问题描述
我正在使用UseOpenIdConnectAuthentication对用户进行身份验证.我的应用程序代码在本地运行良好.但是,当我在Azure上运行它时,永远不会触发SecurityTokenValidated事件.因此,代码运行良好,但用户从未通过身份验证.我不确定问题出在我的代码还是在Azure上.这是在Web窗体,Asp.net应用程序(不是Core)中使用的.我使用Azure跟踪功能进行记录.我可以看到仅触发了"RedirectToIdentityProvider".没有其他事件被调用.这是我的代码:
I am using UseOpenIdConnectAuthentication to authenticate users. My application code works fine locally. But, when I run it on Azure, the SecurityTokenValidated event is never fired. Consequently, the code runs fine but the user is never authenticated. I am not sure if the issue is with my code or with Azure. This is being used in a Web Form, Asp.net application (not Core). I use the Azure trace feature to log. I can see that only "RedirectToIdentityProvider" is fired. No other event gets called. Here is my code:
Startup.Auth.Vb:
Public Sub ConfigureAuth(app As IAppBuilder)
Dim clientId As String = ""
Dim authority As String = ""
Dim redirectURI As String
Trace.TraceInformation("Hit Config Auth function")
ServicePointManager.SecurityProtocol = SecurityProtocolType.Tls12
JwtSecurityTokenHandler.DefaultInboundClaimTypeMap = New Dictionary(Of String, String)
app.SetDefaultSignInAsAuthenticationType("Cookies")
app.UseCookieAuthentication(New CookieAuthenticationOptions() With {
.AuthenticationMode = AuthenticationMode.Active,
.CookieManager = New SystemWebCookieManager
})
redirectURI = appSettings("ID_Redirect_URI")
clientId = appSettings("ID_ClientID")
authority = appSettings("ID_Authority")
Trace.TraceInformation(redirectURI)
Trace.TraceInformation(clientId)
Trace.TraceInformation(authority)
Trace.TraceInformation("creating OpenIDAuthOptions")
Dim OpenIdAuthOption = New OpenIdConnectAuthenticationOptions() With {
.SignInAsAuthenticationType = "Cookies",
.Authority = authority,
.RequireHttpsMetadata = False,
.ClientId = clientId,
.ResponseType = "id_token",
.Scope = "openid profile roles",
.RedirectUri = redirectURI,
.PostLogoutRedirectUri = redirectURI,
.Notifications = New OpenIdConnectAuthenticationNotifications() With {
.AuthenticationFailed = Function(ctx)
Trace.TraceInformation("Auth Failed event")
Return Task.FromResult(0)
End Function,
.SecurityTokenReceived = Function(ctx)
Trace.TraceInformation("Sec Token Recieved event")
Return Task.FromResult(0)
End Function,
.MessageReceived = Function(ctx)
Trace.TraceInformation("Message Recieved event")
Return Task.FromResult(0)
End Function,
.SecurityTokenValidated = Function(ctx)
Trace.TraceInformation("Security token validated")
Return Task.FromResult(0)
End Function,
.AuthorizationCodeReceived = Function(ctx)
Trace.TraceInformation("Auth Code Recieved event")
Return Task.FromResult(0)
End Function,
.RedirectToIdentityProvider = Function(context)
Trace.TraceInformation("start of RedirectToIDProvider")
Return Task.FromResult(0)
End Function
}
}
Trace.TraceInformation("adding OpenIdAuthOptyions")
app.UseOpenIdConnectAuthentication(OpenIdAuthOption)
Trace.TraceInformation("finihsed adding OpenIdAuthOptyions")
End Sub
正如我上面提到的,此代码在本地可以正常工作.仅当托管在Azure上时,它才不起作用.在本地运行时,事件将按以下顺序触发:
As I mentioned above, this code works fine locally. It only does not work when hosted on Azure. When running locally, the events are fired in this order:
- RedirectToIdentityProvider
- 收到消息
- 已收到安全令牌
- 已验证安全令牌
但是,在Azure中,只有RedirectToIdentityProvider被触发.
But, in Azure, only RedirectToIdentityProvider is fired.
推荐答案
将Azure门户中App Service Authentication/Authorization
部分中的Action to take when request is not authenticated
从LogIn with Azure Active Directory
更改为Allow Anonymous requests
.如下图所示:
Changed your Action to take when request is not authenticated
in App Service Authentication/Authorization
section in the azure portal from LogIn with Azure Active Directory
to Allow Anonymous requests
. As shown on the picture below:
然后将触发SecurityTokenValidated
.应用程序服务身份验证发生在您的应用程序外部,因此应用程序中的自定义身份验证代码永远不会运行.当您将其关闭时,它允许您的应用以与本地相同的方式处理身份验证本身.
Then the SecurityTokenValidated
would be fired. App services auth takes place outside of you app, so customized auth code in your app never gets a chance to run. When you turn that off it allows your app to handle the auth itself the same way it does locally.
这是您可以参考的类似问题.
Here is the similar issue you could refer to.
这篇关于Asp.net UseOpenIdConnectAuthentication在Azure中不起作用的文章就介绍到这了,希望我们推荐的答案对大家有所帮助,也希望大家多多支持!