获取远程端点的令牌时，ADAL js在IE中不起作用 [英] ADAL js does not work in IE when acquiring token for remote endpoint

问题描述

ADAL.js在获取远程端点的令牌时无法在IE中工作。样本 https://github.com/AzureADSamples/SinglePageApp-WebAPI-AngularJS-DotNet 建议取消注释代码行： cacheLocation：'localStorage'，//为IE启用此功能，因为sessionStorage对于本地主机不起作用。但这显然无济于事。在IE和Chrome中并行运行应用程序。 Chrome可以正常运行。 IE将此错误记录到控制台：

ADAL.js does not work in IE when acquiring token for remote endpoint. The sample "https://github.com/AzureADSamples/SinglePageApp-WebAPI-AngularJS-DotNet" suggests to uncomment line of code: "cacheLocation: 'localStorage', // enable this for IE, as sessionStorage does not work for localhost." But apparently it doesn't help. Running the application side by side in IE and Chrome. Chrome works just fine. IE logs this error to console:

错误：login_required
错误描述：AADSTS50058：未提供用户帐户标识符。

Error :login_required Error description:AADSTS50058: User account identifier is not provided.

同样，仅当ADAL尝试获取远程端点的令牌（某些其他WebAPI-已注册且可以正常工作）时，才有这种情况。我创建并发布了 https://github.com/AzureADSamples/SinglePageApp-WebAPI -AngularJS-DotNet / issues / 3 ，但也许有人可以在社区中提出一些答案。希望我不会在这里遗漏一些真正明显的东西。

Again, this is only the case when ADAL is trying to acquire a token for a remote endpoint (some other WebAPI - which is registered and working fine). I created and issue https://github.com/AzureADSamples/SinglePageApp-WebAPI-AngularJS-DotNet/issues/3, but maybe someone can suggest some answers in the community. Hopefully, I am not missing something really obvious here.

尽管应用程序（客户端和webapi）已在Azure AD中正确注册（chrome可以正常工作），所有这些操作都在localhost完成

All of this is done for localhost, though apps (client and webapi) are properly registered in Azure AD (chrome works fine)

任何帮助将不胜感激，
谢谢

Any help would be greatly appreciated, Thanks

谢谢

推荐答案

Adal.js使用iframe来获取SPA自身后端以外资源的CORS API令牌。 iframe请求需要访问浏览器的Cookie才能通过AAD进行身份验证并获取访问令牌。当您从IE在localhost中运行时，将无法访问Cookie。您需要完全限定的域名，例如 http://test.azurewebsite.com ，才能从IE中的iframe访问Cookie。示例说明了将应用程序部署到Azure网站的步骤。您可以按照这些内容测试IE。 Chrome浏览器没有此限制。

Adal.js uses iframes to get CORS API tokens for resources other than the SPA's own backend. Iframe request needs to access the browser's cookies to authenticate with AAD and get the access token. Cookies are not accessible when you run in localhost from IE. You need fully qualified domain name like http://test.azurewebsite.com to access cookies from iframe in IE. Sample explains the steps to deploy your app to Azure websites. You can follow those to test for IE. Chrome does not have this restriction.

这篇关于获取远程端点的令牌时，ADAL js在IE中不起作用的文章就介绍到这了，希望我们推荐的答案对大家有所帮助，也希望大家多多支持IT屋！