- html - 出于某种原因,IE8 对我的 Sass 文件中继承的 html5 CSS 不友好?
- JMeter 在响应断言中使用 span 标签的问题
- html - 在 :hover and :active? 上具有不同效果的 CSS 动画
- html - 相对于居中的 html 内容固定的 CSS 重复背景?
我的 MVC WebApp 已部署到 Azure Paas 并使用 Azure AD 进行保护。身份验证设置使用下面的示例代码作为基础,它在本地主机中使用 IISExpress 或 IIS 运行。
https://github.com/Azure-Samples/active-directory-dotnet-webapp-webapi-openidconnect
但部署到 Azure 后无法正常工作。即使用户能够正确进行身份验证,也永远不会调用 AuthorizationCodeReceived 委托(delegate)。
这是设置身份验证的启动代码:
void ConfigureAuth(IAppBuilder app, Container container) {
_log.Debug("Configuring Azure Authentication");
AzureActiveDirectoryAppSetting setting = container.GetInstance<IAzureActiveDirectoryAppSettingFactory>().Get();
app.SetDefaultSignInAsAuthenticationType(CookieAuthenticationDefaults.AuthenticationType);
app.UseCookieAuthentication(new CookieAuthenticationOptions());
app.UseOpenIdConnectAuthentication(
new OpenIdConnectAuthenticationOptions() {
ClientId = setting.ClientID,
Authority = setting.Authority,
PostLogoutRedirectUri = setting.PostLogoutRedirectUrl,
RedirectUri = setting.ReplyUrl,
Notifications = new OpenIdConnectAuthenticationNotifications() {
AuthorizationCodeReceived = new Func<Microsoft.Owin.Security.Notifications.AuthorizationCodeReceivedNotification, System.Threading.Tasks.Task>(args => OnAuthorizationCodeReceived(args, container)),
AuthenticationFailed = new Func<Microsoft.Owin.Security.Notifications.AuthenticationFailedNotification<OpenIdConnectMessage, OpenIdConnectAuthenticationOptions>, System.Threading.Tasks.Task>(OnAuthorizationFailed),
}
}
);
}
System.Threading.Tasks.Task OnAuthorizationFailed(Microsoft.Owin.Security.Notifications.AuthenticationFailedNotification<OpenIdConnectMessage, OpenIdConnectAuthenticationOptions> args) {
_log.Error("Authorization Failed");
return System.Threading.Tasks.Task.FromResult<string>(null);
}
System.Threading.Tasks.Task OnAuthorizationCodeReceived(Microsoft.Owin.Security.Notifications.AuthorizationCodeReceivedNotification args, Container container) {
_log.Debug("Authorization Code Received");
var auth = container.GetInstance<IClaimsBasedAuthentication>();
return auth.ReceiveSecurityClaim(args.Code, args.AuthenticationTicket.Identity, HttpContext.Current);
}
这是来自 Azure 的跟踪。如您所见,身份验证成功,但找不到“授权失败”或“已收到授权码”跟踪信息。第一个错误来自 AcquireTokenSilentAsync 调用。它失败了,因为 token 一开始就没有缓存。
感谢任何帮助。谢谢!
- 2017-06-10T22:18:59 PID[7692] Verbose Albatross.Security.AzureADOpenIDAuthentication:AzureADOpenIDAuthentication Created
- 2017-06-10T22:18:59 PID[7692] Information Albatross.Web.App_Start.Startup:Web App Configuration
- 2017-06-10T22:18:59 PID[7692] Information Albatross.Web.App_Start.Startup:All areas registered
- 2017-06-10T22:18:59 PID[7692] Information Albatross.Web.App_Start.Startup:Routes registered
- 2017-06-10T22:18:59 PID[7692] Information Albatross.Web.App_Start.Startup:Bundles registered
- 2017-06-10T22:18:59 PID[7692] Verbose Albatross.Web.App_Start.Startup:Configuring Azure Authentication
- 2017-06-10T22:18:59 PID[7692] Verbose Albatross.Web.App_Start.Startup:ClientID:xxx
- 2017-06-10T22:18:59 PID[7692] Verbose Albatross.Web.App_Start.Startup:Authority:https://login.microsoftonline.com/rushuioutlook.onmicrosoft.com
- 2017-06-10T22:18:59 PID[7692] Verbose Albatross.Web.App_Start.Startup:PostLogoutRedirectUrl:https://albatrossweb.azurewebsites.net/.auth/login/aad/callback/
- 2017-06-10T22:18:59 PID[7692] Verbose Albatross.Web.App_Start.Startup:ReplyUrl:https://albatrossweb.azurewebsites.net/.auth/login/aad/callback/
- 2017-06-10T22:18:59 PID[7692] Verbose Albatross.Web.App_Start.Startup:Tenant:rushuioutlook.onmicrosoft.com
- 2017-06-10T22:19:00 PID[7692] Verbose Received request: GET http://albatrossweb.azurewebsites.net/
- 2017-06-10T22:19:00 PID[7692] Information Redirecting: https://albatrossweb.azurewebsites.net/
- 2017-06-10T22:19:00 PID[7692] Verbose Received request: GET https://albatrossweb.azurewebsites.net/
- 2017-06-10T22:19:00 PID[7692] Information Redirecting: https://login.windows.net/25dd3578-72e5-4b70-a97b-3cc94f9d69cc/oauth2/authorize?response_type=code+id_token&redirect_uri=https%3A%2F%2Falbatrossweb.azurewebsites.net%2F.auth%2Flogin%2Faad%2Fcallback&client_id=40ca9b08-b857-4307-9ba3-5815031e9ddf&scope=openid+profile+email&response_mode=form_post&nonce=4a0abda18cf6448fb5b8095efb546871_- 20170610222400&state=redir%3D%252F
- 2017-06-10T22:19:29 PID[7692] Verbose Received request: POST https://albatrossweb.azurewebsites.net/.auth/login/aad/callback
- 2017-06-10T22:19:29 PID[7692] Verbose JWT validation succeeded. Subject: 'iit96kJ_mJn8Qt0f3kKAZm3qFKMGR2BMjVEnI45JBRc', Issuer: 'https://sts.windows.net/25dd3578-72e5-4b70-a97b-3cc94f9d69cc/'.
- 2017-06-10T22:19:29 PID[7692] Verbose Calling into external HTTP endpoint POST https://login.windows.net/25dd3578-72e5-4b70-a97b-3cc94f9d69cc/oauth2/token.
- 2017-06-10T22:19:29 PID[7692] Information Login completed for '<a href="https://stackoverflow.com/cdn-cgi/l/email-protection" class="__cf_email__" data-cfemail="11746579707f516364627964787e64657d7e7e7a3f7e7f7c7872637e627e77653f727e7c" rel="noreferrer noopener nofollow">[email protected]</a>'. Provider: 'aad'.
- 2017-06-10T22:19:29 PID[7692] Verbose Writing 'AppServiceAuthSession' cookie for site 'albatrossweb.azurewebsites.net'. Length: 940.
- 2017-06-10T22:19:29 PID[7692] Information Redirecting: https://albatrossweb.azurewebsites.net/
- 2017-06-10T22:19:31 PID[7692] Verbose Received request: GET https://albatrossweb.azurewebsites.net/
- 2017-06-10T22:19:31 PID[7692] Verbose Found 'AppServiceAuthSession' cookie for site 'albatrossweb.azurewebsites.net'. Length: 940.
- 2017-06-10T22:19:31 PID[7692] Verbose Authenticated <a href="https://stackoverflow.com/cdn-cgi/l/email-protection" class="__cf_email__" data-cfemail="93f6e7fbf2fdd3e1e6e0fbe6fafce6e7fffcfcf8bdfcfdfefaf0e1fce0fcf5e7bdf0fcfe" rel="noreferrer noopener nofollow">[email protected]</a> successfully using 'Session Cookie' authentication.
- 2017-06-10T22:19:31 PID[7692] Verbose [Routes(Preview)] No authorization configuration was found.
- 2017-06-10T22:19:33 PID[7692] Error Albatross.Web.Controllers.ServiceController:Microsoft.IdentityModel.Clients.ActiveDirectory.AdalSilentTokenAcquisitionException: Failed to acquire token silently as no token was found in the cache. Call method AcquireToken
编辑以澄清标记的答案:
正如 Nan Yu 所说,当启用“身份验证/授权”功能时,可能会重复出现此问题。工作设置如下图所示。
最佳答案
根据回复网址:https://albatrossweb.azurewebsites.net/.auth/login/aad/callback/ ,看来您启用了azure应用程序服务的“身份验证/授权”功能。我可以重现,如果我启用“身份验证/授权”功能,在这种情况下,简单的身份验证将接管身份验证过程。如果您启用了应用服务的“身份验证/授权”,请尝试禁用它并重试。
关于azure - 未为受 Azure Active Directory 保护的 Azure WebApp 调用 OpenIdConnectAuthenticationNotifications.AuthorizationCodeReceived 事件,我们在Stack Overflow上找到一个类似的问题: https://stackoverflow.com/questions/44509409/
我正在尝试在 ASP.NET MVC 5(.Net Framework)应用程序中实现 OpenId Connect 中间件。 在我的 AccountController.cs 中,我发送 OpenI
我几乎已经配置好我的 OpenId owin authentication/authorization在Azure Active Directory 。我的配置如下: app.SetDefaultS
我的 MVC WebApp 已部署到 Azure Paas 并使用 Azure AD 进行保护。身份验证设置使用下面的示例代码作为基础,它在本地主机中使用 IISExpress 或 IIS 运行。 h
我的 MVC WebApp 已部署到 Azure Paas 并使用 Azure AD 进行保护。身份验证设置使用下面的示例代码作为基础,它在本地主机中使用 IISExpress 或 IIS 运行。 h
我是一名优秀的程序员,十分优秀!