Azure“启用AD身份验证"带有部署槽 [英] Azure "Enable AD Authentication" with deployment slots
问题描述
我有一个Azure WebApp,并已在Azure预览功能块中激活了"Active Directory身份验证".让我们称它为 https://mysite.azurewebsites.net (不是真实网址)Whis可以正常工作.但是,当我们添加部署槽时,我们无法使身份验证正常工作.当访问暂存的WebApp时,例如 https://mysite-staging.azurewebsites.net (不是真实网址),我们被重定向到
I have an Azure WebApp and have activated the "Active Directory Authentication" in the Azure Preview Potal. Let's call it https://mysite.azurewebsites.net (not a real URL) Whis works as expected. However, when we add a deployment slot, we can't get authentication to work properly. When accessing the staged WebApp, e.g. https://mysite-staging.azurewebsites.net (not a real URL), we get redirected to
But the login portal gives us an error message:
AADSTS50011:回复地址' https://mysite-staging .azurewebsites.net/< our-appliction-guid>/登录'与为该应用程序配置的回复地址不匹配:.
AADSTS50011: The reply address 'https://mysite-staging.azurewebsites.net/<our-appliction-guid>/login' does not match the reply addresses configured for the application: .
问题在于,WebApp不会在我们的目录中显示为应用程序,因此我们无法为其设置备用重新部署URL.
The problem is, the WebApp does not show up as an application in our directory, so we can't set up alternate reploy URLs for it.
是否可以为WebApp指定备用地址,以便Azure AD登录名可用于部署插槽?
Is there any way to specify alternate addresses for WebApps, so that Azure AD login will work for deployment slots?
推荐答案
创建部署插槽时,需要为其重新设置身份验证,就好像它是一个新应用程序一样. (从应用程序服务的角度来看,是这样.)
When you create the deployment slot, you need to re-setup the authentication for it, as if it's a new application. (From an app-service perspective, it is.)
步骤大致为:
- 在门户中,转到您的应用程序服务下的部署插槽.
- 进行身份验证/授权
- 执行所有步骤来设置与生产应用程序相同的身份验证/授权. (通过AzureAD进行身份验证,选择提供程序,等等.)
-
在登台环境的管理应用程序"下,转到设置,并为登台环境添加新的答复URL.您应该有常规的回复URL,然后是暂存版本:
- In the portal, go to your deployment slot under your app-service.
- go to authentication/authorization
- Go through all the steps to setup your authentication/authorization the same as for your production app. (Authenticate via AzureAD, Choose the provider, etc.)
Under "Manage App" in the staging environment, go to settings, and add new reply URL's for your staging environment. You should have your regular reply URL, and then the staging version:
- https://myapp.azurewebsites.net/signin-oidc
- https://myapp-staging.azurewebsites.net/signin-oidc
然后您应该可以进入.
发生在我身上的一件奇怪的事情是,这没有用,然后我进入了阶段身份验证,然后将其关闭.这使一切正常工作,并且经过了正确的身份验证,并且如果我没有登录也不允许我进入.
One weird thing that happened to me, is this didn't work, then I went into the staging authentication, and turned it off. That made everything work, and it correctly authenticated and didn't let me in if I wasn't signed in.
(我知道我要在原始问题的几年后发布此答案,但是在花了一周的大部分时间弄清楚了这个问题之后,这个问题反复出现在搜索中,我想记录一下我最终在做的事情如果别人有问题.)
(I realize I'm posting this answer years after the original question, but after spending the better part of a week figuring it out, and this question repeatedly came up on searched, I wanted to document what I ended up doing in case someone else has a problem.)
这篇关于Azure“启用AD身份验证"带有部署槽的文章就介绍到这了,希望我们推荐的答案对大家有所帮助,也希望大家多多支持IT屋!
