Active Directory redirect_uri 显示 IP 而不是 DNS 名称。如何在使用 Azure AD 进行身份验证时在代码中提供绝对 CallbackPath?
Active Directory redirect_uri shows IP instead of DNS name. How to provide absolute CallbackPath in code while authenticating with Azure AD?
appSettings.json:
"CallbackPath": "/platform/signin-oidc",
这是我部署后得到的:
我认为它显示了部署代码的 Kubernetes IP。该应用程序使用 Azure 前门来路由请求(以防万一)。我该如何解决?我可以传递 DNS 名称吗?完整的回调路径而不是相对路径?
我找到了一个类似的 post
但不幸的是,OP post 编辑的答案中没有足够的细节。
startup.cs
public void ConfigureServices(IServiceCollection services)
{
services.AddCors(options =>
{
options.AddPolicy("CorsPolicy",
builder => builder.AllowAnyOrigin()
.AllowAnyMethod()
.AllowAnyHeader());
});
services.Configure<OpenIdConnectOptions>(OpenIdConnectDefaults.AuthenticationScheme, options =>
{
options.Events.OnRedirectToIdentityProviderForSignOut = async context =>
{
Console.WriteLine("intercepted");
};
});
var azureAd = new AzureAd();
Configuration.GetSection("AzureAd").Bind(azureAd);
services.AddControllersWithViews();
services.AddAuthentication(options =>
{
options.DefaultScheme = CookieAuthenticationDefaults.AuthenticationScheme;
options.DefaultChallengeScheme = OpenIdConnectDefaults.AuthenticationScheme;
})
.AddCookie(CookieAuthenticationDefaults.AuthenticationScheme, o =>
{
o.Cookie.SameSite = Microsoft.AspNetCore.Http.SameSiteMode.None;
})
.AddOpenIdConnect(OpenIdConnectDefaults.AuthenticationScheme, options =>
{
options.SignInScheme = CookieAuthenticationDefaults.AuthenticationScheme;
options.Authority = $"https://login.microsoftonline.com/{azureAd.TenantId}";
options.ClientId = azureAd.ClientId;
options.ResponseType = OpenIdConnectResponseType.Code;
options.ResponseType = OpenIdConnectResponseType.IdToken;
options.SaveTokens = true;
options.Scope.Add("profile");
options.Scope.Add("openid");
options.Scope.Add("offline_access");
options.ClientSecret = azureAd.ClientSecret;
options.CallbackPath = azureAd.CallbackPath; // POINT OF INTEREST
});
}
您可以在重定向到 IdP 之前覆盖重定向 uri:
options.Events.OnRedirectToIdentityProvider = (context) =>
{
context.ProtocolMessage.RedirectUri = "full redirect url with front door domain";
return Task.FromResult(0);
};
appSettings.json:
"CallbackPath": "/platform/signin-oidc",
这是我部署后得到的:
我认为它显示了部署代码的 Kubernetes IP。该应用程序使用 Azure 前门来路由请求(以防万一)。我该如何解决?我可以传递 DNS 名称吗?完整的回调路径而不是相对路径?
我找到了一个类似的 post
但不幸的是,OP post 编辑的答案中没有足够的细节。
startup.cs
public void ConfigureServices(IServiceCollection services)
{
services.AddCors(options =>
{
options.AddPolicy("CorsPolicy",
builder => builder.AllowAnyOrigin()
.AllowAnyMethod()
.AllowAnyHeader());
});
services.Configure<OpenIdConnectOptions>(OpenIdConnectDefaults.AuthenticationScheme, options =>
{
options.Events.OnRedirectToIdentityProviderForSignOut = async context =>
{
Console.WriteLine("intercepted");
};
});
var azureAd = new AzureAd();
Configuration.GetSection("AzureAd").Bind(azureAd);
services.AddControllersWithViews();
services.AddAuthentication(options =>
{
options.DefaultScheme = CookieAuthenticationDefaults.AuthenticationScheme;
options.DefaultChallengeScheme = OpenIdConnectDefaults.AuthenticationScheme;
})
.AddCookie(CookieAuthenticationDefaults.AuthenticationScheme, o =>
{
o.Cookie.SameSite = Microsoft.AspNetCore.Http.SameSiteMode.None;
})
.AddOpenIdConnect(OpenIdConnectDefaults.AuthenticationScheme, options =>
{
options.SignInScheme = CookieAuthenticationDefaults.AuthenticationScheme;
options.Authority = $"https://login.microsoftonline.com/{azureAd.TenantId}";
options.ClientId = azureAd.ClientId;
options.ResponseType = OpenIdConnectResponseType.Code;
options.ResponseType = OpenIdConnectResponseType.IdToken;
options.SaveTokens = true;
options.Scope.Add("profile");
options.Scope.Add("openid");
options.Scope.Add("offline_access");
options.ClientSecret = azureAd.ClientSecret;
options.CallbackPath = azureAd.CallbackPath; // POINT OF INTEREST
});
}
您可以在重定向到 IdP 之前覆盖重定向 uri:
options.Events.OnRedirectToIdentityProvider = (context) =>
{
context.ProtocolMessage.RedirectUri = "full redirect url with front door domain";
return Task.FromResult(0);
};