gpt4 book ai didi

c# - Azure AD 未在 .NET Core 3.1 中进行身份验证

转载 作者:行者123 更新时间:2023-12-04 00:01:28 25 4
gpt4 key购买 nike

我正在尝试让 Azure AD 在现有应用程序中运行。我已按照说明进行操作并查看了 Microsoft 网站 ( https://learn.microsoft.com/en-us/azure/active-directory/develop/quickstart-v2-aspnet-core-webapp ) 中的示例代码,但没有成功。示例代码使用.NET Core 2.1。我可以让它与 .NET Core 2.1 一起工作,但 3.1 由于几个原因而感到不舒服。

  1. 与示例代码相比,需要将 EnableEndpointRouting 设置为 false。
  2. 与示例代码相比,我尝试删除 AddMvc 上设置的兼容性版本,并尝试将其设置为 3.0。

当我在 .NET Core 3.1 中运行它时,它所做的只是加载页面,并且从不调用/执行身份验证,并且表现得就像 Controller 上没有 Authorize 标记一样。

我在 Controller 的类级别上有一个授权标签。

启动.cs:

...
services.Configure<CookiePolicyOptions>(options =>
{
options.CheckConsentNeeded = context => true;
options.MinimumSameSitePolicy = SameSiteMode.None;
});

services.AddAuthentication(AzureADDefaults.AuthenticationScheme)
.AddAzureAD(options => Configuration.Bind("AzureAd", options));

services.Configure<OpenIdConnectOptions>(AzureADDefaults.OpenIdScheme, options =>
{
options.Authority = options.Authority + "/v2.0/";
options.TokenValidationParameters.ValidateIssuer = false;
});

services.AddMvc(options =>
{
var policy = new AuthorizationPolicyBuilder()
.RequireAuthenticatedUser()
.Build();
options.Filters.Add(new AuthorizeFilter(policy));
options.EnableEndpointRouting = false;
});

然后在下面的配置功能中:

...
app.UseHttpsRedirection();
app.UseStaticFiles();
app.UseCookiePolicy();

app.UseAuthentication();

app.UseMvc(routes =>
{
routes.MapRoute(
name: "default",
template: "{controller=Home}/{action=Index}/{id?}");
});

然后在我的 appsettings.json 中我有:

{
"AzureAd": {
"Instance": "https://login.microsoftonline.com/",
"Domain": "domain.onmicrosoft.com",
"TenantId": "guid",
"ClientId": "guid",
"CallbackPath": "/signin-oidc"
},
...

我的问题是为什么它会将请求视为未经身份验证?我还尝试使用 UseAuthentication 下面的 UseAuthorization。

谢谢!

最佳答案

根据我的测试,如果您想为.net core 3.1 Web应用配置Azure AD,请引用以下步骤

  1. Register Azure AD web application

  2. 配置应用程序

    a.安装 SDK Microsoft.AspNetCore.Authentication.AzureAD.UI

     <Project Sdk="Microsoft.NET.Sdk.Web">

<PropertyGroup>
<TargetFramework>netcoreapp3.1</TargetFramework>
</PropertyGroup>

<ItemGroup>
<PackageReference Include="Microsoft.AspNetCore.Authentication.AzureAD.UI" Version="3.1.1" />
</ItemGroup>

</Project>

b.更新appsettings.json

      "AzureAd": {
"Instance": "https://login.microsoftonline.com/",
"Domain": "domain.onmicrosoft.com",
"TenantId": "guid",
"ClientId": "guid",
"CallbackPath": "/signin-oidc"
},
...

c.更新startup.cs

  • ConfigureServices函数中添加以下代码

    public void ConfigureServices(IServiceCollection services)
    {
    services.Configure<CookiePolicyOptions>(options =>
    {

    options.CheckConsentNeeded = context => true;
    options.MinimumSameSitePolicy = SameSiteMode.Unspecified;

    });
    services.AddAuthentication(AzureADDefaults.AuthenticationScheme)
    .AddAzureAD(options => Configuration.Bind("AzureAd", options));

    services.Configure<OpenIdConnectOptions>(AzureADDefaults.OpenIdScheme, options =>
    {
    options.Authority = options.Authority + "/v2.0/";
    options.TokenValidationParameters.ValidateIssuer = false;
    });
    services.AddControllersWithViews(options =>
    {
    var policy = new AuthorizationPolicyBuilder()
    .RequireAuthenticatedUser()
    .Build();
    options.Filters.Add(new AuthorizeFilter(policy));
    });
    services.AddRazorPages();
    }
  • Configure函数中添加以下代码

  public void Configure(IApplicationBuilder app, IWebHostEnvironment env)
{
...
app.UseHttpsRedirection();
app.UseStaticFiles();

app.UseRouting();

app.UseCookiePolicy();
app.UseAuthentication();
app.UseAuthorization();

app.UseEndpoints(endpoints =>
{
endpoints.MapControllerRoute(
name: "default",
pattern: "{controller=Home}/{action=Index}/{id?}");
});
}

enter image description here

更多详情请引用sample

关于c# - Azure AD 未在 .NET Core 3.1 中进行身份验证,我们在Stack Overflow上找到一个类似的问题: https://stackoverflow.com/questions/60512882/

25 4 0
Copyright 2021 - 2024 cfsdn All Rights Reserved 蜀ICP备2022000587号
广告合作:1813099741@qq.com 6ren.com