問題描述

我正在嘗試構建一個簡單的 ASP.Net Core 2.2 Web 應用程序，它允許 AzureAD 作為外部提供者".我在 Visual Studio 2019 中執行此操作.

I'm trying to build a simple ASP.Net Core 2.2 web app that allows AzureAD as an "external provider". I'm doing this in Visual Studio 2019.

作為一個超級簡單的演示項目，我首先創建了一個使用 Azure AD 作為登錄提供程序的新項目:

As a super-simple demo project, I started by creating a new project that uses Azure AD as the login provider:

1. 選擇 ASP.NET Core Web 應用程序
2. 選擇 Web 應用程序(模型-視圖-控制器)
3. 將身份驗證更改為工作或學校帳戶".它自動填寫了我的域名(因為我登錄了VS)

這將創建一個 Web 應用程序設置以在所有頁面上強制執行用戶身份驗證.當我運行應用程序時，它會轉到 Azure AD 并在導航到 /home 頁面之前讓我登錄.

This creates a web application set up to enforce user authentication on all pages. When I run the application, it goes to Azure AD and logs me in prior to navigating to the /home page.

回想一下，我說過我想將 Azure AD 添加為外部提供程序.所以我在 Startup.cs 中找到了這一行:

Recall that I said I wanted to add Azure AD as an external provider. So I found this line in Startup.cs:

services.AddAuthentication(AzureADDefaults.AuthenticationScheme)
    .AddAzureAD(options => Configuration.Bind("AzureAd", options));

并且我刪除了默認的身份驗證方案以防止自動登錄，如下所示:

and I removed the default authentication scheme to prevent the auto-login, like this:

services.AddAuthentication()
    .AddAzureAD(options => Configuration.Bind("AzureAd", options));

現在，當我運行該應用程序時，它會導航到 Login 頁面，它會為我提供一個藍色的大按鈕，讓我可以使用 Azure Active Directory 登錄.但是點擊那個按鈕我并沒有登錄.

Now, when I run the app, it navigates to the Login page, and it gives me a big blue button offering to let me log in with Azure Active Directory. But clicking on that button does not log me in.

所以我搭建了身份頁面，并在 ExternalLogin GET 例程處設置了一個斷點.果然，點擊藍色的大按鈕會找到它的方式.單步執行代碼，我看到 對 _signInManager.GetExternalLoginInfoAsync() 的調用返回 null.

So I scaffolded the Identity pages, and I set a breakpoint at the ExternalLogin GET routine. Sure enough, clicking the big blue button finds its way there. Stepping through the code, I see that the call to _signInManager.GetExternalLoginInfoAsync() returns null.

我被困住了.顯然，(未記錄的)配置魔法沒有正確設置某些東西來滿足對 GetExternalLoginInfoAsync 的調用.

I'm stuck. Apparently, the (undocumented) configuration magic doesn't set something up correctly to satisfy the call to GetExternalLoginInfoAsync.

推薦答案

場景是您使用 asp.net 身份和 Azure AD 登錄作為外部身份提供者.

The scenario is you are using asp.net identity with Azure AD login as external identity provider .

您應該將 IdentityConstants.ExternalScheme 設置為 Azure AD 身份驗證的登錄架構，以便您可以通過 _signInManager.GetExternalLoginInfoAsync() 獲取外部用戶信息:p>

You should set IdentityConstants.ExternalScheme as the signin schema of Azure AD authentication , so that you can get the external user information with _signInManager.GetExternalLoginInfoAsync() :

services.AddDbContext<ApplicationDbContext>(options =>
        options.UseSqlServer(
            Configuration.GetConnectionString("DefaultConnection")));
services.AddDefaultIdentity<IdentityUser>()
    .AddDefaultUI(UIFramework.Bootstrap4)
    .AddEntityFrameworkStores<ApplicationDbContext>();

services.AddAuthentication(AzureADDefaults.AuthenticationScheme)
.AddAzureAD(options => Configuration.Bind("AzureAd", options));

services.Configure<OpenIdConnectOptions>(AzureADDefaults.OpenIdScheme, options => {
    options.SignInScheme= IdentityConstants.ExternalScheme;

    //other config
});

然后您可以搭建 asp.net 身份并進行修改以滿足您的要求，在任何頁面觸發外部登錄(ExternalLogin.cshtml.cs 中的OnPost 函數)為默認模板(藍色大按鈕")可以.

Then you can scaffold the asp.net identity and modify to fit your requirement , in any page trigger external login(OnPost function in ExternalLogin.cshtml.cs) as the default template("big blue button") does .

這篇關于Azure AD 作為“外部提供者"?的文章就介紹到這了，希望我們推薦的答案對大家有所幫助，也希望大家多多支持html5模板網！