Azure AD B2C:允许访问自定义策略HTML模板的策略IP地址 [英] Azure AD B2C: Policy IP Addresses to Allow Access to Custom Policy HTML Templates
问题描述
我们正在使用Azure AD B2C(仍处于预览状态)对我们的应用程序的客户进行身份验证.
We are using Azure AD B2C (still in preview) to authenticate customers to our application.
我们将使用自定义html模板来实现我们的登录体验和注册(使我们对MS内容之外的格式和链接有更多的了解).
We are going to use custom html templates for our sign-in experience and sign-up (gives us more power over format and links outside of MS content).
由于我们的开发环境位于受限制的网络上,因此系统工程师希望将对这些资源的访问限制为一个IP地址范围或IP地址范围.
Since our development environment is on a restricted network, the Systems Engineers would like to restrict access to those resources to a range or set of IP Addresses.
我们可以在测试时监视流量,然后添加我们看到的IP,但是如果某个位置有列表(我看过,但找不到任何东西),那将是很好的.
We could just monitor traffic while we test, and then add those IPs we see, but it would be nice if there were a list somewhere (I've looked, but I can't find anything).
至少,无论如何,我们最终将限制从网络外部访问这些特定文件.
At the very least and regardless, we will end up restricting access from outside the network to just those specific files.
Microsoft是否提供将请求内容的IP地址范围?
Does Microsoft provide that range of IP addresses that will be requesting the content?
推荐答案
事实证明,我误解了模板的工作方式.Microsoft使用JavaScript下载自定义模板,因此实际上是用户浏览器检索内容,而不是Azure服务器.这就是为什么您需要在应用程序中启用CORS的原因.
As it turns out, I was misunderstanding how the templates work. Microsoft uses JavaScript to download the custom template, so it's actually the users browser that retrieves the content and not Azure servers. This is why you need to enable CORS in your application.
解决方案是仅允许从DEV和TEST环境访问login.onmicrosoft.com,以便可以将用户重定向到登录和注册页面/策略.无需将访问权限授予任何Microsoft服务器.
The solution is to simply allow access to login.onmicrosoft.com from the DEV and TEST environments so that users can be redirected to the sign-in and sign-up pages/policies. Access to your environments does not need to be given to any Microsoft servers.
对于那些仍然希望看到范围的人,我通过搜索"azure使用的ip地址"找到了以下文件:
For those interested in seeing the ranges anyways, I found the following file by searching for "ip addresses used by azure": https://www.microsoft.com/en-us/download/details.aspx?id=41653
这篇关于Azure AD B2C:允许访问自定义策略HTML模板的策略IP地址的文章就介绍到这了,希望我们推荐的答案对大家有所帮助,也希望大家多多支持IT屋!
