不允许用户在我的 Azure AD 应用程序多租户中进行身份验证
Not allowed users are authentication in my Azure AD Application Multi Tenant
我的 Azure AD 中配置了两个租户。我的用户在我的租户中成功进行了身份验证,但作为另一个租户的其他用户可以访问我的应用程序。
我的申请有什么问题?我在我的代码中使用 OpenId Connect 协议,例如:
app.UseOpenIdConnectAuthentication(
new OpenIdConnectAuthenticationOptions
{
ClientId = clientId,
Authority = authority,
TokenValidationParameters = new System.IdentityModel.Tokens.TokenValidationParameters
{
ValidateIssuer = false,
},
Notifications = new OpenIdConnectAuthenticationNotifications()
{
SecurityTokenValidated = (context) =>
{
return Task.FromResult(0);
},
AuthenticationFailed = (context) =>
{
context.HandleResponse();
return Task.FromResult(0);
}
}
});
我的 Azure 设置有误吗?
有人帮帮我吗?
谢谢,
比莱拉
I have two tenants configured in my Azure AD.
租户对应Azure Active Directory。因此,当有两个租户时,这意味着您有两个不同的 Azure Active Directory。(有关详细概念,请参阅 here)
要启用多租户应用程序,我们需要从 old Azure portal 启用它并找到您的应用程序。然后就可以参考下图进行设置了:
更新(限制特定租户访问多租户应用)
app.UseOpenIdConnectAuthentication(
new OpenIdConnectAuthenticationOptions
{
ClientId = ClientId,
Authority = Authority,
TokenValidationParameters = new System.IdentityModel.Tokens.TokenValidationParameters
{
// instead of using the default validation (validating against a single issuer value, as we do in line of business apps),
// we inject our own multitenant validation logic
ValidateIssuer = false,
},
Notifications = new OpenIdConnectAuthenticationNotifications()
{
// we use this notification for injecting our custom logic
SecurityTokenValidated = (context) =>
{
// retriever caller data from the incoming principal
string issuer = context.AuthenticationTicket.Identity.FindFirst("iss").Value;
var issuer1 = "";
var issuer2 = "";
if ((issuer!=issuer1)&& (issuer != issuer2))
// the caller was neither from a trusted issuer - throw to block the authentication flow
throw new SecurityTokenValidationException();
return Task.FromResult(0);
}
}
});
我的 Azure AD 中配置了两个租户。我的用户在我的租户中成功进行了身份验证,但作为另一个租户的其他用户可以访问我的应用程序。
我的申请有什么问题?我在我的代码中使用 OpenId Connect 协议,例如:
app.UseOpenIdConnectAuthentication(
new OpenIdConnectAuthenticationOptions
{
ClientId = clientId,
Authority = authority,
TokenValidationParameters = new System.IdentityModel.Tokens.TokenValidationParameters
{
ValidateIssuer = false,
},
Notifications = new OpenIdConnectAuthenticationNotifications()
{
SecurityTokenValidated = (context) =>
{
return Task.FromResult(0);
},
AuthenticationFailed = (context) =>
{
context.HandleResponse();
return Task.FromResult(0);
}
}
});
我的 Azure 设置有误吗?
有人帮帮我吗?
谢谢,
比莱拉
I have two tenants configured in my Azure AD.
租户对应Azure Active Directory。因此,当有两个租户时,这意味着您有两个不同的 Azure Active Directory。(有关详细概念,请参阅 here)
要启用多租户应用程序,我们需要从 old Azure portal 启用它并找到您的应用程序。然后就可以参考下图进行设置了:
更新(限制特定租户访问多租户应用)
app.UseOpenIdConnectAuthentication(
new OpenIdConnectAuthenticationOptions
{
ClientId = ClientId,
Authority = Authority,
TokenValidationParameters = new System.IdentityModel.Tokens.TokenValidationParameters
{
// instead of using the default validation (validating against a single issuer value, as we do in line of business apps),
// we inject our own multitenant validation logic
ValidateIssuer = false,
},
Notifications = new OpenIdConnectAuthenticationNotifications()
{
// we use this notification for injecting our custom logic
SecurityTokenValidated = (context) =>
{
// retriever caller data from the incoming principal
string issuer = context.AuthenticationTicket.Identity.FindFirst("iss").Value;
var issuer1 = "";
var issuer2 = "";
if ((issuer!=issuer1)&& (issuer != issuer2))
// the caller was neither from a trusted issuer - throw to block the authentication flow
throw new SecurityTokenValidationException();
return Task.FromResult(0);
}
}
});