問(wèn)題描述
我正在嘗試構(gòu)建一個(gè)簡(jiǎn)單的 ASP.Net Core 2.2 Web 應(yīng)用程序,它允許 AzureAD 作為外部提供者".我在 Visual Studio 2019 中執(zhí)行此操作.
I'm trying to build a simple ASP.Net Core 2.2 web app that allows AzureAD as an "external provider". I'm doing this in Visual Studio 2019.
作為一個(gè)超級(jí)簡(jiǎn)單的演示項(xiàng)目,我首先創(chuàng)建了一個(gè)使用 Azure AD 作為登錄提供程序的新項(xiàng)目:
As a super-simple demo project, I started by creating a new project that uses Azure AD as the login provider:
- 選擇 ASP.NET Core Web 應(yīng)用程序
- 選擇 Web 應(yīng)用程序(模型-視圖-控制器)
- 將身份驗(yàn)證更改為工作或?qū)W校帳戶".它自動(dòng)填寫了我的域名(因?yàn)槲业卿浟薞S)
這將創(chuàng)建一個(gè) Web 應(yīng)用程序設(shè)置以在所有頁(yè)面上強(qiáng)制執(zhí)行用戶身份驗(yàn)證.當(dāng)我運(yùn)行應(yīng)用程序時(shí),它會(huì)轉(zhuǎn)到 Azure AD 并在導(dǎo)航到 /home 頁(yè)面之前讓我登錄.
This creates a web application set up to enforce user authentication on all pages. When I run the application, it goes to Azure AD and logs me in prior to navigating to the /home page.
回想一下,我說(shuō)過(guò)我想將 Azure AD 添加為外部提供程序.所以我在 Startup.cs 中找到了這一行:
Recall that I said I wanted to add Azure AD as an external provider. So I found this line in Startup.cs:
services.AddAuthentication(AzureADDefaults.AuthenticationScheme)
.AddAzureAD(options => Configuration.Bind("AzureAd", options));
并且我刪除了默認(rèn)的身份驗(yàn)證方案以防止自動(dòng)登錄,如下所示:
and I removed the default authentication scheme to prevent the auto-login, like this:
services.AddAuthentication()
.AddAzureAD(options => Configuration.Bind("AzureAd", options));
現(xiàn)在,當(dāng)我運(yùn)行該應(yīng)用程序時(shí),它會(huì)導(dǎo)航到 Login 頁(yè)面,它會(huì)為我提供一個(gè)藍(lán)色的大按鈕,讓我可以使用 Azure Active Directory 登錄.但是點(diǎn)擊那個(gè)按鈕我并沒(méi)有登錄.
Now, when I run the app, it navigates to the Login page, and it gives me a big blue button offering to let me log in with Azure Active Directory. But clicking on that button does not log me in.
所以我搭建了身份頁(yè)面,并在 ExternalLogin GET 例程處設(shè)置了一個(gè)斷點(diǎn).果然,點(diǎn)擊藍(lán)色的大按鈕會(huì)找到它的方式.單步執(zhí)行代碼,我看到 對(duì) _signInManager.GetExternalLoginInfoAsync() 的調(diào)用返回 null.
So I scaffolded the Identity pages, and I set a breakpoint at the ExternalLogin GET routine. Sure enough, clicking the big blue button finds its way there. Stepping through the code, I see that the call to _signInManager.GetExternalLoginInfoAsync() returns null.
我被困住了.顯然,(未記錄的)配置魔法沒(méi)有正確設(shè)置某些東西來(lái)滿足對(duì) GetExternalLoginInfoAsync 的調(diào)用.
I'm stuck. Apparently, the (undocumented) configuration magic doesn't set something up correctly to satisfy the call to GetExternalLoginInfoAsync.
推薦答案
場(chǎng)景是您使用 asp.net 身份和 Azure AD 登錄作為外部身份提供者.
The scenario is you are using asp.net identity with Azure AD login as external identity provider .
您應(yīng)該將 IdentityConstants.ExternalScheme 設(shè)置為 Azure AD 身份驗(yàn)證的登錄架構(gòu),以便您可以通過(guò) _signInManager.GetExternalLoginInfoAsync() 獲取外部用戶信息:p>
You should set IdentityConstants.ExternalScheme as the signin schema of Azure AD authentication , so that you can get the external user information with _signInManager.GetExternalLoginInfoAsync() :
services.AddDbContext<ApplicationDbContext>(options =>
options.UseSqlServer(
Configuration.GetConnectionString("DefaultConnection")));
services.AddDefaultIdentity<IdentityUser>()
.AddDefaultUI(UIFramework.Bootstrap4)
.AddEntityFrameworkStores<ApplicationDbContext>();
services.AddAuthentication(AzureADDefaults.AuthenticationScheme)
.AddAzureAD(options => Configuration.Bind("AzureAd", options));
services.Configure<OpenIdConnectOptions>(AzureADDefaults.OpenIdScheme, options => {
options.SignInScheme= IdentityConstants.ExternalScheme;
//other config
});
然后您可以搭建 asp.net 身份并進(jìn)行修改以滿足您的要求,在任何頁(yè)面觸發(fā)外部登錄(ExternalLogin.cshtml.cs 中的OnPost 函數(shù))為默認(rèn)模板(藍(lán)色大按鈕")可以.
Then you can scaffold the asp.net identity and modify to fit your requirement , in any page trigger external login(OnPost function in ExternalLogin.cshtml.cs) as the default template("big blue button") does .
這篇關(guān)于Azure AD 作為“外部提供者"?的文章就介紹到這了,希望我們推薦的答案對(duì)大家有所幫助,也希望大家多多支持html5模板網(wǎng)!