I am trying to migrate an ASP.NET MVC app from forms authentication to Azure AD. Locally it works fine, but when I deployed to the dev server I get this error :
[InvalidOperationException: IDX10803: Unable to create to obtain configuration from: 'https://login.microsoftonline.com/mydomain.onmicrosoft.com/.well-known/openid-configuration'.]
This is the Startup class:
public partial class Startup
{
private static readonly string clientId = ConfigurationManager.AppSettings["ida:ClientId"];
private static readonly string aadInstance = ConfigurationManager.AppSettings["ida:AADInstance"];
private static readonly string postLogoutRedirectUri = ConfigurationManager.AppSettings["ida:PostLogoutRedirectUri"];
private static readonly string redirectUri = ConfigurationManager.AppSettings["ida:RedirectUri"];
private static readonly string tenant = ConfigurationManager.AppSettings["ida:Tenant"];
private static readonly string domain = ConfigurationManager.AppSettings["ida:Domain"];
private static readonly string authority = string.Format(aadInstance, tenant);
public void ConfigureAuth(IAppBuilder app)
{
app.SetDefaultSignInAsAuthenticationType(CookieAuthenticationDefaults.AuthenticationType);
app.UseCookieAuthentication(new CookieAuthenticationOptions());
app.UseOpenIdConnectAuthentication(
new OpenIdConnectAuthenticationOptions
{
ClientId = clientId,
Authority = authority,
PostLogoutRedirectUri = postLogoutRedirectUri,
RedirectUri = redirectUri,
/*
* Skipping the Home Realm Discovery Page in Azure AD
* http://www.cloudidentity.com/blog/2014/11/17/skipping-the-home-realm-discovery-page-in-azure-ad/
*/
Notifications = new OpenIdConnectAuthenticationNotifications
{
RedirectToIdentityProvider = (context) =>
{
context.ProtocolMessage.DomainHint = domain;
return Task.FromResult(0);
}
}
});
}
}
If I open the https://login.microsoftonline.com/mydomain.onmicrosoft.com/.well-known/openid-configuration link I get this:
{"authorization_endpoint":"https://login.microsoftonline.com/58f6d2d3-81bd-40d7-872f-8e17475a8058/oauth2/authorize","token_endpoint":"https://login.microsoftonline.com/58f6d2d3-81bd-40d7-872f-8e17475a8058/oauth2/token","token_endpoint_auth_methods_supported":["client_secret_post","private_key_jwt"],"jwks_uri":"https://login.microsoftonline.com/common/discovery/keys","response_modes_supported":["query","fragment","form_post"],"subject_types_supported":["pairwise"],"id_token_signing_alg_values_supported":["RS256"],"response_types_supported":["code","id_token","code id_token","token id_token","token"],"scopes_supported":["openid"],"issuer":"https://sts.windows.net/58f6d2d3-81bd-40d7-872f-8e17475a8058/","claims_supported":["sub","iss","aud","exp","iat","auth_time","acr","amr","nonce","email","given_name","family_name","nickname"],"microsoft_multi_refresh_token":true,"check_session_iframe":"https://login.microsoftonline.com/58f6d2d3-81bd-40d7-872f-8e17475a8058/oauth2/checksession","end_session_endpoint":"https://login.microsoftonline.com/58f6d2d3-81bd-40d7-872f-8e17475a8058/oauth2/logout","userinfo_endpoint":"https://login.microsoftonline.com/58f6d2d3-81bd-40d7-872f-8e17475a8058/openid/userinfo"}
看来问题出在防火墙设置。
The technical post webpages of this site follow the CC BY-SA 4.0 protocol. If you need to reprint, please indicate the site URL or the original address.Any question please contact:yoyou2525@163.com.