[英]ASP.NET Core 3.1 Azure AD Authentication throws OptionsValidationException
我正在尝试使用 Azure Active Directory 来处理 Web 应用程序上的身份验证。 但是,当我尝试使用AuthorizeAttribute执行操作时,应用程序会抛出OptionsValidationException 。 出现以下错误:
Microsoft.Extensions.Options.OptionsValidationException: The 'Instance' option must be provided.
at Microsoft.Extensions.Options.OptionsFactory`1.Create(String name)
at Microsoft.Extensions.Options.OptionsMonitor`1.<>c__DisplayClass11_0.<Get>b__0()
at System.Lazy`1.ViaFactory(LazyThreadSafetyMode mode)
at System.Lazy`1.ExecutionAndPublication(LazyHelper executionAndPublication, Boolean useDefaultConstructor)
at System.Lazy`1.CreateValue()
at System.Lazy`1.get_Value()
at Microsoft.Extensions.Options.OptionsCache`1.GetOrAdd(String name, Func`1 createOptions)
at Microsoft.Extensions.Options.OptionsMonitor`1.Get(String name)
at Microsoft.AspNetCore.Authentication.AzureAD.UI.AzureADOpenIdConnectOptionsConfiguration.Configure(String name, OpenIdConnectOptions options)
at Microsoft.Extensions.Options.OptionsFactory`1.Create(String name)
at Microsoft.Extensions.Options.OptionsMonitor`1.<>c__DisplayClass11_0.<Get>b__0()
at System.Lazy`1.ViaFactory(LazyThreadSafetyMode mode)
at System.Lazy`1.ExecutionAndPublication(LazyHelper executionAndPublication, Boolean useDefaultConstructor)
at System.Lazy`1.CreateValue()
at System.Lazy`1.get_Value()
at Microsoft.Extensions.Options.OptionsCache`1.GetOrAdd(String name, Func`1 createOptions)
at Microsoft.Extensions.Options.OptionsMonitor`1.Get(String name)
at Microsoft.AspNetCore.Authentication.AuthenticationHandler`1.InitializeAsync(AuthenticationScheme scheme, HttpContext context)
at Microsoft.AspNetCore.Authentication.AuthenticationHandlerProvider.GetHandlerAsync(HttpContext context, String authenticationScheme)
at Microsoft.AspNetCore.Authentication.AuthenticationService.ChallengeAsync(HttpContext context, String scheme, AuthenticationProperties properties)
at Microsoft.AspNetCore.Authentication.AuthenticationHandler`1.ChallengeAsync(AuthenticationProperties properties)
at Microsoft.AspNetCore.Authentication.AuthenticationService.ChallengeAsync(HttpContext context, String scheme, AuthenticationProperties properties)
at Microsoft.AspNetCore.Authorization.AuthorizationMiddleware.Invoke(HttpContext context)
at Microsoft.AspNetCore.Diagnostics.DeveloperExceptionPageMiddleware.Invoke(HttpContext context)
我无法弄清楚是什么导致了这种情况。 这是代码:
添加对Microsoft.AspNetCore.Authentication.AzureAD.UI版本 3.1.1 的包引用。
public void ConfigureServices(IServiceCollection services)
{
services.AddAuthentication(defaultScheme: AzureADDefaults.AuthenticationScheme)
.AddAzureAD(options =>
{
options.ClientId = "<client_id_goes_here>";
options.TenantId = "<tenant_id_goes_here>";
});
services.AddControllers();
}
public void Configure(IApplicationBuilder app, IWebHostEnvironment env)
{
app.UseDeveloperExceptionPage();
app.UseRouting();
app.UseAuthorization();
app.UseEndpoints(endpoints => endpoints.MapControllers());
}
仅使用一个控制器。
public class HomeController : Controller
{
[Route("")]
[AllowAnonymous]
public string Index() => "Hello Anonymous User!";
[Route("restricted")]
[Authorize]
public string Restricted() => $"Hello, {User.Identity.Name}.";
}
当您运行应用程序并点击 Index 操作时,您将获得异常输出:
Hello Anonymous User!
当您命中/restricted端点时,将引发异常。
你没有提供 Azure AD 身份验证中Microsoft.AspNetCore.Authentication.AzureAD.UI所需的几个配置,例如Instance 、 CallbackPath 。 您可以修改您的代码如下:
services.AddAuthentication(AzureADDefaults.AuthenticationScheme)
.AddAzureAD(options => Configuration.Bind("AzureAd", options));
然后在appsettings.json ,添加 bleow 配置:
"AzureAd": {
"Instance": "https://login.microsoftonline.com/",
"Domain": "xxxx.onmicrosoft.com",
"TenantId": "xxxxxx-a2dd-4fde-bf8f-f75ab18b21ac",
"ClientId": "xxxxxxxxx-a9bb-4722-b615-6dcbdc646326",
"CallbackPath": "/signin-oidc"
},
当然,您应该在 Azure 门户中提供真实的 domian/tenant/clientid 并在门户中注册https://localhost:xxx/signin-oidc作为重定向 url。
另一种方法是使用 Azure AD 身份验证模板:新建 ASP.NET Core 应用程序 --> 选择 MVC/Razor 模板 --> 更改身份验证 --> 工作或学校帐户 --> 选择您的租户,模板将帮助配置您的应用程序实现 Azure AD 身份验证。
我的项目遇到了同样的错误。 我发现客户端 ID 没有作为 Azure DevOps Pipeline 部署的一部分注入到 Appsettings 变量中。 因此,Kubernetes pod 缺少 Azure AD 变量。 调整 Azure Devops 中的 secrets.yaml 解决了这个问题。
ASP.NET MVC Core 3.1 中的自定义用户数据与 Azure AD 身份验证?
[英]Custom User data in ASP.NET MVC Core 3.1 with Azure AD Authentication?
ASP.NET Core 3.1 + Azure AD 身份验证 - 如何披露“隐藏的电子邮件”
[英]ASP.NET Core 3.1 + Azure AD Authentication - How to disclose “hidden email”
ASP.NET 内核6:允许Azure AD认证和本地认证
[英]ASP.NET Core 6 : permit Azure AD authentication and local authentication
ASP.NET CORE 3.1:Azure AD 身份验证在 EDGE 中失败。 身份验证期间无限重定向循环和页面重新加载
[英]ASP.NET CORE 3.1: Azure AD Authentication fails in EDGE. Infinite redirect loops and page reloads during authentication
Azure AD 身份验证对现有 ASP.NET 核心身份应用程序
[英]Azure AD authentication to existing ASP.NET Core Identity application
Azure AD 身份验证与 ASP.Net Core 6 中的自定义授权
[英]Azure AD Authentication with Custom Authorization in ASP.Net Core 6
使用来自 Azure AD 的承载令牌保护 ASP.Net Core 3.1 API
[英]Secure ASP.Net Core 3.1 API with Bearer Tokens from Azure AD
ASP.NET Core 3.1 如何使用 Azure AD B2C 返回 401 Unauthorized 而不是 Challenge
[英]ASP.NET Core 3.1 how to return 401 Unauthorized instead of Challenge with Azure AD B2C
声明:本站的技术帖子网页,遵循CC BY-SA 4.0协议,如果您需要转载,请注明本站网址或者原文地址。任何问题请咨询:yoyou2525@163.com.