如何更改身份验证模式(从Windows更改为Azure AD) [英] How to change authentication mode (from Windows to Azure AD)
问题描述
我有一个现有的WebForms应用程序,该应用程序当前使用我想通过Azure AD进行身份验证的Windows身份验证.该应用程序已在Azure中配置(我具有AppID和TenantID),但该应用程序仍通过Windows身份验证进行身份验证.
I have an existing WebForms application that currently uses Windows Authentication that I want to authenticate through Azure AD. The app is already configured in Azure (I have the AppID and TenantID), but the application still authenticates via Windows Authentication.
通过遵循大多数指南都以MVC为例,对于现有的WebForms应用程序,我找不到完整的介绍.
Most guides use MVC as their example, and I couldn't find a thorough walk through for existing WebForms applications.
我是否需要更改 web.config 中的某些内容?
Do I need to change something in the web.config?
我在Startup和Startup.Auth中有以下代码(我手动创建了这些代码,其外观与指南中描述的完全一样)
I have the following codes in the Startup and Startup.Auth (which I created manually and looks exactly as what's described in the guide)
Startup.Auth
Startup.Auth
public void ConfigureAuth(IAppBuilder app)
{
app.SetDefaultSignInAsAuthenticationType(CookieAuthenticationDefaults.AuthenticationType);
app.SetDefaultSignInAsAuthenticationType(CookieAuthenticationDefaults.AuthenticationType);
app.UseCookieAuthentication(new CookieAuthenticationOptions());
app.UseOpenIdConnectAuthentication(
new OpenIdConnectAuthenticationOptions
{
ClientId = "the app id";
Authority = "the tenant id";
});
}
启动
public void Configuration(IAppBuilder app)
{
ConfigureAuth(app);
}
下面是 web.config 中的 authentication 设置,我尝试将其从 Windows 设置为 None ,但是该应用仅抛出了401页,并且未尝试通过AAD进行身份验证.
Below is the authentication setting in the web.config which I tried setting from Windows to None, but the app just threw a 401 page and didn't try to authenticate to AAD.
<authentication mode="Windows" />
<authorization>
<deny users="?" />
</authorization>
推荐答案
虽然我不是100%地确定您的问题是什么,但这是一个使用Web窗体进行AAD身份验证的有效示例.
While I am not 100 percent sure what your issue is, Here is a working example for AAD Authentication with Web Forms.
Web.config
Web.config
<configuration>
<!-- Azure AD Settings -->
<appSettings>
<add key="ida:ClientId" value="{ClientId}" />
<add key="ida:AADInstance" value="https://login.microsoftonline.com/" />
<add key="ida:Domain" value="{Tenant}" />
<add key="ida:TenantId" value="{TenantId}" />
<add key="ida:PostLogoutRedirectUri" value="https://localhost:44306/" />
</appSettings>
<location path="Account">
<system.web>
<authorization>
<allow users="*" />
</authorization>
</system.web>
</location>
<system.web>
<!-- Request Login -->
<authorization>
<deny users="?" />
</authorization>
<authentication mode="None" />
<compilation debug="true" targetFramework="4.5" />
<httpRuntime targetFramework="4.5" />
<pages>
<namespaces>
<add namespace="System.Web.Optimization" />
</namespaces>
<controls>
<add assembly="Microsoft.AspNet.Web.Optimization.WebForms" namespace="Microsoft.AspNet.Web.Optimization.WebForms" tagPrefix="webopt" />
</controls>
</pages>
<httpModules>
<add name="ApplicationInsightsWebTracking" type="Microsoft.ApplicationInsights.Web.ApplicationInsightsHttpModule, Microsoft.AI.Web" />
</httpModules>
</system.web>
<system.webServer>
<!-- Remove Forms Authentication Module. -->
<modules>
<remove name="FormsAuthentication" />
<remove name="ApplicationInsightsWebTracking" />
<add name="ApplicationInsightsWebTracking" type="Microsoft.ApplicationInsights.Web.ApplicationInsightsHttpModule, Microsoft.AI.Web" preCondition="managedHandler" />
</modules>
<validation validateIntegratedModeConfiguration="false" />
</system.webServer>
<runtime>
<assemblyBinding xmlns="urn:schemas-microsoft-com:asm.v1">
<dependentAssembly>
<assemblyIdentity name="Newtonsoft.Json" culture="neutral" publicKeyToken="30ad4fe6b2a6aeed" />
<bindingRedirect oldVersion="0.0.0.0-6.0.0.0" newVersion="6.0.0.0" />
</dependentAssembly>
<dependentAssembly>
<assemblyIdentity name="WebGrease" culture="neutral" publicKeyToken="31bf3856ad364e35" />
<bindingRedirect oldVersion="0.0.0.0-1.5.2.14234" newVersion="1.5.2.14234" />
</dependentAssembly>
</assemblyBinding>
</runtime>
<system.codedom>
<compilers>
<compiler language="c#;cs;csharp" extension=".cs" type="Microsoft.CodeDom.Providers.DotNetCompilerPlatform.CSharpCodeProvider, Microsoft.CodeDom.Providers.DotNetCompilerPlatform, Version=1.0.8.0, Culture=neutral, PublicKeyToken=31bf3856ad364e35" warningLevel="4" compilerOptions="/langversion:6 /nowarn:1659;1699;1701" />
<compiler language="vb;vbs;visualbasic;vbscript" extension=".vb" type="Microsoft.CodeDom.Providers.DotNetCompilerPlatform.VBCodeProvider, Microsoft.CodeDom.Providers.DotNetCompilerPlatform, Version=1.0.8.0, Culture=neutral, PublicKeyToken=31bf3856ad364e35" warningLevel="4" compilerOptions="/langversion:14 /nowarn:41008 /define:_MYTYPE=\"Web\" /optionInfer+" />
</compilers>
</system.codedom>
</configuration>
Startup.Auth.cs
Startup.Auth.cs
public partial class Startup
{
private static string clientId = ConfigurationManager.AppSettings["ida:ClientId"];
private static string aadInstance = ConfigurationManager.AppSettings["ida:AADInstance"];
private static string tenantId = ConfigurationManager.AppSettings["ida:TenantId"];
private static string postLogoutRedirectUri = ConfigurationManager.AppSettings["ida:PostLogoutRedirectUri"];
string authority = aadInstance + tenantId;
public void ConfigureAuth(IAppBuilder app)
{
app.SetDefaultSignInAsAuthenticationType(CookieAuthenticationDefaults.AuthenticationType);
app.UseCookieAuthentication(new CookieAuthenticationOptions());
app.UseOpenIdConnectAuthentication(
new OpenIdConnectAuthenticationOptions
{
ClientId = clientId,
Authority = authority,
PostLogoutRedirectUri = postLogoutRedirectUri,
Notifications = new OpenIdConnectAuthenticationNotifications()
{
AuthenticationFailed = (context) =>
{
return System.Threading.Tasks.Task.FromResult(0);
}
}
}
);
// This makes any middleware defined above this line run before the Authorization rule is applied in web.config
app.UseStageMarker(PipelineStage.Authenticate);
}
}
这篇关于如何更改身份验证模式(从Windows更改为Azure AD)的文章就介绍到这了,希望我们推荐的答案对大家有所帮助,也希望大家多多支持IT屋!
