedirectUri"];
private static readonly string tenant = ConfigurationManager.AppSettings["ida:Tenant"];
private static readonly string domain = ConfigurationManager.AppSettings["ida:Domain"];
private static readonly string authority = string.Format(aadInstance, tenant);
public void ConfigureAuth(IAppBuilder app)
{
app.SetDefaultSignInAsAuthenticationType(CookieAuthenticationDefaults.AuthenticationType);
app.UseCookieAuthentication(new CookieAuthenticationOptions());
app.UseOpenIdConnectAuthentication(
new OpenIdConnectAuthenticationOptions
{
ClientId = clientId,
Authority = authority,
PostLogoutRedirectUri = postLogoutRedirectUri,
RedirectUri = redirectUri,
/*
* Skipping the Home Realm Discovery Page in Azure AD
* http://www.cloudidentity.com/blog/2014/11/17/skipping-the-home-realm-discovery-page-in-azure-ad/
*/
Notifications = new OpenIdConnectAuthenticationNotifications
{
RedirectToIdentityProvider = (context) =>
{
context.ProtocolMessage.DomainHint = domain;
return Task.FromResult(0);
}
}
});
}
}
If I open the https://login.microsoftonline.com/mydomain.onmicrosoft.com/.well-known/openid-configuration link I get this:
{"authorization_endpoint":"https://login.microsoftonline.com/58f6d2d3-81bd-40d7-872f-8e17475a8058/oauth2/authorize","token_endpoint":"https://login.microsoftonline.com/58f6d2d3-81bd-40d7-872f-8e17475a8058/oauth2/token","token_endpoint_auth_methods_supported":["client_secret_post","private_key_jwt"],"jwks_uri":"https://login.microsoftonline.com/common/discovery/keys","response_modes_supported":["query","fragment","form_post"],"subject_types_supported":["pairwise"],"id_token_signing_alg_values_supported":["RS256"],"response_types_supported":["code","id_token","code id_token","token id_token","token"],"scopes_supported":["openid"],"issuer":"https://sts.windows.net/58f6d2d3-81bd-40d7-872f-8e17475a8058/","claims_supported":["sub","iss","aud","exp","iat","auth_time","acr","amr","nonce","email","given_name","family_name","nickname"],"microsoft_multi_refresh_token":true,"check_session_iframe":"https://login.microsoftonline.com/58f6d2d3-81bd-40d7-872f-8e17475a8058/oauth2/checksession","end_session_endpoint":"https://login.microsoftonline.com/58f6d2d3-81bd-40d7-872f-8e17475a8058/oauth2/logout","userinfo_endpoint":"https://login.microsoftonline.com/58f6d2d3-81bd-40d7-872f-8e17475a8058/openid/userinfo"}
1 answers
solution1
0 ACCPTED 2015-11-30 20:30:49
看来问题出在防火墙设置。
The technical post webpages of this site follow the CC BY-SA 4.0 protocol. If you need to reprint, please indicate the site URL or the original address.Any question please contact:yoyou2525@163.com.
Related Question
Azure AD Integrated Authentication
AD / Windows authentication on Azure
Forms and Azure AD Authentication
Authentication and authorization with Azure AD
Azure Postgres AD Authentication
Custom authentication in Azure AD
Azure AD authentication with Airflow
Spring Azure AD Authentication
Azure AD authentication in iOS
Azure AD Authentication in Azure Functions
Related Tags