无法通过Azure AD策略进行身份验证:授权失败,并且被禁止

问题描述 投票:0回答:1

我们正在从Windows身份验证迁移到Azure AD。

我们有这样的政策:

    services.AddAuthorization(options =>
    {
        options.AddPolicy("Test", policy => policy.RequireClaim(ClaimTypes.Role, "Test"));
    });

    services.AddAuthentication(AzureADDefaults.AuthenticationScheme)
            .AddAzureAD(options => this.Configuration.Bind("AzureAd", options))
            .AddCookie();

我的控制器装饰有

[Authorize(Policy = "Test")]

这里是清单json:

    "appRoles": [
    {
        "allowedMemberTypes": [
            "User"
        ],
        "description": "Security group for Test.",
        "displayName": "Test",
        "id": "5500dd65-c64b-400e-98dd-8e255563aefe",
        "isEnabled": true,
        "lang": null,
        "origin": "Application",
        "value": "Test"
    }
],

我们从Azure门户向该应用程序角色分配了有效的组。

在我的本地环境上运行良好,但是将其部署到开发环境后,我们又获得了Forbidden的授权。

检查日志,我们发现类似以下内容:

AuthenticationScheme: AzureADCookie was not authenticated.
AuthenticationScheme: AzureADCookie was forbidden.
Authorization failed for the request at filter 'Microsoft.AspNetCore.Mvc.Authorization.AuthorizeFilter'.

对于所有阅读本文的人-预先感谢!

asp.net-core azure-active-directory asp.net-core-2.2
1个回答
0
投票

查看此帖子的启动文件。它适用于后端身份验证。

Angular ASP.NET Core 3.1 Azure AD How to Authenticate frontend?

最新问题
© www.soinside.com 2019 - 2024. All rights reserved.