Azure Web应用程序+ Node.js + Azure AD =错误431 [英] Azure Web App + Node.js + Azure AD = Error 431
问题描述
我创建了一个基于Azure Web应用程序的基于Node.js的Web应用程序,该应用程序要在Azure Active Directory身份验证中运行.激活应用程序服务身份验证"后,登录过程正常工作,但是返回到我的应用程序后,它仅返回HTTP 431请求标头字段太大".
要验证它不是我的应用程序,我检查了Azure Web应用程序示例中的Node.js,甚至在激活AAD时也返回了431.
复制步骤:
- 创建新的Azure资源-> Web应用
- 选择任何基于Node的运行时堆栈,例如Node 12 LTS
- 选择任何操作系统
- 创建Web应用并等待部署完成
- 创建一个简单的Web应用程序
- 示例: https://github.com/Azure-样本/app-service-web-nodejs-get-started
- 在Web服务上部署
- 到目前为止,结果:应用程序正常运行.
- 在Web应用程序设置中,转到身份验证/授权"
- 将应用服务身份验证"设置为开启"
- 选择Azure Active Directory
- 选择Express Management Mode并在此过程中创建一个新的Azure AD应用
- 作为未验证请求时要采取的措施",选择使用Azure AD登录"
- 确认
结果:当使用浏览器打开Web应用程序URL时,它将显示登录过程,在该过程之后,一切似乎都可以正常运行,并且AAD返回到应用程序,但是此时它返回HTTP 431./p>
其他测试:
- 停用身份验证,一切都会恢复正常
- 在启用身份验证的情况下,上传简单的.html文件而不是Node app可以正常工作
- 通过restify和http 进行了测试
有什么想法吗?我想念什么吗?
这是一个已知问题,因为使用8KB硬顶标头的节点的最新版本存在局限性. EasyAuth在请求中添加了一些非常大的标头,这可能导致节点容器拒绝带有400的中间件容器发出的请求.在此处了解更多信息: 可以通过将应用程序设置WEBSITE_AUTH_DISABLE_IDENTITY_FLOW设置为true来缓解这种情况.这将删除我们添加到请求中的最大标头之一.该标头通常仅由.NET Framework和Azure Functions应用程序使用,因此此设置应该是安全的.
如果问题仍然存在,则可以尝试使用NodeJS 12版本或增加标头大小参数:node server.js --max-http-header-size 81000
I created a Node.js based web application, running in an Azure Web App, that I wanted to put behind an Azure Active Directory authentication. After activating "App Service Authentication", the login process works normally, however upon returning to my app, it just returns a HTTP 431 "Request Header Fields Too Large".
To validate it's not my app, I checked the Azure web app sample for Node.js and even this returns a 431 when activating AAD.
Steps to reproduce:
- Create new Azure resource -> Web App
- Select any Node based runtime stack, for example Node 12 LTS
- Select any OS
- Create the web app and wait for deployment to finish
- Create a simple web app
- Example: https://github.com/Azure-Samples/app-service-web-nodejs-get-started
- Deploy on the web service
- Result so far: App works.
- In the web app settings, go to "Authentication / Authorization"
- Turn "App Service Authentication" to "On"
- Select Azure Active Directory
- Select Express Management Mode and create a new Azure AD App in the process
- As "Action to take when request is not authenticated" select "Log in with Azure AD"
- Confirm
Result: When opening the web app URL with a browser, it will show the log in process, following the process everything seems to work fine and the AAD returns to the application, however at that point it returns a HTTP 431.
Further tests:
- Deactivate the authentication and everything works fine again
- Upload a simple .html file instead of a Node app works fine with authentication enabled
- Tested with restify and http
Any ideas? Am I missing something?
This is a known issue since there is limitation with more recent versions of node that utilize a hard cap of 8KB for headers. EasyAuth adds some very large headers to the request, which can cause the node container to reject the request made by the middleware container with a 400. Read more about it here: This can be mitigated by setting the app setting WEBSITE_AUTH_DISABLE_IDENTITY_FLOW to true. This will remove one of the largest headers we add to the request. This header is generally only used by .NET Framework and Azure Functions apps, and so this setting should be safe.
If the issue still occurs, you can try with NodeJS 12 versions or increase the header size parameter: node server.js --max-http-header-size 81000
这篇关于Azure Web应用程序+ Node.js + Azure AD =错误431的文章就介绍到这了,希望我们推荐的答案对大家有所帮助,也希望大家多多支持IT屋!
