問題描述
我正在使用 Azure Active Directory 身份驗證構建 MVC 應用程序.當我在本地開發時,我希望能夠登錄以進行測試/開發.應用 url 類似于 http://localhost:43400.這也在 Sign-On Url 和 Reply Url 中的 AD 應用程序中進行了編碼.
當我將同一個應用程序部署到服務器時,應用程序 url 發生了變化 - 變成類似于 myappname.azurewebsites.net 的東西,我無法使用同一個 AD 應用程序登錄.我能做到的最好的辦法是通過登錄過程,但隨后 AD 將我重定向回 localhost:43400 這是錯誤的.
Startup.Auth.cs 中有 PostLogoutRedirectUri 屬性,我提供給應用程序,但它根本沒有區別.
有什么方法可以讓本地應用程序和部署的應用程序使用同一個 Azure AD?
我可以使用不同的 url 和鍵執行 2 個 AD 應用程序,并在部署時重寫 web.config 中的值.但這聽起來不是最好的解決方案.我還能做什么?
UPD
這是我在 Startup.Auth.cs 中所指的位:
app.UseOpenIdConnectAuthentication(新的 OpenIdConnectAuthenticationOptions{客戶 ID = 客戶 ID,權威=權威,PostLogoutRedirectUri = postLogoutRedirectUri,//<-- 這是來自 web.config,在 dev 和 prod 中不同通知 = 新 OpenIdConnectAuthenticationNotifications(){......}});查看完整的代碼清單
但 AD 僅使用其中一個地址進行重定向,即使客戶端指定了與其中一個記錄匹配的重定向.
您可以向您的應用添加多個重定向 uri,這就是該屬性被實現為列表的原因!您只需要確保指定在運行時使用哪個 URI.您可以通過多種方式做到這一點 - 您可以在中間件初始化時指定返回 URI,或者您可以添加將在登錄消息中注入重定向 URI 的動態代碼.有關后一種方法的示例,請參閱 https://github.com/AzureADSamples/WebApp-MultiTenant-OpenIdConnect-DotNet/blob/master/TodoListWebApp/App_Start/Startup.Auth.cs
I'm building an MVC application with Azure Active Directory authentication. When I develop locally I would like to be able to sign-in for testing/development purposes. And the app url is like http://localhost:43400. This is also encoded in the AD application in Sign-On Url and Reply Url.
When I deploy the same app to the server, the app url is changed - becomes something like myappname.azurewebsites.net and I can't login using the same AD application. The best I could manage is to get through login process, but then AD redirects me back to localhost:43400 which is wrong.
There is PostLogoutRedirectUri property in Startup.Auth.cs that I give to the app, but it makes no difference at all.
Any way to have local application and deployed application using the same Azure AD?
I can do 2 AD Applicaitons with different urls and keys and rewrite the values in web.config on deploy. But that does not sound like the best solution. Anything else I can do?
UPD
Here is the bit I'm referring to in Startup.Auth.cs:
app.UseOpenIdConnectAuthentication(
new OpenIdConnectAuthenticationOptions
{
ClientId = clientId,
Authority = Authority,
PostLogoutRedirectUri = postLogoutRedirectUri, // <-- this is coming from web.config, different in dev and prod
Notifications = new OpenIdConnectAuthenticationNotifications()
{
.....
}
});
See full code listing here.
And in Azure AD application I tried both addresses as a Reply URL at the same time:
But the AD used only one of the addresses to redirect, even though the client specified the redirection that matches one of the records.
You can add multiple redirect uri to your app, that's why the property is implemented as a list! You just need to make sure that you specify which URI to use at runtime. You can do that in many ways - you can specify the return URI at middleware init time, or you can add dynamic code that will inject a redirect URI in the sign in message. For an example of the latter approach, please see RedirectToIdentityProvider in https://github.com/AzureADSamples/WebApp-MultiTenant-OpenIdConnect-DotNet/blob/master/TodoListWebApp/App_Start/Startup.Auth.cs
這篇關于使用 Azure Active Directory - 一個應用程序在本地登錄并在發布時登錄的文章就介紹到這了,希望我們推薦的答案對大家有所幫助,也希望大家多多支持html5模板網!