問題描述

我正在使用 Azure Active Directory 身份驗(yàn)證構(gòu)建 MVC 應(yīng)用程序.當(dāng)我在本地開發(fā)時(shí)，我希望能夠登錄以進(jìn)行測試/開發(fā).應(yīng)用 url 類似于 http://localhost:43400.這也在 Sign-On Url 和 Reply Url 中的 AD 應(yīng)用程序中進(jìn)行了編碼.

當(dāng)我將同一個(gè)應(yīng)用程序部署到服務(wù)器時(shí)，應(yīng)用程序 url 發(fā)生了變化 - 變成類似于 myappname.azurewebsites.net 的東西，我無法使用同一個(gè) AD 應(yīng)用程序登錄.我能做到的最好的辦法是通過登錄過程，但隨后 AD 將我重定向回 localhost:43400 這是錯(cuò)誤的.

Startup.Auth.cs 中有 PostLogoutRedirectUri 屬性，我提供給應(yīng)用程序，但它根本沒有區(qū)別.

有什么方法可以讓本地應(yīng)用程序和部署的應(yīng)用程序使用同一個(gè) Azure AD?

我可以使用不同的 url 和鍵執(zhí)行 2 個(gè) AD 應(yīng)用程序，并在部署時(shí)重寫 web.config 中的值.但這聽起來不是最好的解決方案.我還能做什么?

UPD

這是我在 Startup.Auth.cs 中所指的位:

app.UseOpenIdConnectAuthentication(新的 OpenIdConnectAuthenticationOptions{客戶 ID = 客戶 ID，權(quán)威=權(quán)威，PostLogoutRedirectUri = postLogoutRedirectUri,//<-- 這是來自 web.config，在 dev 和 prod 中不同通知 = 新 OpenIdConnectAuthenticationNotifications(){......}});

查看完整的代碼清單

但 AD 僅使用其中一個(gè)地址進(jìn)行重定向，即使客戶端指定了與其中一個(gè)記錄匹配的重定向.

您可以向您的應(yīng)用添加多個(gè)重定向 uri，這就是該屬性被實(shí)現(xiàn)為列表的原因！您只需要確保指定在運(yùn)行時(shí)使用哪個(gè) URI.您可以通過多種方式做到這一點(diǎn) - 您可以在中間件初始化時(shí)指定返回 URI，或者您可以添加將在登錄消息中注入重定向 URI 的動(dòng)態(tài)代碼.有關(guān)后一種方法的示例，請參閱 https://github.com/AzureADSamples/WebApp-MultiTenant-OpenIdConnect-DotNet/blob/master/TodoListWebApp/App_Start/Startup.Auth.cs

I'm building an MVC application with Azure Active Directory authentication. When I develop locally I would like to be able to sign-in for testing/development purposes. And the app url is like http://localhost:43400. This is also encoded in the AD application in Sign-On Url and Reply Url.

When I deploy the same app to the server, the app url is changed - becomes something like myappname.azurewebsites.net and I can't login using the same AD application. The best I could manage is to get through login process, but then AD redirects me back to localhost:43400 which is wrong.

There is PostLogoutRedirectUri property in Startup.Auth.cs that I give to the app, but it makes no difference at all.

Any way to have local application and deployed application using the same Azure AD?

I can do 2 AD Applicaitons with different urls and keys and rewrite the values in web.config on deploy. But that does not sound like the best solution. Anything else I can do?

UPD

Here is the bit I'm referring to in Startup.Auth.cs:

app.UseOpenIdConnectAuthentication(
    new OpenIdConnectAuthenticationOptions
    {
        ClientId = clientId,
        Authority = Authority,
        PostLogoutRedirectUri = postLogoutRedirectUri, // <-- this is coming from web.config, different in dev and prod

        Notifications = new OpenIdConnectAuthenticationNotifications()
        {
            .....

        }
    });

See full code listing here.

And in Azure AD application I tried both addresses as a Reply URL at the same time:

But the AD used only one of the addresses to redirect, even though the client specified the redirection that matches one of the records.

You can add multiple redirect uri to your app, that's why the property is implemented as a list! You just need to make sure that you specify which URI to use at runtime. You can do that in many ways - you can specify the return URI at middleware init time, or you can add dynamic code that will inject a redirect URI in the sign in message. For an example of the latter approach, please see RedirectToIdentityProvider in https://github.com/AzureADSamples/WebApp-MultiTenant-OpenIdConnect-DotNet/blob/master/TodoListWebApp/App_Start/Startup.Auth.cs

這篇關(guān)于使用 Azure Active Directory - 一個(gè)應(yīng)用程序在本地登錄并在發(fā)布時(shí)登錄的文章就介紹到這了，希望我們推薦的答案對大家有所幫助，也希望大家多多支持html5模板網(wǎng)！