Using Azure Active Directory - one application to login locally and when published(使用 Azure Active Directory - 一个应用程序在本地登录并在发布时登录)
问题描述
我正在使用 Azure Active Directory 身份验证构建 MVC 应用程序.当我在本地开发时,我希望能够登录以进行测试/开发.应用 url 类似于 http://localhost:43400.这也在 Sign-On Url 和 Reply Url 中的 AD 应用程序中进行了编码.
当我将同一个应用程序部署到服务器时,应用程序 url 发生了变化 - 变成类似于 myappname.azurewebsites.net 的东西,我无法使用同一个 AD 应用程序登录.我能做到的最好的办法是通过登录过程,但随后 AD 将我重定向回 localhost:43400 这是错误的.
Startup.Auth.cs 中有 PostLogoutRedirectUri 属性,我提供给应用程序,但它根本没有区别.
有什么方法可以让本地应用程序和部署的应用程序使用同一个 Azure AD?
我可以使用不同的 url 和键执行 2 个 AD 应用程序,并在部署时重写 web.config 中的值.但这听起来不是最好的解决方案.我还能做什么?
UPD
这是我在 Startup.Auth.cs 中所指的位:
app.UseOpenIdConnectAuthentication(新的 OpenIdConnectAuthenticationOptions{客户 ID = 客户 ID,权威=权威,PostLogoutRedirectUri = postLogoutRedirectUri,//<-- 这是来自 web.config,在 dev 和 prod 中不同通知 = 新 OpenIdConnectAuthenticationNotifications(){......}});查看完整的代码清单
但 AD 仅使用其中一个地址进行重定向,即使客户端指定了与其中一个记录匹配的重定向.
您可以向您的应用添加多个重定向 uri,这就是该属性被实现为列表的原因!您只需要确保指定在运行时使用哪个 URI.您可以通过多种方式做到这一点 - 您可以在中间件初始化时指定返回 URI,或者您可以添加将在登录消息中注入重定向 URI 的动态代码.有关后一种方法的示例,请参阅 https://github.com/AzureADSamples/WebApp-MultiTenant-OpenIdConnect-DotNet/blob/master/TodoListWebApp/App_Start/Startup.Auth.cs
I'm building an MVC application with Azure Active Directory authentication. When I develop locally I would like to be able to sign-in for testing/development purposes. And the app url is like http://localhost:43400. This is also encoded in the AD application in Sign-On Url and Reply Url.
When I deploy the same app to the server, the app url is changed - becomes something like myappname.azurewebsites.net and I can't login using the same AD application. The best I could manage is to get through login process, but then AD redirects me back to localhost:43400 which is wrong.
There is PostLogoutRedirectUri property in Startup.Auth.cs that I give to the app, but it makes no difference at all.
Any way to have local application and deployed application using the same Azure AD?
I can do 2 AD Applicaitons with different urls and keys and rewrite the values in web.config on deploy. But that does not sound like the best solution. Anything else I can do?
UPD
Here is the bit I'm referring to in Startup.Auth.cs:
app.UseOpenIdConnectAuthentication(
new OpenIdConnectAuthenticationOptions
{
ClientId = clientId,
Authority = Authority,
PostLogoutRedirectUri = postLogoutRedirectUri, // <-- this is coming from web.config, different in dev and prod
Notifications = new OpenIdConnectAuthenticationNotifications()
{
.....
}
});
See full code listing here.
And in Azure AD application I tried both addresses as a Reply URL at the same time:
But the AD used only one of the addresses to redirect, even though the client specified the redirection that matches one of the records.
You can add multiple redirect uri to your app, that's why the property is implemented as a list! You just need to make sure that you specify which URI to use at runtime. You can do that in many ways - you can specify the return URI at middleware init time, or you can add dynamic code that will inject a redirect URI in the sign in message. For an example of the latter approach, please see RedirectToIdentityProvider in https://github.com/AzureADSamples/WebApp-MultiTenant-OpenIdConnect-DotNet/blob/master/TodoListWebApp/App_Start/Startup.Auth.cs
这篇关于使用 Azure Active Directory - 一个应用程序在本地登录并在发布时登录的文章就介绍到这了,希望我们推荐的答案对大家有所帮助,也希望大家多多支持编程学习网!
本文标题为:使用 Azure Active Directory - 一个应用程序在本地登录
- WebMatrix WebSecurity PasswordSalt 2022-01-01
- C# 中多线程网络服务器的模式 2022-01-01
- 如何用自己压缩一个 IEnumerable 2022-01-01
- 输入按键事件处理程序 2022-01-01
- 带有服务/守护程序应用程序的 Microsoft Graph CSharp SDK 和 OneDrive for Business - 配额方面返回 null 2022-01-01
- MoreLinq maxBy vs LINQ max + where 2022-01-01
- C#MongoDB使用Builders查找派生对象 2022-09-04
- Web Api 中的 Swagger .netcore 3.1,使用 swagger UI 设置日期时间格式 2022-01-01
- 良好实践:如何重用 .csproj 和 .sln 文件来为 CI 创建 2022-01-01
- 在哪里可以找到使用中的C#/XML文档注释的好例子? 2022-01-01
