我创建了Intranet门户,并希望使用公司的Azure AD帐户创建登录名。我设置了一个Azure App身份验证并将其设置为单个租户,然后从Azure下载了示例项目。
我的问题是,它不是在强制单个租户,也不允许其他组织的Microsoft帐户。
这是我在Startup.cs中的配置代码
public void Configuration(IAppBuilder app)
{
app.SetDefaultSignInAsAuthenticationType(CookieAuthenticationDefaults.AuthenticationType);
app.UseCookieAuthentication(new CookieAuthenticationOptions());
app.UseOpenIdConnectAuthentication(
new OpenIdConnectAuthenticationOptions
{
ClientId = clientId,
Authority = authority,
RedirectUri = redirectUri,
PostLogoutRedirectUri = redirectUri,
Scope = OpenIdConnectScope.OpenIdProfile,
// ResponseType is set to request the id_token - which contains basic information about the signed-in user
ResponseType = OpenIdConnectResponseType.IdToken,
// ValidateIssuer set to false to allow personal and work accounts from any organization to sign in to your application
// To only allow users from a single organizations, set ValidateIssuer to true and 'tenant' setting in web.config to the tenant name
// To allow users from only a list of specific organizations, set ValidateIssuer to true and use ValidIssuers parameter
TokenValidationParameters = new TokenValidationParameters()
{
ValidateIssuer = true
},
Notifications = new OpenIdConnectAuthenticationNotifications
{
AuthenticationFailed = OnAuthenticationFailed
}
}
);
}
我缺少从一个组织强制执行登录的要求吗?
您需要指定允许哪些租户。尝试将以下内容添加到TokenValidationParameters
ValidIssuers = new List<string>()
{
"https://login.microsoftonline.com/<your-tenant-id>"
}