Azure AD 未在 .NET Core 3.1 中进行身份验证 [英] Azure AD Not Authenticating in .NET Core 3.1

问题描述

我正在尝试让 Azure AD 在现有应用程序中工作.我按照说明操作并查看了来自 Microsoft 站点的示例代码 (

更多详情请参考示例

I'm trying to get Azure AD working in an existing application. I've followed the instructions and looked at the sample code from Microsoft's site (https://docs.microsoft.com/en-us/azure/active-directory/develop/quickstart-v2-aspnet-core-webapp) with no luck. The sample code is using .NET Core 2.1. I can get it to work with .NET Core 2.1 but 3.1 is throwing a fit for a couple reasons.

1. Compared to sample code one needs to set the EnableEndpointRouting to false.
2. Compared to sample code I tried removing the set compatibilityversion on AddMvc and also tried using it as being set to 3.0.

When I run it in .NET Core 3.1 all it does is load the page and never calls out/perform the authentication and is behaving as if there is not Authorize tag on the controller.

I have an Authorize tag on the class level in controller.

Startup.cs:

...
            services.Configure<CookiePolicyOptions>(options =>
            {
                options.CheckConsentNeeded = context => true;
                options.MinimumSameSitePolicy = SameSiteMode.None;
            });

            services.AddAuthentication(AzureADDefaults.AuthenticationScheme)
                .AddAzureAD(options => Configuration.Bind("AzureAd", options));

            services.Configure<OpenIdConnectOptions>(AzureADDefaults.OpenIdScheme, options =>
            {
                options.Authority = options.Authority + "/v2.0/";
                options.TokenValidationParameters.ValidateIssuer = false;
            });

            services.AddMvc(options =>
            {
                var policy = new AuthorizationPolicyBuilder()
                    .RequireAuthenticatedUser()
                    .Build();
                options.Filters.Add(new AuthorizeFilter(policy));
                options.EnableEndpointRouting = false;
            });

Then down below in the Configure function:

...
app.UseHttpsRedirection();
            app.UseStaticFiles();
            app.UseCookiePolicy();

            app.UseAuthentication();

            app.UseMvc(routes =>
            {
                routes.MapRoute(
                    name: "default",
                    template: "{controller=Home}/{action=Index}/{id?}");
            });

Then in my appsettings.json I have:

{
  "AzureAd": {
    "Instance": "https://login.microsoftonline.com/",
    "Domain": "domain.onmicrosoft.com",
    "TenantId": "guid",
    "ClientId": "guid",
    "CallbackPath": "/signin-oidc"
  },
...

My question is why is it treating the requests as if their is no authentication? I have also tried using the UseAuthorization below the UseAuthentication.

Thanks!

解决方案

According to my test, if you want to configure Azure AD for .net core 3.1 web app, please refer to the following steps

1. Register Azure AD web application

2. Configure application

   a. Install SDK Microsoft.AspNetCore.Authentication.AzureAD.UI

     <Project Sdk="Microsoft.NET.Sdk.Web">

      <PropertyGroup>
        <TargetFramework>netcoreapp3.1</TargetFramework>
      </PropertyGroup>

      <ItemGroup>
        <PackageReference Include="Microsoft.AspNetCore.Authentication.AzureAD.UI" Version="3.1.1" />
      </ItemGroup>

    </Project>

b. Update appsettings.json

      "AzureAd": {
    "Instance": "https://login.microsoftonline.com/",
    "Domain": "domain.onmicrosoft.com",
    "TenantId": "guid",
    "ClientId": "guid",
    "CallbackPath": "/signin-oidc"
  },
...  

c. Update startup.cs

• add the following code in ConfigureServices function

  public void ConfigureServices(IServiceCollection services)
  {
      services.Configure<CookiePolicyOptions>(options =>
      {
  
          options.CheckConsentNeeded = context => true;
          options.MinimumSameSitePolicy = SameSiteMode.Unspecified;
  
      });
      services.AddAuthentication(AzureADDefaults.AuthenticationScheme)
           .AddAzureAD(options => Configuration.Bind("AzureAd", options));
  
      services.Configure<OpenIdConnectOptions>(AzureADDefaults.OpenIdScheme, options =>
      {
          options.Authority = options.Authority + "/v2.0/";
          options.TokenValidationParameters.ValidateIssuer = false;
      });
      services.AddControllersWithViews(options =>
      {
          var policy = new AuthorizationPolicyBuilder()
              .RequireAuthenticatedUser()
              .Build();
          options.Filters.Add(new AuthorizeFilter(policy));
      });
      services.AddRazorPages();
  }
  

• Add the following code in Configure Function

  public void Configure(IApplicationBuilder app, IWebHostEnvironment env)
     {
        ...
         app.UseHttpsRedirection();
         app.UseStaticFiles();

         app.UseRouting();

         app.UseCookiePolicy();
         app.UseAuthentication();
         app.UseAuthorization();

         app.UseEndpoints(endpoints =>
         {
             endpoints.MapControllerRoute(
                 name: "default",
                 pattern: "{controller=Home}/{action=Index}/{id?}");
         });
     }

For more details, please refer to the sample

这篇关于Azure AD 未在 .NET Core 3.1 中进行身份验证的文章就介绍到这了，希望我们推荐的答案对大家有所帮助，也希望大家多多支持IT屋！