stackoom
  简体   繁体   中英

ASP.Net Azure OpenId integration

 原文  2018-11-14 23:05:06       c#/ azure/ azure-active-directory

Question

I am trying to create a project that uses Azure AD for SSO authentication. The azure side of the app has been configured and I was able to get SAML authentication working with the following code: 

app.SetDefaultSignInAsAuthenticationType(CookieAuthenticationDefaults.AuthenticationType);

app.UseCookieAuthentication(new CookieAuthenticationOptions());

app.UseWsFederationAuthentication(
    new WsFederationAuthenticationOptions
    {
        Wtrealm = realm,
        MetadataAddress = adfsMetadata
    });

Configured this way the site works fine for web pages, but I also need to be able to have API calls that are called from a native client. I would like to use JWTs for authentication for the native apps and found documentation on how to set up a separate native application that serves up JWTs. I found instructions on using the Add Connected Service to add authentication to a blank site here and it seemed to configure the site to use OpenId with the following code in my Startup.Auth.cs file being created: 

IdentityModelEventSource.ShowPII = true;

app.SetDefaultSignInAsAuthenticationType(CookieAuthenticationDefaults.AuthenticationType);

app.UseCookieAuthentication(new CookieAuthenticationOptions());

app.UseOpenIdConnectAuthentication(
    new OpenIdConnectAuthenticationOptions
    {
        ClientId = clientId,
        Authority = Authority,
        PostLogoutRedirectUri = postLogoutRedirectUri
    });

Unfortunately when I run the newly configured blank site I get the following error:

IDX10501: Signature validation failed. Unable to match keys: 'Vxa8HJ8gNB1XfxYnIDHBl2YuSFc', token: '{"typ":"JWT","alg":"RS256","x5t":"Vxa8HJ8gNB1XfxYnIDHBl2YuSFc","kid":"Vxa8HJ8gNB1XfxYnIDHBl2YuSFc"}.{"aud":"c13f71a0-e658-4432-a61e-24140f2b5890","iss":" https://sts.windows.net/8948afa6-51e3-4041-8303-5688ba9c8135/ ","iat":1542235664,"nbf":1542235664,"exp":1542239564,"aio":"ASQA2/8JAAAA6+NtWgTWs4mQi7gcoqDJMWDjmQtgxL79oC3U112+XjI=",...

I've looked at the OpenId metadata for my app and key Vxa8HJ8gNB1XfxYnIDHBl2YuSFc isn't in there anywhere. Is there something simple that I have missed?

Edit

It looks like the authority that was configured was 

https://login.microsoftonline.com/{tenant}

1 answers

solution1
 0  2018-11-26 21:52:57

I opened a case with Microsoft and one of their developers helped discover that the problem was with OpenId and Enterprise applications. When I created a non-enterprise application (Web/API) I was able to get the web site to properly authenticate. I tested this by creating an enterprise app from scratch and comparing the browser behavior between the Web/API app and the Enterprise app. The problem only shows up for the enterprise app. I'm not sure what the difference is, but it is on Microsoft's side. Also, it only shows up for OpenId. I was able to get it working with SAML as I mentioned above. I'm not clear on what the distinction is between the Web/API app and the Enterprise app.

暂无
暂无

The technical post webpages of this site follow the CC BY-SA 4.0 protocol. If you need to reprint, please indicate the site URL or the original address.Any question please contact:yoyou2525@163.com.

Related Question Multi tenant OpenID integration to ASP.Net MVC web application without native .Net authentication support Asp.Net Identity, OpenId implementation How to use OpenID in ASP.net OpenID Selector for asp.net c# Asp.Net Microsoft Identity and OAuth and OpenId OpenID Connect with ASP.NET MVC OpenID reference problem in asp.net MailChimp integration with asp.net Integration with paygate in asp.net How to Validate OpenID Connect Access Token generated by Azure AD v2 in ASP.NET core WEB API?
Related Tags
 
粤ICP备18138465号  © 2020-2024 STACKOOM.COM