Azure AD B2C - 多个子域
Azure AD B2C - Multiple sub domains
我可以设置 Azure Active Directory B2C 以使用多个子域吗?
这是我到目前为止所做的:
- 设置一个B2C目录
- 创建了一个 Web 应用程序:mytest.com - 此应用程序中的身份验证和授权工作正常。
- 我创建了另一个应用程序:子域。mytest.com - 它使用相同的 Azure B2C 活动目录
现在,我想要的是:当我登录 "mytest.com" 时也登录 "subdomain.mytest.com"
这可能吗?
我的应用程序是 ASP.NET 个使用 OpenId Connect 的 MVC 应用程序
如果需要,我可以提供更详细的信息。
谢谢
只要两个应用程序共享同一个租户。单点登录在租户级别默认启用,适用于租户中定义的所有应用程序对象。
使它起作用的行:
app.UseCookieAuthentication(new CookieAuthenticationOptions() { CookieDomain = ".mytest.com" });
我读这篇文章时想通了:https://auth0.com/blog/2014/01/27/ten-things-you-should-know-about-tokens-and-cookies/(第 3 节)
public void ConfigureAuth(IAppBuilder app)
{
app.SetDefaultSignInAsAuthenticationType(CookieAuthenticationDefaults.AuthenticationType);
app.UseCookieAuthentication(new CookieAuthenticationOptions() { CookieDomain = ".mytest.com"});
var options = new OpenIdConnectAuthenticationOptions
{
ClientId = clientIdb2c,
RedirectUri = redirectUri,
PostLogoutRedirectUri = redirectUri,
Notifications = new OpenIdConnectAuthenticationNotifications()
{
MessageReceived = (context) =>
{
//AADB2C90091: The user has cancelled entering self-asserted information.
if (!string.IsNullOrEmpty(context.ProtocolMessage.ErrorDescription) && !context.ProtocolMessage.ErrorDescription.StartsWith("AADB2C90091:", StringComparison.OrdinalIgnoreCase))
{
if (context.ProtocolMessage.ErrorDescription.StartsWith("AADB2C99002", StringComparison.OrdinalIgnoreCase))
{
throw new SecurityTokenValidationException("User does not exist. Please sign up before you can sign in.");
}
}
return Task.FromResult(0);
},
RedirectToIdentityProvider = OnRedirectToIdentityProvider,
AuthenticationFailed = AuthenticationFailed,
SecurityTokenValidated = (context) =>
{
//Create the logic to redirect here.
context.AuthenticationTicket.Properties.RedirectUri = "https://sub1.mytest.com";
return Task.FromResult(0);
}
},
Scope = "openid offline_access",
ResponseType = "id_token",
// The PolicyConfigurationManager takes care of getting the correct Azure AD authentication
// endpoints from the OpenID Connect metadata endpoint. It is included in the PolicyAuthHelpers folder.
ConfigurationManager = new PolicyConfigurationManager(
String.Format(CultureInfo.InvariantCulture, aadInstance, tenant, "/v2.0", OIDCMetadataSuffix),
new string[] { SignUpPolicyId, SignInPolicyId, ProfilePolicyId }),
};
app.UseOpenIdConnectAuthentication(options);
}
我可以设置 Azure Active Directory B2C 以使用多个子域吗? 这是我到目前为止所做的:
- 设置一个B2C目录
- 创建了一个 Web 应用程序:mytest.com - 此应用程序中的身份验证和授权工作正常。
- 我创建了另一个应用程序:子域。mytest.com - 它使用相同的 Azure B2C 活动目录
现在,我想要的是:当我登录 "mytest.com" 时也登录 "subdomain.mytest.com"
这可能吗?
我的应用程序是 ASP.NET 个使用 OpenId Connect 的 MVC 应用程序 如果需要,我可以提供更详细的信息。
谢谢
只要两个应用程序共享同一个租户。单点登录在租户级别默认启用,适用于租户中定义的所有应用程序对象。
使它起作用的行:
app.UseCookieAuthentication(new CookieAuthenticationOptions() { CookieDomain = ".mytest.com" });
我读这篇文章时想通了:https://auth0.com/blog/2014/01/27/ten-things-you-should-know-about-tokens-and-cookies/(第 3 节)
public void ConfigureAuth(IAppBuilder app)
{
app.SetDefaultSignInAsAuthenticationType(CookieAuthenticationDefaults.AuthenticationType);
app.UseCookieAuthentication(new CookieAuthenticationOptions() { CookieDomain = ".mytest.com"});
var options = new OpenIdConnectAuthenticationOptions
{
ClientId = clientIdb2c,
RedirectUri = redirectUri,
PostLogoutRedirectUri = redirectUri,
Notifications = new OpenIdConnectAuthenticationNotifications()
{
MessageReceived = (context) =>
{
//AADB2C90091: The user has cancelled entering self-asserted information.
if (!string.IsNullOrEmpty(context.ProtocolMessage.ErrorDescription) && !context.ProtocolMessage.ErrorDescription.StartsWith("AADB2C90091:", StringComparison.OrdinalIgnoreCase))
{
if (context.ProtocolMessage.ErrorDescription.StartsWith("AADB2C99002", StringComparison.OrdinalIgnoreCase))
{
throw new SecurityTokenValidationException("User does not exist. Please sign up before you can sign in.");
}
}
return Task.FromResult(0);
},
RedirectToIdentityProvider = OnRedirectToIdentityProvider,
AuthenticationFailed = AuthenticationFailed,
SecurityTokenValidated = (context) =>
{
//Create the logic to redirect here.
context.AuthenticationTicket.Properties.RedirectUri = "https://sub1.mytest.com";
return Task.FromResult(0);
}
},
Scope = "openid offline_access",
ResponseType = "id_token",
// The PolicyConfigurationManager takes care of getting the correct Azure AD authentication
// endpoints from the OpenID Connect metadata endpoint. It is included in the PolicyAuthHelpers folder.
ConfigurationManager = new PolicyConfigurationManager(
String.Format(CultureInfo.InvariantCulture, aadInstance, tenant, "/v2.0", OIDCMetadataSuffix),
new string[] { SignUpPolicyId, SignInPolicyId, ProfilePolicyId }),
};
app.UseOpenIdConnectAuthentication(options);
}