将Azure AD作为“外部提供程序"吗? [英] Azure AD as an "external provider"?
问题描述
我正在尝试构建一个简单的ASP.Net Core 2.2 Web应用程序,该应用程序允许AzureAD作为外部提供程序".我正在Visual Studio 2019中执行此操作.
I'm trying to build a simple ASP.Net Core 2.2 web app that allows AzureAD as an "external provider". I'm doing this in Visual Studio 2019.
作为一个超简单的演示项目,我首先创建一个使用Azure AD作为登录提供程序的新项目:
As a super-simple demo project, I started by creating a new project that uses Azure AD as the login provider:
- 选择ASP.NET Core Web应用程序
- 选择Web应用程序(模型-视图-控制器)
- 将身份验证更改为工作或学校帐户".它会自动填写我的域名(因为我已登录VS)
这将创建一个Web应用程序,该应用程序设置为在所有页面上强制执行用户身份验证.当我运行该应用程序时,它将转到Azure AD并登录我,然后导航到/home
页面.
This creates a web application set up to enforce user authentication on all pages. When I run the application, it goes to Azure AD and logs me in prior to navigating to the /home
page.
回想一下,我说过我想将Azure AD添加为外部提供商.所以我在 Startup.cs
中找到了这一行:
Recall that I said I wanted to add Azure AD as an external provider. So I found this line in Startup.cs
:
services.AddAuthentication(AzureADDefaults.AuthenticationScheme)
.AddAzureAD(options => Configuration.Bind("AzureAd", options));
并且我删除了默认的身份验证方案以防止自动登录,如下所示:
and I removed the default authentication scheme to prevent the auto-login, like this:
services.AddAuthentication()
.AddAzureAD(options => Configuration.Bind("AzureAd", options));
现在,当我运行该应用程序时,它导航到 Login
页面,它为我提供了一个蓝色的大按钮,可让我使用Azure Active Directory登录.但是,单击该按钮不会使我登录.
Now, when I run the app, it navigates to the Login
page, and it gives me a big blue button offering to let me log in with Azure Active Directory. But clicking on that button does not log me in.
因此,我搭建了Identity页面,并在 ExternalLogin
GET例程中设置了一个断点.果然,单击蓝色的大按钮可以找到它的出路.逐步查看代码,我发现对 _signInManager.GetExternalLoginInfoAsync()
的调用返回null .
So I scaffolded the Identity pages, and I set a breakpoint at the ExternalLogin
GET routine. Sure enough, clicking the big blue button finds its way there. Stepping through the code, I see that the call to _signInManager.GetExternalLoginInfoAsync()
returns null.
我被困住了.显然,(未公开的)配置魔术不能正确设置某些内容来满足对 GetExternalLoginInfoAsync
的调用.
I'm stuck. Apparently, the (undocumented) configuration magic doesn't set something up correctly to satisfy the call to GetExternalLoginInfoAsync
.
推荐答案
该方案是您将asp.net身份与Azure AD登录一起用作外部身份提供程序.
The scenario is you are using asp.net identity with Azure AD login as external identity provider .
您应该将 IdentityConstants.ExternalScheme
设置为Azure AD身份验证的登录架构,以便可以使用 _signInManager.GetExternalLoginInfoAsync()
获取外部用户信息:>
You should set IdentityConstants.ExternalScheme
as the signin schema of Azure AD authentication , so that you can get the external user information with _signInManager.GetExternalLoginInfoAsync()
:
services.AddDbContext<ApplicationDbContext>(options =>
options.UseSqlServer(
Configuration.GetConnectionString("DefaultConnection")));
services.AddDefaultIdentity<IdentityUser>()
.AddDefaultUI(UIFramework.Bootstrap4)
.AddEntityFrameworkStores<ApplicationDbContext>();
services.AddAuthentication(AzureADDefaults.AuthenticationScheme)
.AddAzureAD(options => Configuration.Bind("AzureAd", options));
services.Configure<OpenIdConnectOptions>(AzureADDefaults.OpenIdScheme, options => {
options.SignInScheme= IdentityConstants.ExternalScheme;
//other config
});
然后,您可以在任何页面中触发asp.net身份并进行修改以适合您的要求,以如下方式触发外部登录( ExternalLogin.cshtml.cs
中的 OnPost
函数)默认模板(蓝色大按钮")可以.
Then you can scaffold the asp.net identity and modify to fit your requirement , in any page trigger external login(OnPost
function in ExternalLogin.cshtml.cs
) as the default template("big blue button") does .
这篇关于将Azure AD作为“外部提供程序"吗?的文章就介绍到这了,希望我们推荐的答案对大家有所帮助,也希望大家多多支持IT屋!