C# ASP.NET MVC使用Azure AD单点登录
我们正在开发一个由多个组件组成的应用程序。 我们有两个前端(都使用ASP.NET MVC),一个后端使用ASP.NET MVC API 我们需要允许用户使用其O365帐户(在Azure AD上也是如此)对自己进行身份验证,并为这些帐户启用单点登录。 我们已经找到了几个博客,并尝试了很多,但我们不断收到错误 这就是我们目前得到的C# ASP.NET MVC使用Azure AD单点登录,c#,asp.net-mvc,asp.net-web-api,single-sign-on,azure-active-directory,C#,Asp.net Mvc,Asp.net Web Api,Single Sign On,Azure Active Directory,我们正在开发一个由多个组件组成的应用程序。 我们有两个前端(都使用ASP.NET MVC),一个后端使用ASP.NET MVC API 我们需要允许用户使用其O365帐户(在Azure AD上也是如此)对自己进行身份验证,并为这些帐户启用单点登录。 我们已经找到了几个博客,并尝试了很多,但我们不断收到错误 这就是我们目前得到的 public class AccountController : BaseController { private string Auth
public class AccountController : BaseController
{
private string Authority = ConfigurationManager.AppSettings["ida:Authority"];
private string Audience = ConfigurationManager.AppSettings["ida:Audience"];
private string AzureClientId = ConfigurationManager.AppSettings["ida:AzureClientId"];
private string AppKey = ConfigurationManager.AppSettings["ida:AppKey"];
private string Tenant = ConfigurationManager.AppSettings["ida:Tenant"];
private static Uri RedirectUri { get; } = new Uri(ConfigurationManager.AppSettings["ida:RedirectUri"]);
private string BaseServiceUrl = ConfigurationManager.AppSettings["ida:BaseServiceUrl"];
public ActionResult LoginO365()
{
var authContext = new AuthenticationContext(Authority);
try
{
var result = Task.Run( async() => await authContext.AcquireTokenAsync(Audience, AzureClientId, RedirectUri, new PlatformParameters(PromptBehavior.Always))).Result;
/..
Some business code
../
return RedirectToAction("SomeAdminPage");
}
catch(Exception ex)
{
return View("Login");
}
}
}
{"AADSTS70002: The request body must contain the following parameter: 'client_secret or client_assertion'.\r\nTrace ID: 5042d7a7-4f18-433f-8e9d-424260fe1200\r\nCorrelation ID: 6a0cd62c-f5dd-4f7c-94b0-83df9edfb098\r\nTimestamp: 2017-03-24 11:53:06Z"} System.Exception {Microsoft.IdentityModel.Clients.ActiveDirectory.AdalServiceException}
{" Response status code does not indicate success: 401 (Unauthorized)."} System.Exception {System.Net.Http.HttpRequestException}
{"{\"error\":\"invalid_client\",\"error_description\":\"AADSTS70002: The request body must contain the following parameter: 'client_secret or client_assertion'.\\r\\nTrace ID: 5042d7a7-4f18-433f-8e9d-424260fe1200\\r\\nCorrelation ID: 6a0cd62c-f5dd-4f7c-94b0-83df9edfb098\\r\\nTimestamp: 2017-03-24 11:53:06Z\",\"error_codes\":[70002],\"timestamp\":\"2017-03-24 11:53:06Z\",\"trace_id\":\"5042d7a7-4f18-433f-8e9d-424260fe1200\",\"correlation_id\":\"6a0cd62c-f5dd-4f7c-94b0-83df9edfb098\"}"} System.Exception
{" Response status code does not indicate success: 401 (Unauthorized)."} System.Exception {System.Net.Http.HttpRequestException}
{"{\"error\":\"invalid_client\",\"error_description\":\"AADSTS70002: The request body must contain the following parameter: 'client_secret or client_assertion'.\\r\\nTrace ID: 5042d7a7-4f18-433f-8e9d-424260fe1200\\r\\nCorrelation ID: 6a0cd62c-f5dd-4f7c-94b0-83df9edfb098\\r\\nTimestamp: 2017-03-24 11:53:06Z\",\"error_codes\":[70002],\"timestamp\":\"2017-03-24 11:53:06Z\",\"trace_id\":\"5042d7a7-4f18-433f-8e9d-424260fe1200\",\"correlation_id\":\"6a0cd62c-f5dd-4f7c-94b0-83df9edfb098\"}"} System.Exception
提前谢谢 在web app中使用授权码流获取受保护资源的令牌时,需要提供客户端密码。您可以使用OpenID Connect ASP.Net OWIN中间件,有关代码示例,请参阅以下链接: (多租户) 如果您想通过ADAL编写自己的代码来实现这一点,下面的代码供您参考:
public ActionResult Contact()
{
string authorizationUrl = string.Format(
"https://login.microsoftonline.com/{0}/oauth2/authorize?response_type=code&client_id={1}&redirect_uri={2}",
tenantid, clientId, "http://localhost:44344/Home/CatchCode");
return Redirect(authorizationUrl);
}
public ActionResult CatchCode(string code)
{
string resource = "https://graph.windows.net";
AuthenticationContext authContext = new AuthenticationContext(Startup.Authority);
ClientCredential credential = new ClientCredential(clientId, appKey);
var accessToken =
authContext.AcquireTokenByAuthorizationCodeAsync(code,
new Uri("http://localhost:44344/Home/CatchCode"), credential, resource).Result.AccessToken;
return View();
}
谢谢你在这件事上的帮助。经过一些测试,我们实现了OWIN,它工作得非常好。