将Azure AD作为“外部提供程序"吗? [英] Azure AD as an "external provider"?
问题描述
我正在尝试构建一个简单的ASP.Net Core 2.2 Web应用程序,该应用程序允许AzureAD作为外部提供程序".我正在Visual Studio 2019中执行此操作.
I'm trying to build a simple ASP.Net Core 2.2 web app that allows AzureAD as an "external provider". I'm doing this in Visual Studio 2019.
作为一个超简单的演示项目,我首先创建一个使用Azure AD作为登录提供程序的新项目:
As a super-simple demo project, I started by creating a new project that uses Azure AD as the login provider:
- 选择ASP.NET Core Web应用程序
- 选择Web应用程序(模型-视图-控制器)
- 将身份验证更改为工作或学校帐户".它会自动填写我的域名(因为我已登录VS)
这将创建一个Web应用程序,该应用程序设置为在所有页面上强制执行用户身份验证.当我运行该应用程序时,它将转到Azure AD并登录我,然后导航到/home 页面.
This creates a web application set up to enforce user authentication on all pages. When I run the application, it goes to Azure AD and logs me in prior to navigating to the /home page.
回想一下,我说过我想将Azure AD添加为外部提供商.所以我在 Startup.cs 中找到了这一行:
Recall that I said I wanted to add Azure AD as an external provider. So I found this line in Startup.cs:
services.AddAuthentication(AzureADDefaults.AuthenticationScheme)
.AddAzureAD(options => Configuration.Bind("AzureAd", options));
并且我删除了默认的身份验证方案以防止自动登录,如下所示:
and I removed the default authentication scheme to prevent the auto-login, like this:
services.AddAuthentication()
.AddAzureAD(options => Configuration.Bind("AzureAd", options));
现在,当我运行该应用程序时,它导航到 Login 页面,它为我提供了一个蓝色的大按钮,可让我使用Azure Active Directory登录.但是,单击该按钮不会使我登录.
Now, when I run the app, it navigates to the Login page, and it gives me a big blue button offering to let me log in with Azure Active Directory. But clicking on that button does not log me in.
因此,我搭建了Identity页面,并在 ExternalLogin GET例程中设置了一个断点.果然,单击蓝色的大按钮可以找到它的出路.逐步查看代码,我发现对 _signInManager.GetExternalLoginInfoAsync()的调用返回null .
So I scaffolded the Identity pages, and I set a breakpoint at the ExternalLogin GET routine. Sure enough, clicking the big blue button finds its way there. Stepping through the code, I see that the call to _signInManager.GetExternalLoginInfoAsync() returns null.
我被困住了.显然,(未公开的)配置魔术不能正确设置某些内容来满足对 GetExternalLoginInfoAsync 的调用.
I'm stuck. Apparently, the (undocumented) configuration magic doesn't set something up correctly to satisfy the call to GetExternalLoginInfoAsync.
推荐答案
该方案是您将asp.net身份与Azure AD登录一起用作外部身份提供程序.
The scenario is you are using asp.net identity with Azure AD login as external identity provider .
您应该将 IdentityConstants.ExternalScheme 设置为Azure AD身份验证的登录架构,以便可以使用 _signInManager.GetExternalLoginInfoAsync()获取外部用户信息:
You should set IdentityConstants.ExternalScheme as the signin schema of Azure AD authentication , so that you can get the external user information with _signInManager.GetExternalLoginInfoAsync() :
services.AddDbContext<ApplicationDbContext>(options =>
options.UseSqlServer(
Configuration.GetConnectionString("DefaultConnection")));
services.AddDefaultIdentity<IdentityUser>()
.AddDefaultUI(UIFramework.Bootstrap4)
.AddEntityFrameworkStores<ApplicationDbContext>();
services.AddAuthentication(AzureADDefaults.AuthenticationScheme)
.AddAzureAD(options => Configuration.Bind("AzureAd", options));
services.Configure<OpenIdConnectOptions>(AzureADDefaults.OpenIdScheme, options => {
options.SignInScheme= IdentityConstants.ExternalScheme;
//other config
});
然后,您可以在任何页面中触发asp.net身份并进行修改以适合您的要求,以如下方式触发外部登录( ExternalLogin.cshtml.cs 中的 OnPost 函数)默认模板(蓝色大按钮")可以.
Then you can scaffold the asp.net identity and modify to fit your requirement , in any page trigger external login(OnPost function in ExternalLogin.cshtml.cs) as the default template("big blue button") does .
这篇关于将Azure AD作为“外部提供程序"吗?的文章就介绍到这了,希望我们推荐的答案对大家有所帮助,也希望大家多多支持IT屋!
