向我們的 Web 應用程序發送匿名請求

Question

Azure 應用服務身份驗證/授權使向我們的應用服務應用程序添加“Azure AD 身份驗證”變得非常容易。 但是我們配置后發現，一旦用戶訪問主頁（例如https://xxx.azurewebsites.net/ ），它就會要求用戶進行 AD auth。 這不是我們想要的。 我們想向我的網站添加一些不需要身份驗證的 URL

Answer 1

您需要設置應用服務身份驗證以允許匿名請求，如下定義： https : //docs.microsoft.com/en-us/azure/app-service/overview-authentication-authorization#allow-only-authenticated -請求。

以這種方式限制訪問適用於對您的應用程序的所有調用，這對於需要公開主頁的應用程序而言可能並不理想，就像在許多單頁應用程序中一樣。

要在需要時觸發登錄，請添加指向您的應用的鏈接或重定向，如下定義： https : //docs.microsoft.com/en-us/azure/app-service/app-service-authentication-how-to#use - 多個登錄提供商。

<a href="/.auth/login/aad">Log in with Azure AD</a>
<a href="/.auth/login/microsoftaccount">Log in with Microsoft Account</a>
<a href="/.auth/login/facebook">Log in with Facebook</a>
<a href="/.auth/login/google">Log in with Google</a>
<a href="/.auth/login/twitter">Log in with Twitter</a>

您還需要在后端將授權檢查添加到應該對用戶進行身份驗證的位置。

Answer 2

根據我的研究，我們可以使用 URL 授權規則向您的站點添加一些不需要身份驗證的 URL。 更多詳情請參考https://azure.github.io/AppService/2016/11/17/URL-Authorization-Rules.html 。

例如：

URL Authorization Rules
 7 minute read
Chris Gillum (MSFT) 11/17/2016 3:40:36 PM
One of the goals of Azure App Service Authentication / Authorization is to make it very easy to add "auth" to your App Service apps (which is why we often refer to it as Easy Auth). Most of our investments so far have been focused on creating a streamlined authentication setup experience. However, up until now authorization was something developers had to implement mostly on their own. Typically authorization rules involve restricting access to certain resources within your app. Ideally, such authorization rules can be just as simple to set up without writing a bunch of custom code. To that end, we're happy to announce the initial preview of URL Authorization Rules in App Service.
Configuration
In the initial preview, URL Authorization Rules are defined in an authorization.json file (if you prefer, we also support the YAML syntax inside an authorization.yaml file).  The feature is enabled automatically when you configure Easy Auth in the management portal and place either an authorization.json file or an authorization.yaml file in the D:\home\site\wwwroot directory of your App Service app. This means you can include the file in your app's source and easily deploy it via Git, Web Deploy, FTP, or any of the continuous deployment mechanisms supported by App Service. Here is the basic schema of the configuration file in the JSON syntax:
{
  "routes": [
    {
      "http_methods": [ "GET", "POST", "PUT", ... ],
      "path_prefix": "/some/url/prefix",
      "policies": {
        "unauthenticated_action": "AllowAnonymous|RedirectToLoginPage|RejectWith401|RejectWith404"
      }
    },
    ...
  ]
}