Angular 已发送静默登录请求，但没有用户登录，并获取错误代码AADSTS50058_Angular_Azure_Azure Active Directory

Angular 已发送静默登录请求，但没有用户登录，并获取错误代码AADSTS50058

angular azure azure-active-directory

Angular 已发送静默登录请求，但没有用户登录，并获取错误代码AADSTS50058,angular,azure,azure-active-directory,Angular,Azure,Azure Active Directory,我正在尝试将示例Angular应用程序与Azure active directory集成。为此我用了微软MSAL图书馆我的Azure门户订阅试用期为30天请找出我做的步骤步骤1在我的试用版Azure订阅中注册应用程序。将我的重定向URI设置为第2步选择隐式授权，检查访问令牌和ID令牌第三步应用程序模块我修改如下 import { BrowserModule } from '@angular/platform-browser'; import { NgModule } from '

我正在尝试将示例Angular应用程序与Azure active directory集成。为此我用了

微软MSAL图书馆
我的Azure门户订阅试用期为30天

请找出我做的步骤

步骤1在我的试用版Azure订阅中注册应用程序。将我的重定向URI设置为

第2步选择隐式授权，检查访问令牌和ID令牌

第三步应用程序模块我修改如下

import { BrowserModule } from '@angular/platform-browser';
import { NgModule } from '@angular/core';
import { AppRoutingModule } from './app-routing.module';
import { AppComponent } from './app.component';
import { ProfileComponent } from './profile/profile.component';
import { MsalModule, MsalInterceptor } from '@azure/msal-angular';
import { HTTP_INTERCEPTORS, HttpClientModule } from '@angular/common/http';
import { HomeComponent } from './home/home.component';

const isIE = window.navigator.userAgent.indexOf('MSIE ') > -1 || window.navigator.userAgent.indexOf('Trident/') > -1;
@NgModule({
  declarations: [
    AppComponent,
    ProfileComponent,
    HomeComponent
  ],
  imports: [
    BrowserModule,
    AppRoutingModule,
    HttpClientModule,
    MsalModule.forRoot({
      auth: {
        clientId: 'MyclientId', // This is your client ID
        authority: 'https://login.microsoftonline.com/MytenantId', // This is your tenant ID
        redirectUri: 'http://localhost:4200'// This is your redirect URI
      },
      cache: {
        cacheLocation: 'localStorage',
        storeAuthStateInCookie: isIE, // Set to true for Internet Explorer 11
      },
    }, {
      popUp: !isIE,
      consentScopes: [
        'user.read',
        'openid',
        'profile',
      ],
      unprotectedResources: [],
      protectedResourceMap: [
        ['https://graph.microsoft.com/v1.0/me', ['user.read']]
      ],
      extraQueryParameters: {}
    })
  ],
  providers: [
    {
      provide: HTTP_INTERCEPTORS,
      useClass: MsalInterceptor,
      multi: true
    }
  ],
  bootstrap: [AppComponent]
})
export class AppModule { }

步骤4我的批准

import { NgModule } from '@angular/core';
import { Routes, RouterModule } from '@angular/router';
import { ProfileComponent } from './profile/profile.component';
import { MsalGuard } from '@azure/msal-angular';
import { HomeComponent } from './home/home.component';

const routes: Routes = [
  {
    path: 'profile',
    component: ProfileComponent,
    canActivate: [
      MsalGuard
    ]
  },
  {
    path: '',
    component: HomeComponent
  }
];


@NgModule({
  imports: [RouterModule.forRoot(routes)],
  exports: [RouterModule]
})
export class AppRoutingModule { }

步骤5AppComponent

import { Component,OnInit } from '@angular/core';
import { MsalService, BroadcastService } from '@azure/msal-angular';
import { CryptoUtils, Logger } from 'msal';

@Component({
  selector: 'app-root',
  templateUrl: './app.component.html',
  styleUrls: ['./app.component.css']
})
export class AppComponent implements OnInit  {
  isIframe = false;
  loggedIn = false;

  constructor(private broadcastService: BroadcastService, private authService: MsalService) { }  

  ngOnInit(): void {

    this.isIframe = window !== window.parent && !window.opener;

    this.checkAccount();

    this.broadcastService.subscribe('msal:loginSuccess', () => {
      this.checkAccount();
    });

    this.authService.handleRedirectCallback((authError, response) => {
      if (authError) {
        console.error('Redirect Error: ', authError.errorMessage);
        return;
      }

      console.log('Redirect Success: ', response.accessToken);
    });

    this.authService.setLogger(new Logger((logLevel, message, piiEnabled) => {
      console.log('MSAL Logging: ', message);
    }, {
      correlationId: CryptoUtils.createNewGuid(),
      piiLoggingEnabled: false
    }));
  }

  checkAccount() {
    this.loggedIn = !!this.authService.getAccount();
  }

  login() {
      const isIE = window.navigator.userAgent.indexOf('MSIE ') > -1 || window.navigator.userAgent.indexOf('Trident/') > -1;

      if (isIE) {
        this.authService.loginRedirect({
          extraScopesToConsent: ["user.read", "openid", "profile"]
        });
      } else {
        this.authService.loginPopup({
          extraScopesToConsent: ["user.read", "openid", "profile"]
        });
      }
  }

  logout() {
    this.authService.logout();
  }

}

步骤6配置文件组件

import { Component, OnInit } from '@angular/core';
import { MsalService } from '@azure/msal-angular';
import { HttpClient } from '@angular/common/http';

const GRAPH_ENDPOINT = 'https://graph.microsoft.com/v1.0/me';

@Component({
  selector: 'app-profile',
  templateUrl: './profile.component.html',
  styleUrls: ['./profile.component.css']
})
export class ProfileComponent implements OnInit {

  profile:any;

  constructor(private authService: MsalService, private http: HttpClient) { }

  ngOnInit() {
    this.getProfile();
  }

  getProfile() {
    this.http.get(GRAPH_ENDPOINT).toPromise()
      .then(profile => {
          this.profile = profile;
      });
  }

}

我遵循了以下链接中给出的相同步骤

应用程序登录。当我检查会话存储时，我可以看到令牌。但是当访问配置文件组件时。它将抛出以下错误。我无法理解为什么会出现这个错误。我错过什么了吗。请引导我，我错过了什么

core.js:6260 ERROR Error: Uncaught (in promise): InteractionRequiredAuthError: AADSTS50058: A silent sign-in request was sent but no user is signed in. The cookies used to represent the user's session were not sent in the request to Azure AD. This can happen if the user is using Internet Explorer or Edge, and the web app sending the silent sign-in request is in different IE security zone than the Azure AD endpoint (login.microsoftonline.com).
Trace ID: 89abda01-6426-4658-8692-7690f74f8d00
Correlation ID: cf52e237-939c-4ce0-875b-d8a5555a0a13
Timestamp: 2020-05-17 20:42:55Z
InteractionRequiredAuthError: AADSTS50058: A silent sign-in request was sent but no user is signed in. The cookies used to represent the user's session were not sent in the request to Azure AD. This can happen if the user is using Internet Explorer or Edge, and the web app sending the silent sign-in request is in different IE security zone than the Azure AD endpoint (login.microsoftonline.com).
Trace ID: 89abda01-6426-4658-8692-7690f74f8d00
Correlation ID: cf52e237-939c-4ce0-875b-d8a5555a0a13
Timestamp: 2020-05-17 20:42:55Z
    at InteractionRequiredAuthError.AuthError [as constructor] (AuthError.js:22)
    at InteractionRequiredAuthError.ServerError [as constructor] (ServerError.js:22)
    at new InteractionRequiredAuthError (InteractionRequiredAuthError.js:24)
    at MsalService.push../node_modules/msal/lib-es6/UserAgentApplication.js.UserAgentApplication.saveTokenFromHash (UserAgentApplication.js:1289)
    at MsalService.push../node_modules/msal/lib-es6/UserAgentApplication.js.UserAgentApplication.processCallBack (UserAgentApplication.js:845)
    at MsalService.push../node_modules/msal/lib-es6/UserAgentApplication.js.UserAgentApplication.handleAuthenticationResponse (UserAgentApplication.js:897)
    at MsalService.<anonymous> (UserAgentApplication.js:667)
    at step (tslib.es6.js:100)
    at Object.next (tslib.es6.js:81)
    at fulfilled (tslib.es6.js:71)
    at resolvePromise (zone-evergreen.js:798)
    at resolvePromise (zone-evergreen.js:750)
    at zone-evergreen.js:860
    at ZoneDelegate.invokeTask (zone-evergreen.js:399)
    at Object.onInvokeTask (core.js:41640)
    at ZoneDelegate.invokeTask (zone-evergreen.js:398)
    at Zone.runTask (zone-evergreen.js:167)
    at drainMicroTaskQueue (zone-evergreen.js:569)
    at invokeTask (zone-evergreen.js:484)
    at ZoneTask.invoke (zone-evergreen.js:469)

core.js:6260错误：未捕获（承诺中）：InteractionRequiredAuthError:AADSTS50058:已发送静默登录请求，但没有用户登录。用于表示用户会话的Cookie未在Azure AD请求中发送。如果用户正在使用Internet Explorer或Edge，并且发送静默登录请求的web应用与Azure AD端点（login.microsoftonline.com）位于不同的IE安全区域，则会发生这种情况。
跟踪ID:89abda01-6426-4658-8692-7690f74f8d00
相关ID:cf52e237-939c-4ce0-875b-d8a5555a0a13
时间戳：2020-05-1720:42:55Z
InteractionRequiredAuthError:AADSTS50058:已发送静默登录请求，但没有用户登录。用于表示用户会话的Cookie未在Azure AD请求中发送。如果用户正在使用Internet Explorer或Edge，并且发送静默登录请求的web应用与Azure AD端点（login.microsoftonline.com）位于不同的IE安全区域，则会发生这种情况。
跟踪ID:89abda01-6426-4658-8692-7690f74f8d00
相关ID:cf52e237-939c-4ce0-875b-d8a5555a0a13
时间戳：2020-05-1720:42:55Z
在InteractionRequiredAuthError.AuthError[作为构造函数]（AuthError.js:22）
at InteractionRequiredAuthError.ServerError[作为构造函数]（ServerError.js:22）
在新建InteractionRequiredAuthError时（InteractionRequiredAuthError.js:24）
在MsalService.push../node_modules/msal/lib-es6/UserAgentApplication.js.UserAgentApplication.saveTokenFromHash（UserAgentApplication.js:1289）
在MsalService.push../node_modules/msal/lib-es6/UserAgentApplication.js.UserAgentApplication.processCallBack（UserAgentApplication.js:845）
在MsalService.push../node_modules/msal/lib-es6/UserAgentApplication.js.UserAgentApplication.handleAuthenticationResponse（UserAgentApplication.js:897）
在MsalService。（UserAgentApplication.js:667）
在步骤（tslib.es6.js:100）
在Object.next（tslib.es6.js:81）
完成时（tslib.es6.js:71）
at resolvePromise（zone evergreen.js:798）
at evergreen（zone evergreen.js:750）
常青区。js:860
在ZoneDelegate.invokeTask（zone evergreen.js:399）
位于Object.onInvokeTask（core.js:41640）
在ZoneDelegate.invokeTask（zone evergreen.js:398）
在Zone.runTask（Zone everyver.js:167）
在drainMicroTaskQueue（zone evergreen.js:569）
在invokeTask（zone evergreen.js:484）
在ZoneTask.invoke（zone everyver.js:469）

你能包括小提琴手的痕迹吗

从：

这意味着用户未登录。这是一个常见的错误当用户未经身份验证且尚未登录时应为。如果在SSO上下文中遇到此错误，其中用户以前已登录，这意味着SSO会话不是发现或无效。如果出现以下情况，此错误可能会返回给应用程序： prompt=未指定任何值

我也看到过这种情况，如果用户显示了多个UPN，而预期的UPN没有登录，那么我们也可以检查一下