当使用 Azure Single on 作为 Auth 方法时,我的应用程序在重定向到我的应用程序时陷入无限循环
When using Azure Single sing on as Auth Method my app gets stuck in a Infinite loop when redirecting to my app
我们有一个用 c# 和 Angularjs 构建的 Web 应用程序,并配置为使用 windows 身份验证,最近我删除了 Windows 身份验证并添加了单点登录 (Azure AD),一旦我输入我的凭据并单击日志记录,问题就永远不会将我带到网络应用程序,就像在循环中尝试登录一样,这就是我的日志的样子。
2018-05-10 16:28:05 ::1 POST /传送门 - 443 - ::1 Mozilla/5.0+(Windows+NT+10.0; +Win64;+x64;+rv:59.0)+Gecko/20100101+Firefox/59.0 https://login.microsoftonline.com/f8b6a2d7-0364-40ce-943e-eb02d6c35deb/oauth2/authorize?client_id=359xxxx2-877e-xxx-9538-9e_xxxxxxxxxxxxxxxxxxxx
2018-05-10 16:28:05 ::1 GET /portal - 80 - ::1 Mozilla/5.0+(Windows+NT+10.0;+Win64;+ x64;+rv:59.0)+Gecko/20100101+Firefox/59.0 - 302 0 0 2
2018-05-10 16:28:35 ::1 POST /传送门 - 443 - ::1 Mozilla/5.0+(Windows+NT+10.0; +Win64;+x64;+rv:59.0)+Gecko/20100101+Firefox/59.0 https://login.microsoftonline.com/f8b6axce-943e-eb02dxdeb/oauth2/authx272-877e-4xx4-9538-9e63a5a810d32Exxxxxxx.40306.1x54 302 0 64 29x4
2018-05-10 16:36:15 ::1 GET /portal - 80 - ::1 Mozilla/5.0+(Windows+NT+10.0;+Win64;+ x64)+AppleWebKit/537.36+(KHTML,+like+Gecko)+Chrome/66.0.3359.139+Safari/537.36 - 302 0 0 2
2018-05-10 16:37:36 ::1 POST /传送门 - 443 - ::1 Mozilla/5.0+(Windows+NT+10.0; +Win64;+x64)+AppleWebKit/537.36+(KHTML,+like+Gecko)+Chrome/66.0.3359.139+Safari/537.36 https://login.microsoftonline.com/kmsi 302 0 64 43715
如此不断!
我的StartUp.Auth.cs
public void ConfigureAuth(IAppBuilder app)
{
ApplicationDbContext db = new ApplicationDbContext();
app.SetDefaultSignInAsAuthenticationType(CookieAuthenticationDefaults.AuthenticationType);
app.UseCookieAuthentication(new CookieAuthenticationOptions());
app.UseOpenIdConnectAuthentication(
new OpenIdConnectAuthenticationOptions
{
ClientId = clientId,
Authority = Authority,
PostLogoutRedirectUri = postLogoutRedirectUri,
Notifications = new OpenIdConnectAuthenticationNotifications()
{
// If there is a code in the OpenID Connect response, redeem it for an access token and refresh token, and store those away.
AuthorizationCodeReceived = (context) =>
{
var code = context.Code;
ClientCredential credential = new ClientCredential(clientId, appKey);
string signedInUserID = context.AuthenticationTicket.Identity.FindFirst(ClaimTypes.NameIdentifier).Value;
AuthenticationContext authContext = new AuthenticationContext(Authority, new ADALTokenCache(signedInUserID));
return authContext.AcquireTokenByAuthorizationCodeAsync(
code, new Uri(HttpContext.Current.Request.Url.GetLeftPart(UriPartial.Path)), credential, graphResourceId);
}
}
任何关于这里可能发生的事情的建议
When using Azure Single sing on as Auth Method my app gets stuck in a Infinite loop when redirecting to my app
我建议您检查是否使用 AuthorizeAttribute 显式修饰您的操作方法或控制器,并指定有权访问相关资源的 Roles 或 Users。另外,这里有一个类似的,大家可以参考一下
根据您的代码,您正在使用 ASP.NET OpenID Connect OWIN 中间件从 AAD 租户登录用户。您可以按照有关 Integrate Azure AD into a web application using OpenID Connect 的详细教程与您的代码进行比较以缩小此问题的范围。
此外,您还可以在 AngularJS 应用程序中使用 JavaScript 的 ADAL 在前端获取令牌,然后您的后端只需要验证不记名令牌。您可以关注的详细信息 Call an Azure AD protected Web API in an AngularJS Single Page App.
我们有一个用 c# 和 Angularjs 构建的 Web 应用程序,并配置为使用 windows 身份验证,最近我删除了 Windows 身份验证并添加了单点登录 (Azure AD),一旦我输入我的凭据并单击日志记录,问题就永远不会将我带到网络应用程序,就像在循环中尝试登录一样,这就是我的日志的样子。
2018-05-10 16:28:05 ::1 POST /传送门 - 443 - ::1 Mozilla/5.0+(Windows+NT+10.0; +Win64;+x64;+rv:59.0)+Gecko/20100101+Firefox/59.0 https://login.microsoftonline.com/f8b6a2d7-0364-40ce-943e-eb02d6c35deb/oauth2/authorize?client_id=359xxxx2-877e-xxx-9538-9e_xxxxxxxxxxxxxxxxxxxx
2018-05-10 16:28:05 ::1 GET /portal - 80 - ::1 Mozilla/5.0+(Windows+NT+10.0;+Win64;+ x64;+rv:59.0)+Gecko/20100101+Firefox/59.0 - 302 0 0 2
2018-05-10 16:28:35 ::1 POST /传送门 - 443 - ::1 Mozilla/5.0+(Windows+NT+10.0; +Win64;+x64;+rv:59.0)+Gecko/20100101+Firefox/59.0 https://login.microsoftonline.com/f8b6axce-943e-eb02dxdeb/oauth2/authx272-877e-4xx4-9538-9e63a5a810d32Exxxxxxx.40306.1x54 302 0 64 29x4
2018-05-10 16:36:15 ::1 GET /portal - 80 - ::1 Mozilla/5.0+(Windows+NT+10.0;+Win64;+ x64)+AppleWebKit/537.36+(KHTML,+like+Gecko)+Chrome/66.0.3359.139+Safari/537.36 - 302 0 0 2
2018-05-10 16:37:36 ::1 POST /传送门 - 443 - ::1 Mozilla/5.0+(Windows+NT+10.0; +Win64;+x64)+AppleWebKit/537.36+(KHTML,+like+Gecko)+Chrome/66.0.3359.139+Safari/537.36 https://login.microsoftonline.com/kmsi 302 0 64 43715
如此不断!
我的StartUp.Auth.cs
public void ConfigureAuth(IAppBuilder app)
{
ApplicationDbContext db = new ApplicationDbContext();
app.SetDefaultSignInAsAuthenticationType(CookieAuthenticationDefaults.AuthenticationType);
app.UseCookieAuthentication(new CookieAuthenticationOptions());
app.UseOpenIdConnectAuthentication(
new OpenIdConnectAuthenticationOptions
{
ClientId = clientId,
Authority = Authority,
PostLogoutRedirectUri = postLogoutRedirectUri,
Notifications = new OpenIdConnectAuthenticationNotifications()
{
// If there is a code in the OpenID Connect response, redeem it for an access token and refresh token, and store those away.
AuthorizationCodeReceived = (context) =>
{
var code = context.Code;
ClientCredential credential = new ClientCredential(clientId, appKey);
string signedInUserID = context.AuthenticationTicket.Identity.FindFirst(ClaimTypes.NameIdentifier).Value;
AuthenticationContext authContext = new AuthenticationContext(Authority, new ADALTokenCache(signedInUserID));
return authContext.AcquireTokenByAuthorizationCodeAsync(
code, new Uri(HttpContext.Current.Request.Url.GetLeftPart(UriPartial.Path)), credential, graphResourceId);
}
}
任何关于这里可能发生的事情的建议
When using Azure Single sing on as Auth Method my app gets stuck in a Infinite loop when redirecting to my app
我建议您检查是否使用 AuthorizeAttribute 显式修饰您的操作方法或控制器,并指定有权访问相关资源的 Roles 或 Users。另外,这里有一个类似的
根据您的代码,您正在使用 ASP.NET OpenID Connect OWIN 中间件从 AAD 租户登录用户。您可以按照有关 Integrate Azure AD into a web application using OpenID Connect 的详细教程与您的代码进行比较以缩小此问题的范围。
此外,您还可以在 AngularJS 应用程序中使用 JavaScript 的 ADAL 在前端获取令牌,然后您的后端只需要验证不记名令牌。您可以关注的详细信息 Call an Azure AD protected Web API in an AngularJS Single Page App.