Azure AD身份驗證
[英]Azure AD authentication
問題描述
我正在嘗試將ASP.NET MVC應用程序從表單身份驗證遷移到Azure AD。 在本地它可以正常工作,但是當我部署到開發服務器時,出現此錯誤:
[InvalidOperationException: IDX10803: Unable to create to obtain configuration from: 'https://login.microsoftonline.com/mydomain.onmicrosoft.com/.well-known/openid-configuration'.]
這是啟動類:
public partial class Startup
{
private static readonly string clientId = ConfigurationManager.AppSettings["ida:ClientId"];
private static readonly string aadInstance = ConfigurationManager.AppSettings["ida:AADInstance"];
private static readonly string postLogoutRedirectUri = ConfigurationManager.AppSettings["ida:PostLogoutRedirectUri"];
private static readonly string redirectUri = ConfigurationManager.AppSettings["ida:RedirectUri"];
private static readonly string tenant = ConfigurationManager.AppSettings["ida:Tenant"];
private static readonly string domain = ConfigurationManager.AppSettings["ida:Domain"];
private static readonly string authority = string.Format(aadInstance, tenant);
public void ConfigureAuth(IAppBuilder app)
{
app.SetDefaultSignInAsAuthenticationType(CookieAuthenticationDefaults.AuthenticationType);
app.UseCookieAuthentication(new CookieAuthenticationOptions());
app.UseOpenIdConnectAuthentication(
new OpenIdConnectAuthenticationOptions
{
ClientId = clientId,
Authority = authority,
PostLogoutRedirectUri = postLogoutRedirectUri,
RedirectUri = redirectUri,
/*
* Skipping the Home Realm Discovery Page in Azure AD
* http://www.cloudidentity.com/blog/2014/11/17/skipping-the-home-realm-discovery-page-in-azure-ad/
*/
Notifications = new OpenIdConnectAuthenticationNotifications
{
RedirectToIdentityProvider = (context) =>
{
context.ProtocolMessage.DomainHint = domain;
return Task.FromResult(0);
}
}
});
}
}
如果我打開https://login.microsoftonline.com/mydomain.onmicrosoft.com/.well-known/openid-configuration鏈接,則會得到以下信息:
{"authorization_endpoint":"https://login.microsoftonline.com/58f6d2d3-81bd-40d7-872f-8e17475a8058/oauth2/authorize","token_endpoint":"https://login.microsoftonline.com/58f6d2d3-81bd-40d7-872f-8e17475a8058/oauth2/token","token_endpoint_auth_methods_supported":["client_secret_post","private_key_jwt"],"jwks_uri":"https://login.microsoftonline.com/common/discovery/keys","response_modes_supported":["query","fragment","form_post"],"subject_types_supported":["pairwise"],"id_token_signing_alg_values_supported":["RS256"],"response_types_supported":["code","id_token","code id_token","token id_token","token"],"scopes_supported":["openid"],"issuer":"https://sts.windows.net/58f6d2d3-81bd-40d7-872f-8e17475a8058/","claims_supported":["sub","iss","aud","exp","iat","auth_time","acr","amr","nonce","email","given_name","family_name","nickname"],"microsoft_multi_refresh_token":true,"check_session_iframe":"https://login.microsoftonline.com/58f6d2d3-81bd-40d7-872f-8e17475a8058/oauth2/checksession","end_session_endpoint":"https://login.microsoftonline.com/58f6d2d3-81bd-40d7-872f-8e17475a8058/oauth2/logout","userinfo_endpoint":"https://login.microsoftonline.com/58f6d2d3-81bd-40d7-872f-8e17475a8058/openid/userinfo"}
1 個解決方案
解決方案1
0 已采納 2015-11-30 20:30:49
看來問題出在防火牆設置。
Azure AD集成身份驗證
聲明:本站的技術帖子網頁,遵循CC BY-SA 4.0協議,如果您需要轉載,請注明本站網址或者原文地址。任何問題請咨詢:yoyou2525@163.com.