未为受Azure Active Directory保护的Azure WebApp调用OpenIdConnectAuthenticationNotifications.AuthorizationCodeReceived事件
我的MVC WebApp部署到Azure Paas并使用Azure AD进行保护。身份验证设置使用下面的示例代码作为基础,并且它在localhost中与IISExpress或IIS一起工作 但在部署到Azure后,它不起作用。即使用户将正确地进行身份验证,也不会调用AuthorizationCodeReceived委托 这是设置身份验证的启动代码:未为受Azure Active Directory保护的Azure WebApp调用OpenIdConnectAuthenticationNotifications.AuthorizationCodeReceived事件,azure,azure-web-app-service,azure-active-directory,Azure,Azure Web App Service,Azure Active Directory,我的MVC WebApp部署到Azure Paas并使用Azure AD进行保护。身份验证设置使用下面的示例代码作为基础,并且它在localhost中与IISExpress或IIS一起工作 但在部署到Azure后,它不起作用。即使用户将正确地进行身份验证,也不会调用AuthorizationCodeReceived委托 这是设置身份验证的启动代码: void ConfigureAuth(IAppBuilder app, Container container) { _log.D
void ConfigureAuth(IAppBuilder app, Container container) {
_log.Debug("Configuring Azure Authentication");
AzureActiveDirectoryAppSetting setting = container.GetInstance<IAzureActiveDirectoryAppSettingFactory>().Get();
app.SetDefaultSignInAsAuthenticationType(CookieAuthenticationDefaults.AuthenticationType);
app.UseCookieAuthentication(new CookieAuthenticationOptions());
app.UseOpenIdConnectAuthentication(
new OpenIdConnectAuthenticationOptions() {
ClientId = setting.ClientID,
Authority = setting.Authority,
PostLogoutRedirectUri = setting.PostLogoutRedirectUrl,
RedirectUri = setting.ReplyUrl,
Notifications = new OpenIdConnectAuthenticationNotifications() {
AuthorizationCodeReceived = new Func<Microsoft.Owin.Security.Notifications.AuthorizationCodeReceivedNotification, System.Threading.Tasks.Task>(args => OnAuthorizationCodeReceived(args, container)),
AuthenticationFailed = new Func<Microsoft.Owin.Security.Notifications.AuthenticationFailedNotification<OpenIdConnectMessage, OpenIdConnectAuthenticationOptions>, System.Threading.Tasks.Task>(OnAuthorizationFailed),
}
}
);
}
System.Threading.Tasks.Task OnAuthorizationFailed(Microsoft.Owin.Security.Notifications.AuthenticationFailedNotification<OpenIdConnectMessage, OpenIdConnectAuthenticationOptions> args) {
_log.Error("Authorization Failed");
return System.Threading.Tasks.Task.FromResult<string>(null);
}
System.Threading.Tasks.Task OnAuthorizationCodeReceived(Microsoft.Owin.Security.Notifications.AuthorizationCodeReceivedNotification args, Container container) {
_log.Debug("Authorization Code Received");
var auth = container.GetInstance<IClaimsBasedAuthentication>();
return auth.ReceiveSecurityClaim(args.Code, args.AuthenticationTicket.Identity, HttpContext.Current);
}
编辑以澄清标记的答案:
正如Nan Yu所述,当启用身份验证/授权功能时,此问题可能会重复。工作设置如下图所示
确保应用程序服务身份验证已打开
请求未通过身份验证时要执行的操作:允许匿名请求无操作
这就是我被困了一个月的原因。我在使用Azure Active Directory登录时有此功能
正确配置Azure Active Directory。您可以在教程中找到此信息。
根据回复url:,您似乎启用了azure应用程序服务的身份验证/授权功能。如果我启用了身份验证/授权功能,我可以重现这种情况,在这种情况下,轻松的身份验证将接管身份验证过程。如果启用了应用程序服务的身份验证/授权,请尝试禁用该功能,然后重试 根据回复url:,您似乎启用了azure应用程序服务的身份验证/授权功能。如果我启用了身份验证/授权功能,我可以重现这种情况,在这种情况下,轻松的身份验证将接管身份验证过程。如果启用了应用程序服务的身份验证/授权,请尝试禁用该功能,然后重试 尝试在开放id连接选项中设置ResponseType=code id\u令牌。虽然我没有指定,但仍然得到了一个代码,这很奇怪。请尝试在开放id连接选项中设置ResponseType=code id\u令牌。这很奇怪,虽然我没有指定,但仍然有一个代码。
- 2017-06-10T22:18:59 PID[7692] Verbose Albatross.Security.AzureADOpenIDAuthentication:AzureADOpenIDAuthentication Created
- 2017-06-10T22:18:59 PID[7692] Information Albatross.Web.App_Start.Startup:Web App Configuration
- 2017-06-10T22:18:59 PID[7692] Information Albatross.Web.App_Start.Startup:All areas registered
- 2017-06-10T22:18:59 PID[7692] Information Albatross.Web.App_Start.Startup:Routes registered
- 2017-06-10T22:18:59 PID[7692] Information Albatross.Web.App_Start.Startup:Bundles registered
- 2017-06-10T22:18:59 PID[7692] Verbose Albatross.Web.App_Start.Startup:Configuring Azure Authentication
- 2017-06-10T22:18:59 PID[7692] Verbose Albatross.Web.App_Start.Startup:ClientID:xxx
- 2017-06-10T22:18:59 PID[7692] Verbose Albatross.Web.App_Start.Startup:Authority:https://login.microsoftonline.com/rushuioutlook.onmicrosoft.com
- 2017-06-10T22:18:59 PID[7692] Verbose Albatross.Web.App_Start.Startup:PostLogoutRedirectUrl:https://albatrossweb.azurewebsites.net/.auth/login/aad/callback/
- 2017-06-10T22:18:59 PID[7692] Verbose Albatross.Web.App_Start.Startup:ReplyUrl:https://albatrossweb.azurewebsites.net/.auth/login/aad/callback/
- 2017-06-10T22:18:59 PID[7692] Verbose Albatross.Web.App_Start.Startup:Tenant:rushuioutlook.onmicrosoft.com
- 2017-06-10T22:19:00 PID[7692] Verbose Received request: GET http://albatrossweb.azurewebsites.net/
- 2017-06-10T22:19:00 PID[7692] Information Redirecting: https://albatrossweb.azurewebsites.net/
- 2017-06-10T22:19:00 PID[7692] Verbose Received request: GET https://albatrossweb.azurewebsites.net/
- 2017-06-10T22:19:00 PID[7692] Information Redirecting: https://login.windows.net/25dd3578-72e5-4b70-a97b-3cc94f9d69cc/oauth2/authorize?response_type=code+id_token&redirect_uri=https%3A%2F%2Falbatrossweb.azurewebsites.net%2F.auth%2Flogin%2Faad%2Fcallback&client_id=40ca9b08-b857-4307-9ba3-5815031e9ddf&scope=openid+profile+email&response_mode=form_post&nonce=4a0abda18cf6448fb5b8095efb546871_- 20170610222400&state=redir%3D%252F
- 2017-06-10T22:19:29 PID[7692] Verbose Received request: POST https://albatrossweb.azurewebsites.net/.auth/login/aad/callback
- 2017-06-10T22:19:29 PID[7692] Verbose JWT validation succeeded. Subject: 'iit96kJ_mJn8Qt0f3kKAZm3qFKMGR2BMjVEnI45JBRc', Issuer: 'https://sts.windows.net/25dd3578-72e5-4b70-a97b-3cc94f9d69cc/'.
- 2017-06-10T22:19:29 PID[7692] Verbose Calling into external HTTP endpoint POST https://login.windows.net/25dd3578-72e5-4b70-a97b-3cc94f9d69cc/oauth2/token.
- 2017-06-10T22:19:29 PID[7692] Information Login completed for 'ethan@rushuioutlook.onmicrosoft.com'. Provider: 'aad'.
- 2017-06-10T22:19:29 PID[7692] Verbose Writing 'AppServiceAuthSession' cookie for site 'albatrossweb.azurewebsites.net'. Length: 940.
- 2017-06-10T22:19:29 PID[7692] Information Redirecting: https://albatrossweb.azurewebsites.net/
- 2017-06-10T22:19:31 PID[7692] Verbose Received request: GET https://albatrossweb.azurewebsites.net/
- 2017-06-10T22:19:31 PID[7692] Verbose Found 'AppServiceAuthSession' cookie for site 'albatrossweb.azurewebsites.net'. Length: 940.
- 2017-06-10T22:19:31 PID[7692] Verbose Authenticated ethan@rushuioutlook.onmicrosoft.com successfully using 'Session Cookie' authentication.
- 2017-06-10T22:19:31 PID[7692] Verbose [Routes(Preview)] No authorization configuration was found.
- 2017-06-10T22:19:33 PID[7692] Error Albatross.Web.Controllers.ServiceController:Microsoft.IdentityModel.Clients.ActiveDirectory.AdalSilentTokenAcquisitionException: Failed to acquire token silently as no token was found in the cache. Call method AcquireToken