如何禁用路径的应用服务身份验证?
How to disable App Service authentication for a path?
我启用了identity federation V2 for an App Service that hosts a single page app. This works fine but now I need to disable it again for routes that start with /.well-known/ because that's where I store files that don't require authentication, e.g. apple-app-site-associations。
在以前的版本中,我能够将 authorization.json 文件上传到我的应用服务以禁用对此路径的身份验证,但这不再有效?
{
"routes": [
{
"path_prefix": "/",
"policies": {
"unauthenticated_action": "RedirectToLoginPage"
}
},
{
"path_prefix": "/.well-known/",
"policies": {
"unauthenticated_action": "AllowAnonymous"
}
}
]
}
我仍然不确定为什么配置路径排除的旧方法停止工作,但我想出了如何使用 V2 配置来完成它。
首先按照此处的说明迁移到基于文件的配置:https://docs.microsoft.com/en-us/azure/app-service/configure-authentication-file-based#enabling-file-based-configuration
简而言之,将所有配置从 Microsoft.Web/sites/<siteName>/config/authsettingsV2 复制到 wwwroot 文件夹中的文件,例如wwwroot/auth.json。可以通过 HTTP 访问此文件,因此请按照记录从配置中删除机密。将 platform.configFilePath 设置为 auth.json 并重新启动应用程序服务。
一旦您确认一切仍适用于基于文件的配置,您可以将路径排除项添加到配置文件。
{
"platform": {
"enabled": true
},
"globalValidation": {
...
"excludedPaths": [
"/.well-known/apple-app-site-association",
"/.well-known/assetlinks.json"
]
},
...
}
再重新启动一次应用服务以使更改生效。
我启用了identity federation V2 for an App Service that hosts a single page app. This works fine but now I need to disable it again for routes that start with /.well-known/ because that's where I store files that don't require authentication, e.g. apple-app-site-associations。
在以前的版本中,我能够将 authorization.json 文件上传到我的应用服务以禁用对此路径的身份验证,但这不再有效?
{
"routes": [
{
"path_prefix": "/",
"policies": {
"unauthenticated_action": "RedirectToLoginPage"
}
},
{
"path_prefix": "/.well-known/",
"policies": {
"unauthenticated_action": "AllowAnonymous"
}
}
]
}
我仍然不确定为什么配置路径排除的旧方法停止工作,但我想出了如何使用 V2 配置来完成它。
首先按照此处的说明迁移到基于文件的配置:https://docs.microsoft.com/en-us/azure/app-service/configure-authentication-file-based#enabling-file-based-configuration
简而言之,将所有配置从 Microsoft.Web/sites/<siteName>/config/authsettingsV2 复制到 wwwroot 文件夹中的文件,例如wwwroot/auth.json。可以通过 HTTP 访问此文件,因此请按照记录从配置中删除机密。将 platform.configFilePath 设置为 auth.json 并重新启动应用程序服务。
一旦您确认一切仍适用于基于文件的配置,您可以将路径排除项添加到配置文件。
{
"platform": {
"enabled": true
},
"globalValidation": {
...
"excludedPaths": [
"/.well-known/apple-app-site-association",
"/.well-known/assetlinks.json"
]
},
...
}
再重新启动一次应用服务以使更改生效。