Azure的Active Directory的回复URL未按预期 [英] Azure Active Directory Reply URL not working as expected

问题描述

我在Azure中的Active Directory站点配置回复URL指定两个URL。一个重定向到我的本地环境，当我运行的本地code和一个重定向到我的Azure托管网站，当我运行督促网站。但是天青活动目录似乎被忽略的设置。它仅使用一个或另一个网址，但不能同时使用。只见描述问题和可能的解决方案的链接，但它没有为我工作。这个链接是：

I have specified two URLs in my Azure Active Directory website configuration Reply URL. One to redirect to my localhost environment when I am running local code and one to redirect to my Azure hosted website when I am running the prod website. But Azure Active directory seems to be ignoring the setting. It only uses one or the other URL but not both. I saw a link describing the problem and a possible solution but it didn't work for me. The link is:

<一个href=\"http://samritchie.net/2013/07/17/azure-ad-single-sign-on-with-multiple-environments-reply-urls/\">http://samritchie.net/2013/07/17/azure-ad-single-sign-on-with-multiple-environments-reply-urls/

我如何设置的Azure Active Directory来重定向到相应的环境？

How do I setup Azure Active Directory to redirect to appropriate environment?

推荐答案

您没有提供细节你实现，但这里是任何情况下的解决方案。

You are not providing details about your implementation, but here is a solution for any case.

您可以使用WIF的配置 - 这完全是在你的web.cofing配置，或者你可以使用OWIN，其中配置在Config.Auth.cs文件。在无论哪种方式，天青AD的STS将只使用默认的答复URI，无论哪里的电话的来源。你必须明确地设置ReplyUrl指示Azure的AD返回用户回的注册回复的网址之一。

You could be using WIF config - which is entirely configuration in your web.cofing, or you could be using OWIN, where configuration is in your Config.Auth.cs file. In either way, the STS of Azure AD will only use the default reply URI, regardless of where the calls are coming from. You have to explicitly set ReplyUrl to instruct the Azure AD to return the user back to one of the registered reply URLs.

WIF解决方案

当您使用WIF，您的网络配置包含以下部分：

When you use WIF, your web config contains following section:

  <system.identityModel.services>
    <federationConfiguration>
      <cookieHandler requireSsl="true" />
      <wsFederation passiveRedirectEnabled="true" 
                    issuer="https://login.windows.net/yourtenant.com/wsfed" 
                    realm="https://yourtenant.com/WebSingleTenant" 
                    requireHttps="true" />
    </federationConfiguration>
  </system.identityModel.services>

这是一个有点incomplere！您可以添加回复到 wsFederation 标签来指导新的回复URL在Azure AD：

which is a bit incomplere! You can add a reply to the wsFederation tag to instruct the Azure AD for the new reply URL:

  <wsFederation passiveRedirectEnabled="true" 
                issuer="https://login.windows.net/yourtenant.com/wsfed" 
                realm="https://yourtenant.com/WebSingleTenant" 
                reply="http://any_registered_url/"
                requireHttps="true" />

请注意，在这里你可以只使用一个的注册回复的网址。

Note that here you can only use a registered reply URLs.

要修改的答复属性你可以放心地使用web.config文件转换为你们的一切其他部署特定的应用程序设置和连接字符串。

To modify reply attribute you can safely use web.config transformations as you do for all your other deployment specific app settings and connection string.

OWIN解决方案

当您使用OWIN，你将有 Startup.Auth.cs 文件，或者您的身份验证配置将直接进入你的 Startup.cs 文件。它看起来像下面这样：

When you use OWIN, you would have Startup.Auth.cs file, or your authentication configuration will be directly into your Startup.cs file. It would look something like the following:

    public void ConfigureAuth(IAppBuilder app)
    {
        app.SetDefaultSignInAsAuthenticationType(CookieAuthenticationDefaults.
            AuthenticationType);

        app.UseCookieAuthentication(new CookieAuthenticationOptions());

        app.UseOpenIdConnectAuthentication(
            new OpenIdConnectAuthenticationOptions
            {
                ClientId = clientId,
                Authority = authority,
                PostLogoutRedirectUri = postLogoutRedirectUri
            });
    }

请注意为OpenIdConnect认证的配置设置。您可以添加 RedirectUri 属性来指示在何处的用户重定向：

Note the configuration settings for OpenIdConnect authentication. You can add a RedirectUri property to instruct where to redirect the user to:

        app.UseOpenIdConnectAuthentication(
            new OpenIdConnectAuthenticationOptions
            {
                ClientId = clientId,
                Authority = authority,
                PostLogoutRedirectUri = postLogoutRedirectUri,
                RedirectUri = "any_registered_redirect_uri"
            });

您可以指定RedirectUri在Web.config文件中的设置，这也将可以处理使用的Web.Config变换。

You can assign RedirectUri to a setting in Web.Config file, which also will you can handle using Web.Config transformations.

这篇关于Azure的Active Directory的回复URL未按预期的文章就介绍到这了，希望我们推荐的答案对大家有所帮助，也希望大家多多支持IT屋！