Azure AD登录无限循环 [英] Azure AD login inifinite loop
问题描述
我的代码进入无限循环,进入了azure登录页面(由Microsoft托管),然后重定向回我的应用程序,然后返回到ms主机登录页面等,等等.
My code is entering an infinite loop, hitting azure login page (hosted by Microsoft), then redirecting back to my app, then back to ms host login page etc etc etc.
在我的代码中,我在OnAuthorizationCodeReceived事件中有一个断点...
In my code I have a breakpoint in the OnAuthorizationCodeReceived event...
public void ConfigureAzureAd(IServiceCollection services)
{
//set authentication to use Azure AD
services.AddAuthentication(auth =>
{
auth.DefaultAuthenticateScheme = CookieAuthenticationDefaults.AuthenticationScheme;
auth.DefaultChallengeScheme = OpenIdConnectDefaults.AuthenticationScheme;
auth.DefaultSignInScheme = CookieAuthenticationDefaults.AuthenticationScheme;
})
.AddCookie()
.AddOpenIdConnect(opts =>
{
Configuration.GetSection("OpenIdConnect").Bind(opts);
opts.Events = new OpenIdConnectEvents
{
OnAuthorizationCodeReceived = async ctx =>
{
HttpRequest request = ctx.HttpContext.Request;
//We need to also specify the redirect URL used
string currentUri = UriHelper.BuildAbsolute(request.Scheme, request.Host, request.PathBase, request.Path);
//Credentials for app itself
var credential = new ClientCredential(ctx.Options.ClientId, ctx.Options.ClientSecret);
//Construct token cache
ITokenCacheFactory cacheFactory = ctx.HttpContext.RequestServices.GetRequiredService<ITokenCacheFactory>();
TokenCache cache = cacheFactory.CreateForUser(ctx.Principal);
var authContext = new AuthenticationContext(ctx.Options.Authority, cache);
//Get token for Microsoft Graph API using the authorization code
string resource = "https://graph.microsoft.com";
AuthenticationResult result = await authContext.AcquireTokenByAuthorizationCodeAsync(
ctx.ProtocolMessage.Code, new Uri(currentUri), credential, resource);
//Tell the OIDC middleware we got the tokens, it doesn't need to do anything
ctx.HandleCodeRedemption(result.AccessToken, result.IdToken);
//ctx.HandleCodeRedemption();
}
};
});
}
,并且我可以检查result中的数据,并且一切正常(尽管不确定会出现什么样的故障),似乎登录正在运行,但是我的应用无法识别登录已发生,或者它没有保存,并且会继续重试
and I can inspect the data in result, and it all looks ok (though not sure what failure would look like), it appears the login is working but my app is unable to recognize that the login has happened, or it's not saving, and keeps retrying
我还要求其他人尝试使用不在我的Active Directory中的用户登录,但是它失败了,确实看起来像Active Directory很高兴,但是我的应用程序一直在重定向.
I've also asked someone else to try logging in with a user not in my Active Directory, and it fails appropriately, it really looks like Active Directory is happy, but my app just keeps redirecting.
我正在使用.Net Core 2.2(我的第一个核心项目)
I'm using .Net Core 2.2 (my first core project)
我正在使用Active Directory Free
I'm using Active Directory Free
更新以响应@Marilee Turscak-MSFT
如果我在portal.azure.com中没有正确的Reply Url设置,并通过C#传递,那么azure会引发错误,因此我肯定在那里有一个回复URL,并且它正确匹配
If i do not have the correct Reply Url setup in portal.azure.com and pass in it via C# then azure throws an error, so I've definitely got a reply URL in there and it matches correctly
配置看起来像这样:
"OpenIdConnect": {
"ClientId": "<guid in here>", // Application ID
"ClientSecret": "<secrect from portal.azure.com>",
"Authority": "https://login.microsoftonline.com/emailwithout@symbol.onmicrosoft.com/",
"PostLogoutRedirectUri": "http://www.<projectname_in_here>.local",
"CallbackPath": "/signin-oidc",
"ResponseType": "code id_token"
}
推荐答案
您需要在代码和Azure AD中的应用程序注册中都设置一个Reply URL.您应该将回复URL"设置为希望重定向用户的任何位置(通常是您发布的主要主页URL,例如 https://myapp.azurewebsites.net ).
You need to set a Reply URL both in your code and in your application registration in Azure AD. You should set your Reply URL to wherever you want the user to be redirected (generally your main published homepage url - like https://myapp.azurewebsites.net).
作为参考,您可以在Github示例中查看示例. https://azure.microsoft.com/en-us/resources/samples/active-directory-dotnet-webapp-openidconnect/
For reference, you can see the examples in the Github samples. https://azure.microsoft.com/en-us/resources/samples/active-directory-dotnet-webapp-openidconnect/
这篇关于Azure AD登录无限循环的文章就介绍到这了,希望我们推荐的答案对大家有所帮助,也希望大家多多支持IT屋!
