向我们的 Web 应用程序发送匿名请求

Question

Azure 应用服务身份验证/授权使向我们的应用服务应用程序添加“Azure AD 身份验证”变得非常容易。 但是我们配置后发现，一旦用户访问主页（例如https://xxx.azurewebsites.net/ ），它就会要求用户进行 AD auth。 这不是我们想要的。 我们想向我的网站添加一些不需要身份验证的 URL

Answer 1

您需要设置应用服务身份验证以允许匿名请求，如下定义： https : //docs.microsoft.com/en-us/azure/app-service/overview-authentication-authorization#allow-only-authenticated -请求。

以这种方式限制访问适用于对您的应用程序的所有调用，这对于需要公开主页的应用程序而言可能并不理想，就像在许多单页应用程序中一样。

要在需要时触发登录，请添加指向您的应用的链接或重定向，如下定义： https : //docs.microsoft.com/en-us/azure/app-service/app-service-authentication-how-to#use - 多个登录提供商。

<a href="/.auth/login/aad">Log in with Azure AD</a>
<a href="/.auth/login/microsoftaccount">Log in with Microsoft Account</a>
<a href="/.auth/login/facebook">Log in with Facebook</a>
<a href="/.auth/login/google">Log in with Google</a>
<a href="/.auth/login/twitter">Log in with Twitter</a>

您还需要在后端将授权检查添加到应该对用户进行身份验证的位置。

Answer 2

根据我的研究，我们可以使用 URL 授权规则向您的站点添加一些不需要身份验证的 URL。 更多详情请参考https://azure.github.io/AppService/2016/11/17/URL-Authorization-Rules.html 。

例如：

URL Authorization Rules
 7 minute read
Chris Gillum (MSFT) 11/17/2016 3:40:36 PM
One of the goals of Azure App Service Authentication / Authorization is to make it very easy to add "auth" to your App Service apps (which is why we often refer to it as Easy Auth). Most of our investments so far have been focused on creating a streamlined authentication setup experience. However, up until now authorization was something developers had to implement mostly on their own. Typically authorization rules involve restricting access to certain resources within your app. Ideally, such authorization rules can be just as simple to set up without writing a bunch of custom code. To that end, we're happy to announce the initial preview of URL Authorization Rules in App Service.
Configuration
In the initial preview, URL Authorization Rules are defined in an authorization.json file (if you prefer, we also support the YAML syntax inside an authorization.yaml file).  The feature is enabled automatically when you configure Easy Auth in the management portal and place either an authorization.json file or an authorization.yaml file in the D:\home\site\wwwroot directory of your App Service app. This means you can include the file in your app's source and easily deploy it via Git, Web Deploy, FTP, or any of the continuous deployment mechanisms supported by App Service. Here is the basic schema of the configuration file in the JSON syntax:
{
  "routes": [
    {
      "http_methods": [ "GET", "POST", "PUT", ... ],
      "path_prefix": "/some/url/prefix",
      "policies": {
        "unauthenticated_action": "AllowAnonymous|RedirectToLoginPage|RejectWith401|RejectWith404"
      }
    },
    ...
  ]
}