从登台环境使用Azure Active Directory推广Azure网站 [英] Promote Azure Website using Azure Active Directory from staging environment

问题描述

我有一个通过Azure Active Directory进行身份验证的Azure网站，我的目标是部署到暂存插槽，然后将该暂存插槽升级到生产环境.但是，当我部署到暂存插槽时，它在我的Azure AD中被视为单独的应用程序.当我升级环境时，Azure AD应用程序中的Reply URL保持不变，因此现在登录后，我的生产站点将被重定向回到暂存槽.

I have an azure-website authenticated with Azure Active Directory, and my goal is to deploy to a staging slot, which is then promoted to the production environment. However when I deploy to the staging slot it is being treated as a separate application in my Azure AD. When I promote the environment the Reply URL in Azure AD application stays the same, so that my production site is now being redirected back to the staging slot after logging in.

如果我可以在站点的应用程序设置中配置应用程序的URL，这将很有帮助，可以在azure网站环境本身上对其进行配置. 我尝试将ida:RedirectURI添加到应用程序设置中，但没有任何效果.

It would help if I could configure the application Reply URL in the app settings of the site, which can be configured on the azure-website environment itself. I have tried adding the ida:RedirectURI to the app settings and it had no effect.

推荐答案

我假定您正在使用Visual Studio发布工具中的组织功能.正确的?您正在使用哪个版本的VS? 逐步指导会根据版本而有所不同，但为您提供了全面的解释:

I assume you are using the Organizational features in the publishing tools from Visual Studio. Correct? What version of VS are you using? The step by step guidance changes depending on the version, but to give you a blanket explanation of what's going on:

• 您可以在发布时通过选择发布向导中的组织功能来绕过新应用的创建
• 在这种情况下，您需要手动进行更改
• • 您可以进入Azure门户，找到Azure AD租户，找到应用程序"选项卡，识别您的应用程序条目，单击配置"，滚动到返回URL"部分，然后添加暂存/产品/想要的任何URL可以使用
  • You can bypass the creation of a new app at publishing time by opting out of the organizational features in the publishing wizard
  • In that case, you need to make changes by hand
  • • You can go in the Azure portal, find your Azure AD tenant, find the applications tab, identify your app entry, click on configure, scroll to the return URL section and add your staging/prod/whatever URLs you want to be able to use
    • 回到项目中，您现在需要告诉身份库使用您选择的返回URL，而不是保留默认URL.如果您使用的是VS2013，则使用的是WIF，因此您需要找到WIF配置元素并注入新的Reply属性，如下所示

    <system.identityModel.services>
        <federationConfiguration>
          <cookieHandler requireSsl="true" />
          <wsFederation passiveRedirectEnabled="true" issuer="https://login.windows.net/developertenant.onmicrosoft.com/wsfed" realm="https://developertenant.onmicrosoft.com/blah"
    reply="https://mynewURL" requireHttps="true" />
        </federationConfiguration>
      </system.identityModel.services>

    相反，如果您使用的是OWIN，则注入的地方会有所不同-但在写下来之前，我会给您机会确认以上内容是否适用于您的项目:) HTH，V.

    If instead you are using OWIN, the place where you'd inject that would be different - but before writing it down I'd give you the chance of confirming if the above applies to your project :) HTH, V.

    这篇关于从登台环境使用Azure Active Directory推广Azure网站的文章就介绍到这了，希望我们推荐的答案对大家有所帮助，也希望大家多多支持IT屋！