我正在使用UseOpenIdConnectAuthentication来验证用户身份。我的应用程序代码本地工作正常但是,当我在Azure上运行它时,SecurityTokenValidated事件永远不会被触发。因此,代码运行正常但用户从未进行过身份验证。我不确定问题是我的代码还是Azure。这用于Web表单,Asp.net应用程序(不是Core)。我使用Azure跟踪功能进行记录。我可以看到只有“RedirectToIdentityProvider”被触发。没有其他事件被调用。这是我的代码:
Startup.Auth.Vb:
Public Sub ConfigureAuth(app As IAppBuilder)
Dim clientId As String = ""
Dim authority As String = ""
Dim redirectURI As String
Trace.TraceInformation("Hit Config Auth function")
ServicePointManager.SecurityProtocol = SecurityProtocolType.Tls12
JwtSecurityTokenHandler.DefaultInboundClaimTypeMap = New Dictionary(Of String, String)
app.SetDefaultSignInAsAuthenticationType("Cookies")
app.UseCookieAuthentication(New CookieAuthenticationOptions() With {
.AuthenticationMode = AuthenticationMode.Active,
.CookieManager = New SystemWebCookieManager
})
redirectURI = appSettings("ID_Redirect_URI")
clientId = appSettings("ID_ClientID")
authority = appSettings("ID_Authority")
Trace.TraceInformation(redirectURI)
Trace.TraceInformation(clientId)
Trace.TraceInformation(authority)
Trace.TraceInformation("creating OpenIDAuthOptions")
Dim OpenIdAuthOption = New OpenIdConnectAuthenticationOptions() With {
.SignInAsAuthenticationType = "Cookies",
.Authority = authority,
.RequireHttpsMetadata = False,
.ClientId = clientId,
.ResponseType = "id_token",
.Scope = "openid profile roles",
.RedirectUri = redirectURI,
.PostLogoutRedirectUri = redirectURI,
.Notifications = New OpenIdConnectAuthenticationNotifications() With {
.AuthenticationFailed = Function(ctx)
Trace.TraceInformation("Auth Failed event")
Return Task.FromResult(0)
End Function,
.SecurityTokenReceived = Function(ctx)
Trace.TraceInformation("Sec Token Recieved event")
Return Task.FromResult(0)
End Function,
.MessageReceived = Function(ctx)
Trace.TraceInformation("Message Recieved event")
Return Task.FromResult(0)
End Function,
.SecurityTokenValidated = Function(ctx)
Trace.TraceInformation("Security token validated")
Return Task.FromResult(0)
End Function,
.AuthorizationCodeReceived = Function(ctx)
Trace.TraceInformation("Auth Code Recieved event")
Return Task.FromResult(0)
End Function,
.RedirectToIdentityProvider = Function(context)
Trace.TraceInformation("start of RedirectToIDProvider")
Return Task.FromResult(0)
End Function
}
}
Trace.TraceInformation("adding OpenIdAuthOptyions")
app.UseOpenIdConnectAuthentication(OpenIdAuthOption)
Trace.TraceInformation("finihsed adding OpenIdAuthOptyions")
End Sub
如上所述,此代码在本地工作正常。它仅在Azure上托管时不起作用。在本地运行时,将按以下顺序触发事件:
但是,在Azure中,只会触发RedirectToIdentityProvider。
在Action to take when request is not authenticated
到Authentication/Authorization
的天蓝色门户网站的App Service LogIn with Azure Active Directory
部分中更改了你的Allow Anonymous requests
。如下图所示:
然后SecurityTokenValidated
将被解雇。应用程序服务身份验证发生在您的应用程序之外,因此应用程序中的自定义身份验证代码永远不会有机会运行。当你关闭它时,它允许你的应用程序以与本地相同的方式处理auth本身。
这是您可以参考的similar问题。
尝试在Azure上更改应用程序定义的应用程序清单,以将“oauth2AllowIdTokenImplicitFlow”属性设置为false。
2)在startup.cs文件中,更改以下内容:
ResponseType = OpenIdConnectResponseType.Code
to
ResponseType = OpenIdConnectResponseType.CodeIdToken
并看看它是否有帮助。