Azure AD 身份验证重定向访问拒绝静态页面(.Net Core + Vue) [英] Azure AD Authentication redirect access denied to static page (.Net Core + Vue)

问题描述

当登录的用户无法访问应用程序时，我无法在 Web 应用程序(.Net Core 和 Vue.js)上设置身份验证以重定向到静态页面.

I have trouble to setup Authentication on the web application (.Net Core and Vue.js) to redirect to the static page when the logged user has no access to the application.

appsettings.json:

appsettings.json:

"AzureAd": {
"Instance": "https://login.microsoftonline.com/",
"Domain": "xxx.onmicrosoft.com",
"TenantId": "xxx-c519-4651-b8c4-xxx",
"ClientId": "xxx-a3f5-4e77-9427-xxx",
"CallbackPath": "/signin-oidc"

},

Startup.cs/ConfigureServices

Startup.cs/ConfigureServices

// cookie policy 
        services.Configure<CookiePolicyOptions>(options =>
        {
            // This lambda determines whether user consent for non-essential cookies is needed for a given request.
            options.CheckConsentNeeded = context => true;
            options.MinimumSameSitePolicy = SameSiteMode.None;
        });

        // azure AD auth
        if (applicationFeatures.SsoAuthenticationEnabled ?? false)
        {
            // adding authentication with Azure Ad
            services.AddAuthentication(AzureADDefaults.AuthenticationScheme)
                .AddAzureAD(options => Configuration.Bind("AzureAd", options));

            services.Configure<CookieAuthenticationOptions>(
                AzureADDefaults.CookieScheme,
                options => options.AccessDeniedPath = "/home/AccessDenied");

            // enable cross-origin requests from microsoft login plaftorm
            services.AddCors(options =>
            {
                var azureADOptions = Configuration.GetSection("AzureAd").Get<AzureADOptions>();
                options.AddPolicy("CorsPolicy",
                    builder => builder.WithOrigins(azureADOptions.Instance)
                        .AllowAnyMethod()
                        .AllowAnyHeader()
                        .AllowCredentials());
                
            });
        }

        // add controllers and vue.js project root
        services.AddControllers().AddNewtonsoftJson();
        services.AddSpaStaticFiles(configuration =>
        {
            configuration.RootPath = applicationFeatures.StaticFilesDirectory;
        });

Startup.cs/配置

Startup.cs/Configure

if (env.IsDevelopment())
        {
            app.UseDeveloperExceptionPage();
        }

        app.UseRouting();
        app.UseAuthentication();
        app.UseAuthorization();
        app.UseSpaStaticFiles();
        app.UseStaticFiles();
        app.UseCookiePolicy();
        app.UseCors("CorsPolicy");
        app.UseMiddleware<AuthorizationMiddleware>();           

        app.UseEndpoints(endpoints =>
        {
            endpoints.MapControllers();
        });

        app.UseSpa(spa =>
        {
            if (env.IsDevelopment())
                spa.Options.SourcePath = "ClientApp";
            else
                spa.Options.SourcePath = "dist";

            if (env.IsDevelopment())
            {
                spa.UseVueCli(npmScript: "serve");
            }

        });

当我以未分配给 Azure 中已注册应用程序的用户身份登录时，我看到此错误

And when I logged in as a user, which is not assigned to the registered app in Azure, I see this error

推荐答案

解决方案

1. 导航到企业应用程序下的属性并保存，将需要分配用户"更改为否".
2. 转到应用注册门户并授予管理员同意.

参考文献 1 ,参考 2

这篇关于Azure AD 身份验证重定向访问拒绝静态页面(.Net Core + Vue)的文章就介绍到这了，希望我们推荐的答案对大家有所帮助，也希望大家多多支持IT屋！