Azure AD 作为“外部提供者"?

问题描述

我正在尝试构建一个简单的 ASP.Net Core 2.2 Web 应用程序，它允许 AzureAD 作为外部提供者".我在 Visual Studio 2019 中执行此操作.

I'm trying to build a simple ASP.Net Core 2.2 web app that allows AzureAD as an "external provider". I'm doing this in Visual Studio 2019.

作为一个超级简单的演示项目，我首先创建了一个使用 Azure AD 作为登录提供程序的新项目:

As a super-simple demo project, I started by creating a new project that uses Azure AD as the login provider:

1. 选择 ASP.NET Core Web 应用程序
2. 选择 Web 应用程序(模型-视图-控制器)
3. 将身份验证更改为工作或学校帐户".它自动填写了我的域名(因为我登录了VS)

这将创建一个 Web 应用程序设置以在所有页面上强制执行用户身份验证.当我运行应用程序时，它会转到 Azure AD 并在导航到 /home 页面之前让我登录.

This creates a web application set up to enforce user authentication on all pages. When I run the application, it goes to Azure AD and logs me in prior to navigating to the /home page.

回想一下，我说过我想将 Azure AD 添加为外部提供程序.所以我在 Startup.cs 中找到了这一行:

Recall that I said I wanted to add Azure AD as an external provider. So I found this line in Startup.cs:

services.AddAuthentication(AzureADDefaults.AuthenticationScheme)
    .AddAzureAD(options => Configuration.Bind("AzureAd", options));

并且我删除了默认的身份验证方案以防止自动登录，如下所示:

and I removed the default authentication scheme to prevent the auto-login, like this:

services.AddAuthentication()
    .AddAzureAD(options => Configuration.Bind("AzureAd", options));

现在，当我运行该应用程序时，它会导航到 Login 页面，它会为我提供一个蓝色的大按钮，让我可以使用 Azure Active Directory 登录.但是点击那个按钮我并没有登录.

Now, when I run the app, it navigates to the Login page, and it gives me a big blue button offering to let me log in with Azure Active Directory. But clicking on that button does not log me in.

所以我搭建了身份页面，并在 ExternalLogin GET 例程处设置了一个断点.果然，点击蓝色的大按钮会找到它的方式.单步执行代码，我看到 对 _signInManager.GetExternalLoginInfoAsync() 的调用返回 null.

So I scaffolded the Identity pages, and I set a breakpoint at the ExternalLogin GET routine. Sure enough, clicking the big blue button finds its way there. Stepping through the code, I see that the call to _signInManager.GetExternalLoginInfoAsync() returns null.

我被困住了.显然，(未记录的)配置魔法没有正确设置某些东西来满足对 GetExternalLoginInfoAsync 的调用.

I'm stuck. Apparently, the (undocumented) configuration magic doesn't set something up correctly to satisfy the call to GetExternalLoginInfoAsync.

推荐答案

场景是您使用 asp.net 身份和 Azure AD 登录作为外部身份提供者.

The scenario is you are using asp.net identity with Azure AD login as external identity provider .

您应该将 IdentityConstants.ExternalScheme 设置为 Azure AD 身份验证的登录架构，以便您可以通过 _signInManager.GetExternalLoginInfoAsync() 获取外部用户信息:p>

You should set IdentityConstants.ExternalScheme as the signin schema of Azure AD authentication , so that you can get the external user information with _signInManager.GetExternalLoginInfoAsync() :

services.AddDbContext<ApplicationDbContext>(options =>
        options.UseSqlServer(
            Configuration.GetConnectionString("DefaultConnection")));
services.AddDefaultIdentity<IdentityUser>()
    .AddDefaultUI(UIFramework.Bootstrap4)
    .AddEntityFrameworkStores<ApplicationDbContext>();

services.AddAuthentication(AzureADDefaults.AuthenticationScheme)
.AddAzureAD(options => Configuration.Bind("AzureAd", options));

services.Configure<OpenIdConnectOptions>(AzureADDefaults.OpenIdScheme, options => {
    options.SignInScheme= IdentityConstants.ExternalScheme;

    //other config
});

然后您可以搭建 asp.net 身份并进行修改以满足您的要求，在任何页面触发外部登录(ExternalLogin.cshtml.cs 中的OnPost 函数)为默认模板(蓝色大按钮")可以.

Then you can scaffold the asp.net identity and modify to fit your requirement , in any page trigger external login(OnPost function in ExternalLogin.cshtml.cs) as the default template("big blue button") does .

这篇关于Azure AD 作为“外部提供者"?的文章就介绍到这了，希望我们推荐的答案对大家有所帮助，也希望大家多多支持跟版网！