AzureAD身份验证仅适用于本地 [英] AzureAD authentication only works on local

问题描述

我已经在门户中设置了我的AzureAD，并使用了一个应用服务，该服务使用AD按照Microsoft的说明进行身份验证.

Ive set up my AzureAD in the portal, and an appservice that uses the AD to authenticate following instructions from microsoft.

我制作了使用此授权的.net核心应用.它可以在我的本地主机上工作.但是当我发布它时，出现此错误

Ive made a .net core app that uses this authorisation. It works on my localhost. But when i publish it i get this error

AADSTS50011:在请求中指定的答复URL与为应用程序配置的答复URL不匹配:"614f66a9-xxxx-483a-8bc7-xxxxxxx"

AADSTS50011: The reply url specified in the request does not match the reply urls configured for the application: '614f66a9-xxxx-483a-8bc7-xxxxxxx'

我应该更改什么?它如何在本地运行，但在发布时不行?

What should i change and how come it works in my local but not when published?

这是应用程序的当前配置:

This is current configuration of app:

 {
  "AzureAd": {
    "Instance": "https://login.microsoftonline.com/",
    "Domain": "lmyName.onmicrosoft.com",
    "TenantId": "******-ebd5-40d8-829b-*********",
    "ClientId": "*****-8eef-483a-8bc7-********",
    "CallbackPath": "/signin-oidc"
  },
  "Logging": {
    "IncludeScopes": false,
    "LogLevel": {
      "Default": "Warning"
    }
  }
}

当我按照在线说明操作时，系统指示我在门户中配置appservice以使用回复URL:/.auth/login/aad/callback

When i followed the online intructions i was directed to configure the appservice in the portal to use reply URL: /.auth/login/aad/callback

可以和callbackPath一样吗?

Could that be the same as callbackPath?

推荐答案

对于您的情况，您可以将AAD应用程序中的回复URL 更改为< YourApplicaitonURL>/signin-oidc.

For your case, you can change your reply URL in AAD Application to be <YourApplicaitonURL>/signin-oidc.

注意.登录URL和注销URL设置中的基地址为 http://localhost:port .

NOTE The base address in the Sign-on URL and Logout URL settings is http://localhost:port.

此本地主机地址允许示例应用程序从本地系统不安全地运行.端口是Kestrel服务器的默认端口.如果将应用程序配置为用于生产(如果将应用程序发布到Azure Web App服务)，则更新AAD应用程序中的答复URL.

This localhost address allows the sample app to run insecurely from your local system. Port is the default port for the Kestrel server. Update the reply URL in your AAD Application if you configure the app for production use(If you publish your App to Azure Web App service).

例如， https://yourapp.azurewebsites.net/signin-oidc 或 https://www.contoso.com/signout-oidc

您还可以参考此示例将Azure AD集成到ASP.NET Core Web应用程序中.

You can also refer to this Sample to Integrate Azure AD into an ASP.NET Core web app.

请告诉我它是否有帮助！

Please let me know if it helps!

这篇关于AzureAD身份验证仅适用于本地的文章就介绍到这了，希望我们推荐的答案对大家有所帮助，也希望大家多多支持IT屋！