编辑清单以启用 availableToOtherTenants 后出现 Azure AD 错误 [英] Azure AD Error after editing manifest to enable availableToOtherTenants

问题描述

我们正在尝试将 Web 应用程序和 Web API 部署到与我们的企业 Azure AD 帐户关联的新 Azure 订阅.但是，当我们尝试修改 Azure AD 清单以启用多租户标志availableToOtherTenants"并在我们的 WebAPI 清单中设置 WebApp 的knownClientApplications"客户端 ID 时，我们在尝试上传它们后会收到以下错误:

We are trying to deploy are web application and web API to a new Azure subscription associated with our corporate Azure AD account. However, when we attempt to modify the Azure AD manifest to enable the multi-tenant flag "availableToOtherTenants" and set the "knownClientApplications" client ID of our WebApp in our WebAPI manifest we get the following error after attempting to upload them:

ParameterValidationException=Invalid parameters provided; BadRequestException=Host name in property identifierUris is not on any verified domain of the company or its subdomain

webapp 和 webapi 都是 AzureAD 中的应用服务，并在其清单中使用 .azurewebsites.net 作为 identifierUris.我们不打算为这些服务注册域名，因为这些服务仅用于内部测试.部署应用的订阅似乎确实与应用在 Azure AD 中注册的目录相关联，那么为什么这些 Uris 会有问题呢?

Both the webapp and webapi are App Services in AzureAD and are using the .azurewebsites.net as the identifierUris in their manifests. We were not planning on registering a domain name for these services since these services are just for internal testing. The subscription the apps are deployed does appear to be associated with the directory the apps are registered in Azure AD, so why would it have a problem with these Uris?

推荐答案

来自管理门户中 App ID URI 的帮助文本:

From the helper text for App ID URI in the management portal:

URI 用作您应用的唯一逻辑标识符.URI必须位于经过验证的自定义域中，外部用户才能授予您的应用访问他们在 Microsoft Azure AD 中的数据的权限

The URI is used as a unique logical identifier for your app. The URI must be in a verified custom domain for an external user to grant your app access to their data in Microsoft Azure AD

话虽如此，由于 App ID URI 没有任何功能含义，您仍然可以通过将 App ID URI 设置为以下内容来进行测试:

That being said, since the App ID URI doesn't have any functional implications, you should still be able to do your testing by setting your App ID URI to something along the lines of:

http://<localhost_or_whatever>.<tenantName>.onmicrosoft.com 

但保留您的回复 URL，因为它们指向您的 .azurewebsite.net URI.

But keeping your Reply URLs as they are pointing to your .azurewebsite.net URIs.

这应该可以让您继续将您的应用配置为多租户，并使用您想要的任何站点进行测试.

This should let you proceed with configuring your app as multi-tenant and do your testing with whatever site you want.

这篇关于编辑清单以启用 availableToOtherTenants 后出现 Azure AD 错误的文章就介绍到这了，希望我们推荐的答案对大家有所帮助，也希望大家多多支持IT屋！