AAD Jwt 令牌在本地主机上验证，但不在服务器上验证 [英] AAD Jwt token validates on localhost but not on server

问题描述

我正在开发 .net core 2.0 web api，并尝试使用 Azure Active Directory 令牌保护它.我的客户端应用程序生成一个令牌并将其发送到 api 进行授权.当我在 localhost 中运行我的 api 时，一切正常，但是当我将它部署到我们的测试服务器时，我突然收到 401 Unauthorized 错误.我已经检查过部署版本上的配置文件是否正确.服务器设置是否会阻止或更改 AAD 的工作?有人告诉我，它在哪里运行应该无关紧要.这是真的还是服务器配置会以某种方式干扰到达 AAD 进行验证?

I'm working on a .net core 2.0 web api and have tried to secure it with a Azure Active Directory token. My client application generates a token and sends it to the api to be authorized. All works fine when I run my api in localhost, however when I deploy it to our test server suddenly I get a 401 Unauthorized error. I've checked that the configuration files are correct on the deployed version. Could there be something with server settings that blocks or changes the workings of AAD? I've been told it shouldn't matter where it's running. Is that true or can server configurations interfere with reaching the AAD for validation somehow?

推荐答案

如果您的 AAD 令牌在 localhost 上验证，它很可能不会在已发布的应用程序上验证，反之亦然.在您的应用注册中，确保回复 URL 设置为您发布的主页 URL(即 https://myapp.azurewebsites.net).

If your AAD token validates on localhost it most likely will not validate on the published app, and vice versa. In your app registration, ensure that the reply URL is set to your published homepage URL (i.e. https://myapp.azurewebsites.net).

还要检查以确保您的 web.config 与您的应用注册相匹配.

Check also to ensure that your web.config matches your app registration.

这篇关于AAD Jwt 令牌在本地主机上验证，但不在服务器上验证的文章就介绍到这了，希望我们推荐的答案对大家有所帮助，也希望大家多多支持IT屋！