将 ASP.Net Core 2 Identity 与 Azure Ad 单租户身份验证结合使用 [英] Use ASP.Net Core 2 Identity with Azure Ad single tenant authentication

问题描述

我想就一个我不理解的问题从社区获得帮助.我创建了 asp.net core 2 web 应用程序，我想将应用程序配置为能够通过 aspnetuser 表或使用 O365 公司帐户从应用程序登录.然后我遵循了 MSDN 网站上包含的网络上描述的多种技术.应用身份验证工作正常，但 Azure add 返回:加载外部登录信息时出错.我通过生成身份视图检查了代码内部，应用程序失败了:

I would like to get help from community for one problem that I don't understand. I create asp.net core 2 web application and I would like to configure the app to be able to login from the app via aspnetuser table or by using O365 Company account. Then I followed multiple techniques described on the web included on MSDN website. The app authentication works fine but Azure add returned : Error loading external login information. I checked inside the code by generating identity views, the app failed on:

 var info = await _signInManager.GetExternalLoginInfoAsync();
        if (info == null)
        {
            ErrorMessage = "Error loading external login information.";
            return RedirectToPage("./Login", new { ReturnUrl = returnUrl });
        }

等待_signInManager.GetExternalLoginInfoAsync();返回 null 并返回错误信息.

await _signInManager.GetExternalLoginInfoAsync(); return null and return the error message.

应用程序已在 azure AD 中正确配置，如果我从应用程序中删除身份验证，它可以在我的应用程序中运行.

The application is correctly configured in azure AD and it work from my app if I remove the authentication from the app.

我将我的应用中间件配置如下:

I configured my app middlewares as follow:

public void ConfigureServices(IServiceCollection services)
    {
        services.Configure<CookiePolicyOptions>(options =>
        {
            // This lambda determines whether user consent for non-essential cookies is needed for a given request.
            options.CheckConsentNeeded = context => true;
            options.MinimumSameSitePolicy = SameSiteMode.None;
        });

        services.AddAuthentication(AzureADDefaults.AuthenticationScheme).AddCookie()
            .AddAzureAD(options => Configuration.Bind("AzureAd", options));
        services.Configure<OpenIdConnectOptions>(AzureADDefaults.OpenIdScheme, options =>
        {
            options.Authority = options.Authority + "/v2.0/";
            options.TokenValidationParameters.ValidateIssuer = true;
        });

在配置方法中我添加了

app.UseAuthentication();

当我到达我的登录屏幕应用程序(由 VS 搭建)时，一切似乎都是正确的:

When I arrive on my login screen app (scaffolded by VS) all seems correct:

具有两种身份验证可能性的登录屏幕]:

Login screen with two possibilities for authentication]:

尝试 Azure Active Directory 方法时出现错误消息:

Error message when i try Azure Active Directory method:

有人可以解释并帮助我解决这个问题吗?

Can someone explain and help me to solve this problem?

提前致谢

推荐答案

解决方案是添加cookieschemename作为externalscheme.下面是 Startup.cs 文件中的示例代码块.

The solution is to add cookieschemename as externalscheme. Below is sample code block in Startup.cs file.

 services.AddAuthentication(AzureADDefaults.AuthenticationScheme)
            .AddAzureAD(options => { Configuration.Bind("AzureAd", options); options.CookieSchemeName = IdentityConstants.ExternalScheme; });

这篇关于将 ASP.Net Core 2 Identity 与 Azure Ad 单租户身份验证结合使用的文章就介绍到这了，希望我们推荐的答案对大家有所帮助，也希望大家多多支持IT屋！