Azure AD 未在 .NET Core 3.1 中进行身份验证
Azure AD Not Authenticating in .NET Core 3.1
我正在尝试让 Azure AD 在现有应用程序中运行。我按照说明查看了 Microsoft 网站 (https://docs.microsoft.com/en-us/azure/active-directory/develop/quickstart-v2-aspnet-core-webapp) 中的示例代码,但没有成功。示例代码使用 .NET Core 2.1。我可以让它与 .NET Core 2.1 一起使用,但 3.1 因几个原因而变得不合适。
- 与示例代码相比,需要将 EnableEndpointRouting 设置为 false。
- 与示例代码相比,我尝试删除 AddMvc 上的 set compatibilityversion 并尝试将其设置为 3.0。
当我 运行 它在 .NET Core 3.1 中时,它所做的只是加载页面,从不调用 out/perform 身份验证,并且表现得好像控制器上没有授权标签。
我在控制器的 class 级别上有一个授权标签。
Startup.cs:
...
services.Configure<CookiePolicyOptions>(options =>
{
options.CheckConsentNeeded = context => true;
options.MinimumSameSitePolicy = SameSiteMode.None;
});
services.AddAuthentication(AzureADDefaults.AuthenticationScheme)
.AddAzureAD(options => Configuration.Bind("AzureAd", options));
services.Configure<OpenIdConnectOptions>(AzureADDefaults.OpenIdScheme, options =>
{
options.Authority = options.Authority + "/v2.0/";
options.TokenValidationParameters.ValidateIssuer = false;
});
services.AddMvc(options =>
{
var policy = new AuthorizationPolicyBuilder()
.RequireAuthenticatedUser()
.Build();
options.Filters.Add(new AuthorizeFilter(policy));
options.EnableEndpointRouting = false;
});
然后在下面的Configure函数中:
...
app.UseHttpsRedirection();
app.UseStaticFiles();
app.UseCookiePolicy();
app.UseAuthentication();
app.UseMvc(routes =>
{
routes.MapRoute(
name: "default",
template: "{controller=Home}/{action=Index}/{id?}");
});
然后在我的 appsettings.json 我有:
{
"AzureAd": {
"Instance": "https://login.microsoftonline.com/",
"Domain": "domain.onmicrosoft.com",
"TenantId": "guid",
"ClientId": "guid",
"CallbackPath": "/signin-oidc"
},
...
我的问题是,为什么将请求视为没有身份验证?我也试过使用 UseAuthentication 下面的 UseAuthorization。
谢谢!
根据我的测试,如果你想为.net core 3.1 web app配置Azure AD,请参考以下步骤
配置应用程序
一个。安装 SDK Microsoft.AspNetCore.Authentication.AzureAD.UI
<Project Sdk="Microsoft.NET.Sdk.Web">
<PropertyGroup>
<TargetFramework>netcoreapp3.1</TargetFramework>
</PropertyGroup>
<ItemGroup>
<PackageReference Include="Microsoft.AspNetCore.Authentication.AzureAD.UI" Version="3.1.1" />
</ItemGroup>
</Project>
b。更新 appsettings.json
"AzureAd": {
"Instance": "https://login.microsoftonline.com/",
"Domain": "domain.onmicrosoft.com",
"TenantId": "guid",
"ClientId": "guid",
"CallbackPath": "/signin-oidc"
},
...
c。更新 startup.cs
在ConfigureServices函数中添加如下代码
public void ConfigureServices(IServiceCollection services)
{
services.Configure<CookiePolicyOptions>(options =>
{
options.CheckConsentNeeded = context => true;
options.MinimumSameSitePolicy = SameSiteMode.Unspecified;
});
services.AddAuthentication(AzureADDefaults.AuthenticationScheme)
.AddAzureAD(options => Configuration.Bind("AzureAd", options));
services.Configure<OpenIdConnectOptions>(AzureADDefaults.OpenIdScheme, options =>
{
options.Authority = options.Authority + "/v2.0/";
options.TokenValidationParameters.ValidateIssuer = false;
});
services.AddControllersWithViews(options =>
{
var policy = new AuthorizationPolicyBuilder()
.RequireAuthenticatedUser()
.Build();
options.Filters.Add(new AuthorizeFilter(policy));
});
services.AddRazorPages();
}
在Configure函数中添加如下代码
public void Configure(IApplicationBuilder app, IWebHostEnvironment env)
{
...
app.UseHttpsRedirection();
app.UseStaticFiles();
app.UseRouting();
app.UseCookiePolicy();
app.UseAuthentication();
app.UseAuthorization();
app.UseEndpoints(endpoints =>
{
endpoints.MapControllerRoute(
name: "default",
pattern: "{controller=Home}/{action=Index}/{id?}");
});
}
详情请参考sample
我正在尝试让 Azure AD 在现有应用程序中运行。我按照说明查看了 Microsoft 网站 (https://docs.microsoft.com/en-us/azure/active-directory/develop/quickstart-v2-aspnet-core-webapp) 中的示例代码,但没有成功。示例代码使用 .NET Core 2.1。我可以让它与 .NET Core 2.1 一起使用,但 3.1 因几个原因而变得不合适。
- 与示例代码相比,需要将 EnableEndpointRouting 设置为 false。
- 与示例代码相比,我尝试删除 AddMvc 上的 set compatibilityversion 并尝试将其设置为 3.0。
当我 运行 它在 .NET Core 3.1 中时,它所做的只是加载页面,从不调用 out/perform 身份验证,并且表现得好像控制器上没有授权标签。
我在控制器的 class 级别上有一个授权标签。
Startup.cs:
...
services.Configure<CookiePolicyOptions>(options =>
{
options.CheckConsentNeeded = context => true;
options.MinimumSameSitePolicy = SameSiteMode.None;
});
services.AddAuthentication(AzureADDefaults.AuthenticationScheme)
.AddAzureAD(options => Configuration.Bind("AzureAd", options));
services.Configure<OpenIdConnectOptions>(AzureADDefaults.OpenIdScheme, options =>
{
options.Authority = options.Authority + "/v2.0/";
options.TokenValidationParameters.ValidateIssuer = false;
});
services.AddMvc(options =>
{
var policy = new AuthorizationPolicyBuilder()
.RequireAuthenticatedUser()
.Build();
options.Filters.Add(new AuthorizeFilter(policy));
options.EnableEndpointRouting = false;
});
然后在下面的Configure函数中:
...
app.UseHttpsRedirection();
app.UseStaticFiles();
app.UseCookiePolicy();
app.UseAuthentication();
app.UseMvc(routes =>
{
routes.MapRoute(
name: "default",
template: "{controller=Home}/{action=Index}/{id?}");
});
然后在我的 appsettings.json 我有:
{
"AzureAd": {
"Instance": "https://login.microsoftonline.com/",
"Domain": "domain.onmicrosoft.com",
"TenantId": "guid",
"ClientId": "guid",
"CallbackPath": "/signin-oidc"
},
...
我的问题是,为什么将请求视为没有身份验证?我也试过使用 UseAuthentication 下面的 UseAuthorization。
谢谢!
根据我的测试,如果你想为.net core 3.1 web app配置Azure AD,请参考以下步骤
配置应用程序
一个。安装 SDK
Microsoft.AspNetCore.Authentication.AzureAD.UI
<Project Sdk="Microsoft.NET.Sdk.Web">
<PropertyGroup>
<TargetFramework>netcoreapp3.1</TargetFramework>
</PropertyGroup>
<ItemGroup>
<PackageReference Include="Microsoft.AspNetCore.Authentication.AzureAD.UI" Version="3.1.1" />
</ItemGroup>
</Project>
b。更新 appsettings.json
"AzureAd": {
"Instance": "https://login.microsoftonline.com/",
"Domain": "domain.onmicrosoft.com",
"TenantId": "guid",
"ClientId": "guid",
"CallbackPath": "/signin-oidc"
},
...
c。更新 startup.cs
在
ConfigureServices函数中添加如下代码public void ConfigureServices(IServiceCollection services) { services.Configure<CookiePolicyOptions>(options => { options.CheckConsentNeeded = context => true; options.MinimumSameSitePolicy = SameSiteMode.Unspecified; }); services.AddAuthentication(AzureADDefaults.AuthenticationScheme) .AddAzureAD(options => Configuration.Bind("AzureAd", options)); services.Configure<OpenIdConnectOptions>(AzureADDefaults.OpenIdScheme, options => { options.Authority = options.Authority + "/v2.0/"; options.TokenValidationParameters.ValidateIssuer = false; }); services.AddControllersWithViews(options => { var policy = new AuthorizationPolicyBuilder() .RequireAuthenticatedUser() .Build(); options.Filters.Add(new AuthorizeFilter(policy)); }); services.AddRazorPages(); }在
Configure函数中添加如下代码
public void Configure(IApplicationBuilder app, IWebHostEnvironment env)
{
...
app.UseHttpsRedirection();
app.UseStaticFiles();
app.UseRouting();
app.UseCookiePolicy();
app.UseAuthentication();
app.UseAuthorization();
app.UseEndpoints(endpoints =>
{
endpoints.MapControllerRoute(
name: "default",
pattern: "{controller=Home}/{action=Index}/{id?}");
});
}
详情请参考sample