Azure移动应用程序MSA身份验证困难 [英] Azure Mobile App MSA Authentication Difficulties

问题描述

因此，我正在研究一个项目，以将以前作为Azure移动服务托管的应用程序重新部署为Azure移动应用程序.所述应用程序具有一个前端(在Azure中作为Web应用程序托管)和一个后端API(这是移动应用程序)，可以直接从前端的javascript调用该API.升级一直很好，直到我开始研究Microsoft帐户身份验证为止.按照...上的说明

So I'm working on a project to redeploy an application that was previously hosted as an Azure Mobile Service as an Azure Mobile App. Said application has a frontend (hosted as a Web App in Azure) and backend API (this is the Mobile App) that is called directly from the frontend's javascript. The upgrade had been going well up until I started working on the Microsoft Account Authentication piece. Following the instructions at...

1. https://docs.microsoft.com/zh-cn/azure/app-service-mobile/app-service-mobile-net-upgrading-from-mobile-services

https://docs.microsoft.com/zh-cn/azure/app-service-mobile/app-service-mobile-how-to-configure-microsoft-authentication

...大部分事情都在滚动.我的应用程序已在Microsoft帐户开发人员中心中注册，我按照'https://{{my_backend_mobile_app_name}} .azurewebsites.net/.auth/login/microsoftaccount/callback'格式指定了重定向URI，并配置了Microsoft身份验证使用Microsoft帐户开发人员中心的ClientId/秘密，在Azure移动应用的适当刀片中进行/授权.测试完后，一切进展顺利:我可以转到应用程序的前端，然后单击登录"按钮，随即打开一个新窗口，显示Microsoft的Login.Live网站，提示我使用Microsoft帐户登录，我这样做成功，并且被重定向到Microsoft帐户开发人员中心中指定的重定向URL，并且在查询字符串中附加了代码和状态值.

...got things mostly rolling. My application has been registered in the Microsoft Account Developer Center, I specified a Redirect URI following the 'https://{{my_backend_mobile_app_name}}.azurewebsites.net/.auth/login/microsoftaccount/callback' format, I configured the Microsoft Authentication/Authorization in the appropriate blade of my mobile app in Azure using the ClientId/Secret from the Microsoft Account Developer Center. Things go mostly well when I test it out: I can go to the frontend of my application and click on the 'Sign In' button, a new window opens with Microsoft's Login.Live site where I am prompted to login with a Microsoft account, I do so successfully and am redirected to the Redirect URL specified in the Microsoft Account Developer Center and it has Code and State values appended in the query string.

但是，当我被重定向时显示的页面上有一个您没有查看此目录或页面的权限".如果我复制URL，请打开一个新标签页，将其粘贴并点击Enter，它将带我进入您已成功登录"页面.但是，两种方法都无法带我回到应用程序的前端，在那里我可以登录并继续进入该站点，因为一切仍在打开的新窗口中进行登录.如果我关闭该窗口，则身份验证过程会看到作为登录的取消"，并要求我再次登录(这只是重复上述过程).如果我不打开窗口，而是回到带有前端站点的窗口，它仍在等待登录过程的响应.

However, the page that is shown when I get redirected there is a 'You do not have permission to view this directory or page'. If I copy the URL, open a new tab, paste it in and hit enter it takes me to a 'You have successfully signed in' page. But neither way takes me back to the frontend of my application where it would log me in and continue into the site as everything is still happening in the new window that was opened for signing in. If I close that window, the authentication process sees that as a 'Cancelling' of the login and requires me to login again (which just repeats the above process). If I leave the window open and go back to the window with my frontend site, it is still waiting for a response from the login process.

因此，这引出了我的主要问题:如何获得Microsoft帐户身份验证过程，以将登录响应实际返回到前端站点而不是登录窗口?

So this leads me to my main question: How do I get the Microsoft Account Authentication process to actually return the login response to my frontend site rather than to the login window?

旁注，我已经将前端和后端的SDK从移动服务的SDK更新到了移动应用的SDK.为此，我必须在后端应用程序中添加一个OWIN中间件(按照上面链接#1中更新服务器项目"标题下的说明).我目前的假设是，此OWIN中间件未正确配置以进行身份​​验证，并且妨碍了回调正常工作.因此，我在弄乱app.UseAppServiceAuthentication(new AppServiceAuthenticationOptions());一块.

Side note, I've updated the SDK's for both the frontend and backend from the Mobile Service ones to the Mobile App's ones. In doing so I had to add in an OWIN middleware (per the instructions in link #1 above, under the 'Updating the server project' header) to my backend app. My current hypothesis is that this OWIN middleware isn't configured correctly for authentication and is getting in the way blocking the callback from working properly; thus, I am messing around with the app.UseAppServiceAuthentication(new AppServiceAuthenticationOptions()); piece.

推荐答案

根据您的描述，我假设您使用的是Azure移动应用程序的JavaScript客户端库.我在本地检查了此问题，发现可能遇到与您提到的相同的问题，如下所示:

According to your description, I assumed that you are using the JavaScript client library for Azure Mobile Apps. I checked this issue on my local side and found I could encounter the same issue as you mentioned as follows:

然后，我尝试将其部署到azure Web应用程序( https://brucechen-mobile. azurewebsites.net/login.html )，我发现它可以按以下方式工作:

Then I tried to deploy it to azure web app (https://brucechen-mobile.azurewebsites.net/login.html), I found it could work as follows:

在网上搜索后，我发现了一个类似的博客关于解决波动问题.我登录到azure门户并选择我的移动应用程序，然后单击所有设置> CORS"，为本地Web应用程序添加URL，如下所示:

After searched the web I found a similar issue and refer to this blog about Fix the Ripple Issues. I log onto azure portal and choose my mobile app, then click "All Settings > CORS", add the URL for my local web application as follows:

然后，单击设置>身份验证/授权"，添加允许的外部重定向URL ，如下所示:

Then, click "SETTINGS > Authentication / Authorization", add the ALLOWED EXTERNAL REDIRECT URLS as follows:

基于上述设置，它可以在本地运行，如下所示:

Based on the above settings, it could work as expected on my local side as follows:

这篇关于Azure移动应用程序MSA身份验证困难的文章就介绍到这了，希望我们推荐的答案对大家有所帮助，也希望大家多多支持IT屋！