gpt4 book ai didi

azure - 未为受 Azure Active Directory 保护的 Azure WebApp 调用 OpenIdConnectAuthenticationNotifications.AuthorizationCodeReceived 事件

转载 作者:行者123 更新时间:2023-12-02 07:37:10 25 4
gpt4 key购买 nike

我的 MVC WebApp 已部署到 Azure Paas 并使用 Azure AD 进行保护。身份验证设置使用下面的示例代码作为基础,它在本地主机中使用 IISExpress 或 IIS 运行。

https://github.com/Azure-Samples/active-directory-dotnet-webapp-webapi-openidconnect

但部署到 Azure 后无法正常工作。即使用户能够正确进行身份验证,也永远不会调用 AuthorizationCodeReceived 委托(delegate)。

这是设置身份验证的启动代码:

void ConfigureAuth(IAppBuilder app,  Container container) {
_log.Debug("Configuring Azure Authentication");

AzureActiveDirectoryAppSetting setting = container.GetInstance<IAzureActiveDirectoryAppSettingFactory>().Get();
app.SetDefaultSignInAsAuthenticationType(CookieAuthenticationDefaults.AuthenticationType);
app.UseCookieAuthentication(new CookieAuthenticationOptions());
app.UseOpenIdConnectAuthentication(
new OpenIdConnectAuthenticationOptions() {
ClientId = setting.ClientID,
Authority = setting.Authority,
PostLogoutRedirectUri = setting.PostLogoutRedirectUrl,
RedirectUri = setting.ReplyUrl,
Notifications = new OpenIdConnectAuthenticationNotifications() {
AuthorizationCodeReceived = new Func<Microsoft.Owin.Security.Notifications.AuthorizationCodeReceivedNotification, System.Threading.Tasks.Task>(args => OnAuthorizationCodeReceived(args, container)),
AuthenticationFailed = new Func<Microsoft.Owin.Security.Notifications.AuthenticationFailedNotification<OpenIdConnectMessage, OpenIdConnectAuthenticationOptions>, System.Threading.Tasks.Task>(OnAuthorizationFailed),
}
}
);
}

System.Threading.Tasks.Task OnAuthorizationFailed(Microsoft.Owin.Security.Notifications.AuthenticationFailedNotification<OpenIdConnectMessage, OpenIdConnectAuthenticationOptions> args) {
_log.Error("Authorization Failed");
return System.Threading.Tasks.Task.FromResult<string>(null);
}
System.Threading.Tasks.Task OnAuthorizationCodeReceived(Microsoft.Owin.Security.Notifications.AuthorizationCodeReceivedNotification args, Container container) {
_log.Debug("Authorization Code Received");
var auth = container.GetInstance<IClaimsBasedAuthentication>();
return auth.ReceiveSecurityClaim(args.Code, args.AuthenticationTicket.Identity, HttpContext.Current);
}

这是来自 Azure 的跟踪。如您所见,身份验证成功,但找不到“授权失败”或“已收到授权码”跟踪信息。第一个错误来自 AcquireTokenSilentAsync 调用。它失败了,因为 token 一开始就没有缓存。

感谢任何帮助。谢谢!

- 2017-06-10T22:18:59  PID[7692] Verbose     Albatross.Security.AzureADOpenIDAuthentication:AzureADOpenIDAuthentication Created
- 2017-06-10T22:18:59 PID[7692] Information Albatross.Web.App_Start.Startup:Web App Configuration
- 2017-06-10T22:18:59 PID[7692] Information Albatross.Web.App_Start.Startup:All areas registered
- 2017-06-10T22:18:59 PID[7692] Information Albatross.Web.App_Start.Startup:Routes registered
- 2017-06-10T22:18:59 PID[7692] Information Albatross.Web.App_Start.Startup:Bundles registered
- 2017-06-10T22:18:59 PID[7692] Verbose Albatross.Web.App_Start.Startup:Configuring Azure Authentication
- 2017-06-10T22:18:59 PID[7692] Verbose Albatross.Web.App_Start.Startup:ClientID:xxx
- 2017-06-10T22:18:59 PID[7692] Verbose Albatross.Web.App_Start.Startup:Authority:https://login.microsoftonline.com/rushuioutlook.onmicrosoft.com
- 2017-06-10T22:18:59 PID[7692] Verbose Albatross.Web.App_Start.Startup:PostLogoutRedirectUrl:https://albatrossweb.azurewebsites.net/.auth/login/aad/callback/
- 2017-06-10T22:18:59 PID[7692] Verbose Albatross.Web.App_Start.Startup:ReplyUrl:https://albatrossweb.azurewebsites.net/.auth/login/aad/callback/
- 2017-06-10T22:18:59 PID[7692] Verbose Albatross.Web.App_Start.Startup:Tenant:rushuioutlook.onmicrosoft.com
- 2017-06-10T22:19:00 PID[7692] Verbose Received request: GET http://albatrossweb.azurewebsites.net/
- 2017-06-10T22:19:00 PID[7692] Information Redirecting: https://albatrossweb.azurewebsites.net/
- 2017-06-10T22:19:00 PID[7692] Verbose Received request: GET https://albatrossweb.azurewebsites.net/
- 2017-06-10T22:19:00 PID[7692] Information Redirecting: https://login.windows.net/25dd3578-72e5-4b70-a97b-3cc94f9d69cc/oauth2/authorize?response_type=code+id_token&redirect_uri=https%3A%2F%2Falbatrossweb.azurewebsites.net%2F.auth%2Flogin%2Faad%2Fcallback&client_id=40ca9b08-b857-4307-9ba3-5815031e9ddf&scope=openid+profile+email&response_mode=form_post&nonce=4a0abda18cf6448fb5b8095efb546871_- 20170610222400&state=redir%3D%252F
- 2017-06-10T22:19:29 PID[7692] Verbose Received request: POST https://albatrossweb.azurewebsites.net/.auth/login/aad/callback
- 2017-06-10T22:19:29 PID[7692] Verbose JWT validation succeeded. Subject: 'iit96kJ_mJn8Qt0f3kKAZm3qFKMGR2BMjVEnI45JBRc', Issuer: 'https://sts.windows.net/25dd3578-72e5-4b70-a97b-3cc94f9d69cc/'.
- 2017-06-10T22:19:29 PID[7692] Verbose Calling into external HTTP endpoint POST https://login.windows.net/25dd3578-72e5-4b70-a97b-3cc94f9d69cc/oauth2/token.
- 2017-06-10T22:19:29 PID[7692] Information Login completed for '<a href="https://stackoverflow.com/cdn-cgi/l/email-protection" class="__cf_email__" data-cfemail="11746579707f516364627964787e64657d7e7e7a3f7e7f7c7872637e627e77653f727e7c" rel="noreferrer noopener nofollow">[email protected]</a>'. Provider: 'aad'.
- 2017-06-10T22:19:29 PID[7692] Verbose Writing 'AppServiceAuthSession' cookie for site 'albatrossweb.azurewebsites.net'. Length: 940.
- 2017-06-10T22:19:29 PID[7692] Information Redirecting: https://albatrossweb.azurewebsites.net/
- 2017-06-10T22:19:31 PID[7692] Verbose Received request: GET https://albatrossweb.azurewebsites.net/
- 2017-06-10T22:19:31 PID[7692] Verbose Found 'AppServiceAuthSession' cookie for site 'albatrossweb.azurewebsites.net'. Length: 940.
- 2017-06-10T22:19:31 PID[7692] Verbose Authenticated <a href="https://stackoverflow.com/cdn-cgi/l/email-protection" class="__cf_email__" data-cfemail="93f6e7fbf2fdd3e1e6e0fbe6fafce6e7fffcfcf8bdfcfdfefaf0e1fce0fcf5e7bdf0fcfe" rel="noreferrer noopener nofollow">[email protected]</a> successfully using 'Session Cookie' authentication.
- 2017-06-10T22:19:31 PID[7692] Verbose [Routes(Preview)] No authorization configuration was found.
- 2017-06-10T22:19:33 PID[7692] Error Albatross.Web.Controllers.ServiceController:Microsoft.IdentityModel.Clients.ActiveDirectory.AdalSilentTokenAcquisitionException: Failed to acquire token silently as no token was found in the cache. Call method AcquireToken

编辑以澄清标记的答案:

正如 Nan Yu 所说,当启用“身份验证/授权”功能时,可能会重复出现此问题。工作设置如下图所示。

  1. 确保“应用服务身份验证”已开启
  2. 请求未经身份验证时采取的操作:允许匿名请求(无操作)这就是我被困了一个月的原因。我在“使用 Azure Active Directory 登录”中看到了此内容
  3. 正确配置 Azure Active Directory。您可以在教程中找到此信息。 Azure Active Directory Setup

最佳答案

根据回复网址:https://albatrossweb.azurewebsites.net/.auth/login/aad/callback/ ,看来您启用了azure应用程序服务的“身份验证/授权”功能。我可以重现,如果我启用“身份验证/授权”功能,在这种情况下,简单的身份验证将接管身份验证过程。如果您启用了应用服务的“身份验证/授权”,请尝试禁用它并重试。

关于azure - 未为受 Azure Active Directory 保护的 Azure WebApp 调用 OpenIdConnectAuthenticationNotifications.AuthorizationCodeReceived 事件,我们在Stack Overflow上找到一个类似的问题: https://stackoverflow.com/questions/44509409/

25 4 0
Copyright 2021 - 2024 cfsdn All Rights Reserved 蜀ICP备2022000587号
广告合作:1813099741@qq.com 6ren.com