结合使用ASP.Net Core 2 Identity和Azure Ad单租户身份验证 [英] Use ASP.Net Core 2 Identity with Azure Ad single tenant authentication

问题描述

对于一个我不了解的问题，我想从社区获得帮助. 我创建了asp.net core 2 Web应用程序，我希望将该应用程序配置为能够通过aspnetuser表或使用 O365公司帐户从该应用程序登录. 然后，我遵循了MSDN网站上包含的Web上描述的多种技术. 应用程序身份验证可以正常运行，但是Azure添加返回了:加载外部登录信息时出错. 我通过生成身份视图检查了代码内部，该应用程序在以下位置失败:

I would like to get help from community for one problem that I don't understand. I create asp.net core 2 web application and I would like to configure the app to be able to login from the app via aspnetuser table or by using O365 Company account. Then I followed multiple techniques described on the web included on MSDN website. The app authentication works fine but Azure add returned : Error loading external login information. I checked inside the code by generating identity views, the app failed on:

 var info = await _signInManager.GetExternalLoginInfoAsync();
        if (info == null)
        {
            ErrorMessage = "Error loading external login information.";
            return RedirectToPage("./Login", new { ReturnUrl = returnUrl });
        }

等待_signInManager.GetExternalLoginInfoAsync();返回null并返回错误消息.

await _signInManager.GetExternalLoginInfoAsync(); return null and return the error message.

该应用程序在azure AD中已正确配置，并且如果我从应用程序中删除身份验证，它也可以在我的应用程序中正常工作.

The application is correctly configured in azure AD and it work from my app if I remove the authentication from the app.

我将我的应用中间件配置如下:

I configured my app middlewares as follow:

public void ConfigureServices(IServiceCollection services)
    {
        services.Configure<CookiePolicyOptions>(options =>
        {
            // This lambda determines whether user consent for non-essential cookies is needed for a given request.
            options.CheckConsentNeeded = context => true;
            options.MinimumSameSitePolicy = SameSiteMode.None;
        });

        services.AddAuthentication(AzureADDefaults.AuthenticationScheme).AddCookie()
            .AddAzureAD(options => Configuration.Bind("AzureAd", options));
        services.Configure<OpenIdConnectOptions>(AzureADDefaults.OpenIdScheme, options =>
        {
            options.Authority = options.Authority + "/v2.0/";
            options.TokenValidationParameters.ValidateIssuer = true;
        });

在我添加的configure方法中

And in configure method I added

app.UseAuthentication();

当我到达登录屏幕应用程序(由VS支撑)时，一切似乎都正确:

When I arrive on my login screen app (scaffolded by VS) all seems correct:

具有两种可能的身份验证的登录屏幕:

Login screen with two possibilities for authentication]:

当我尝试Azure Active Directory方法时出现错误消息:

Error message when i try Azure Active Directory method:

有人可以解释并帮助我解决这个问题吗?

Can someone explain and help me to solve this problem?

预先感谢

推荐答案

解决方案是将cookieschemename添加为externalscheme.下面是Startup.cs文件中的示例代码块.

The solution is to add cookieschemename as externalscheme. Below is sample code block in Startup.cs file.

 services.AddAuthentication(AzureADDefaults.AuthenticationScheme)
            .AddAzureAD(options => { Configuration.Bind("AzureAd", options); options.CookieSchemeName = IdentityConstants.ExternalScheme; });

这篇关于结合使用ASP.Net Core 2 Identity和Azure Ad单租户身份验证的文章就介绍到这了，希望我们推荐的答案对大家有所帮助，也希望大家多多支持IT屋！