使用 Azure Active Directory - 一个在本地和发布时登录的应用程序 [英] Using Azure Active Directory - one application to login locally and when published

问题描述

我正在使用 Azure Active Directory 身份验证构建 MVC 应用程序.当我在本地开发时，我希望能够登录以进行测试/开发.应用 url 就像 http://localhost:43400.这也在 AD 应用程序的 Sign-On Url 和 Reply Url 中编码.

当我将同一个应用程序部署到服务器时，应用程序 url 发生了变化 - 变得类似于 myappname.azurewebsites.net 并且我无法使用同一个 AD 应用程序登录.我能做到的最好的办法是完成登录过程，但随后 AD 将我重定向回 localhost:43400，这是错误的.

我提供给应用程序的 Startup.Auth.cs 中有 PostLogoutRedirectUri 属性，但它没有任何区别.

有没有办法让本地应用程序和部署的应用程序使用同一个 Azure AD?

我可以使用不同的 url 和键执行 2 个 AD 应用程序，并在部署时重写 web.config 中的值.但这听起来并不是最好的解决方案.还有什么我可以做的吗?

UPD

这是我在 Startup.Auth.cs 中所指的部分:

app.UseOpenIdConnectAuthentication(新的 OpenIdConnectAuthenticationOptions{客户端 ID = 客户端 ID，权威=权威，PostLogoutRedirectUri = postLogoutRedirectUri,//<-- 这是来自 web.config，dev 和 prod 不同通知 = 新 OpenIdConnectAuthenticationNotifications(){.....}});

在

但 AD 仅使用其中一个地址进行重定向，即使客户端指定了与其中一条记录匹配的重定向.

解决方案

您可以向您的应用程序添加多个重定向 uri，这就是该属性实现为列表的原因！您只需要确保指定在运行时使用哪个 URI.您可以通过多种方式执行此操作 - 您可以在中间件初始化时指定返回 URI，或者您可以添加动态代码以在登录消息中注入重定向 URI.有关后一种方法的示例，请参阅 https://github.com/AzureADSamples/WebApp-MultiTenant-OpenIdConnect-DotNet/blob/master/TodoListWebApp/App_Start/Startup.Auth.cs

I'm building an MVC application with Azure Active Directory authentication. When I develop locally I would like to be able to sign-in for testing/development purposes. And the app url is like http://localhost:43400. This is also encoded in the AD application in Sign-On Url and Reply Url.

When I deploy the same app to the server, the app url is changed - becomes something like myappname.azurewebsites.net and I can't login using the same AD application. The best I could manage is to get through login process, but then AD redirects me back to localhost:43400 which is wrong.

There is PostLogoutRedirectUri property in Startup.Auth.cs that I give to the app, but it makes no difference at all.

Any way to have local application and deployed application using the same Azure AD?

I can do 2 AD Applicaitons with different urls and keys and rewrite the values in web.config on deploy. But that does not sound like the best solution. Anything else I can do?

UPD

Here is the bit I'm referring to in Startup.Auth.cs:

app.UseOpenIdConnectAuthentication(
    new OpenIdConnectAuthenticationOptions
    {
        ClientId = clientId,
        Authority = Authority,
        PostLogoutRedirectUri = postLogoutRedirectUri, // <-- this is coming from web.config, different in dev and prod

        Notifications = new OpenIdConnectAuthenticationNotifications()
        {
            .....

        }
    });

See full code listing here.

And in Azure AD application I tried both addresses as a Reply URL at the same time:

But the AD used only one of the addresses to redirect, even though the client specified the redirection that matches one of the records.

解决方案

You can add multiple redirect uri to your app, that's why the property is implemented as a list! You just need to make sure that you specify which URI to use at runtime. You can do that in many ways - you can specify the return URI at middleware init time, or you can add dynamic code that will inject a redirect URI in the sign in message. For an example of the latter approach, please see RedirectToIdentityProvider in https://github.com/AzureADSamples/WebApp-MultiTenant-OpenIdConnect-DotNet/blob/master/TodoListWebApp/App_Start/Startup.Auth.cs

这篇关于使用 Azure Active Directory - 一个在本地和发布时登录的应用程序的文章就介绍到这了，希望我们推荐的答案对大家有所帮助，也希望大家多多支持IT屋！