本地主机上的 .NET Core WsFederation 身份验证登录循环 [英] .NET Core WsFederation Authentication login loop on localhost
问题描述
我正在尝试在我的应用程序中实施 WsFederation Azure AD 身份验证,以便用户在访问应用程序后必须立即登录.但是,当应用程序启动时,它会定向到 AAD 实例,但随后会卡在一个空白屏幕的循环中.
I'm trying to implement WsFederation Azure AD authentication into my app, so that users must sign in as soon as they hit the application. However, when the app starts, it directs to the AAD instance, but then gets stuck in a loop with a blank screen.
我的应用程序在 http://localhost:61213/ 上运行,我已将其添加为Azure 应用注册仪表板中的 ReplyUrl.
My app runs on http://localhost:61213/, in which I've added it as a ReplyUrl in the Azure App Registration dashboard.
对此的其他答案表明该应用程序应该通过 https 运行,但是当我尝试实施这些更改时,它仍然不起作用.
Other answers to this suggest that the app should be running over https, however when I've tried to implement those changes, it still doesn't work.
有什么想法吗?提前致谢!
Any ideas? Thanks in advance!
编辑
我已将应用程序更改为在 VS 中使用 SSL,因此它改为通过 https 运行.循环问题仍然存在.
I've changed the app to use SSL in VS, so it runs off https instead. Looping issue still persists.
Startup.cs
private void ConfigureAuth(IServiceCollection services)
{
services.Configure<CookiePolicyOptions>(options =>
{
options.CheckConsentNeeded = context => false;
options.MinimumSameSitePolicy = SameSiteMode.None;
options.Secure = CookieSecurePolicy.SameAsRequest;
});
services.AddAuthentication(sharedOptions =>
{
sharedOptions.DefaultScheme = CookieAuthenticationDefaults.AuthenticationScheme;
sharedOptions.DefaultSignInScheme = CookieAuthenticationDefaults.AuthenticationScheme;
sharedOptions.DefaultChallengeScheme = WsFederationDefaults.AuthenticationScheme;
})
.AddCookie(CookieAuthenticationDefaults.AuthenticationScheme,
options =>
{
options.Cookie.Name = ".AspNet.SharedCookie";
options.Cookie.SecurePolicy = CookieSecurePolicy.SameAsRequest;
options.Cookie.SameSite = SameSiteMode.None;
})
.AddWsFederation(options =>
{
options.MetadataAddress =
$"https://login.microsoftonline.com/{aadTenant}/federationmetadata/2007-06/federationmetadata.xml";
options.Wtrealm = wTrealm;
options.Wreply = "http://localhost:61213/";
options.RequireHttpsMetadata = false;
});
services.AddSingleton<IHttpContextAccessor, HttpContextAccessor>();
}
public void Configure(IApplicationBuilder app, IHostingEnvironment env)
{
if (env.IsDevelopment())
{
app.UseDeveloperExceptionPage();
}
else
{
app.UseExceptionHandler("/Error");
app.UseHsts();
}
app.UseHttpsRedirection();
if (env.IsProduction())
{
app.UseStaticFiles();
app.UseSpaStaticFiles();
}
app.Use(async (context, next) =>
{
if (!context.User.Identity.IsAuthenticated)
{
await context.ChallengeAsync(WsFederationDefaults.AuthenticationScheme);
}
else
{
await next();
}
});
app.UseMvc(routes =>
{
routes.MapRoute(
name: "default",
template: "{controller}/{action=Index}/{id?}");
});
app.UseSpa(spa =>
{
// To learn more about options for serving an Angular SPA from ASP.NET Core,
// see https://go.microsoft.com/fwlink/?linkid=864501
spa.Options.SourcePath = "ClientApp";
if (env.IsDevelopment())
{
spa.UseAngularCliServer(npmScript: "start");
}
});
app.UseCookiePolicy();
app.UseAuthentication();
}
推荐答案
我已经设法解决了 - 我认为这是一个 CORS 问题.
I've managed to resolve it - I believe it to be a CORS issue.
app.UseCors(policy => policy.SetIsOriginAllowed(origin => origin == "https://login.microsoftonline.com"));
app.UseAuthentication();
app.Use(async (context, next) =>
{
if (!context.User.Identity.IsAuthenticated && context.Request.Path != "/signin-wsfed")
{
await context.ChallengeAsync(WsFederationDefaults.AuthenticationScheme);
}
else
{
await next();
}
});
这篇关于本地主机上的 .NET Core WsFederation 身份验证登录循环的文章就介绍到这了,希望我们推荐的答案对大家有所帮助,也希望大家多多支持IT屋!
