为什么我的 Entra MSAL 流程适用于登录,但注销时却收到 404?

问题描述 投票:0回答:1

我遇到了一个奇怪的问题。我将 MSAL 2 与 Entra Customer 租户一起使用,用户可以登录,但无法注销。

这是我的示例配置,我必须更改原始文档由于错误,如果您不是全局管理员,则无法登录。

"AzureAd": {
    "Authority": "https://55...67.ciamlogin.com/55...67/v2.0",
    "Instance": "https://55...67.ciamlogin.com/55...67/v2.0",
    "Domain": "exampleTenant.onmicrosoft.com",
    "ClientId": "44...56",
    "ClientSecret": "{{omitted}}",
    "ClientCertificates": [
    ],
    // the following is required to handle Continuous Access Evaluation challenges
    "ClientCapabilities": [ "cp1" ],
    "CallbackPath": "/signin-oidc"
  },
  "DownstreamApi": {
    "Scopes": "User.ReadBasic.All user.read email"
  }

我的 DI 注册:

private static void RegisterAuthentication(IServiceCollection services, IConfiguration configuration)
{

    var authenticatedPolicy = new AuthorizationPolicyBuilder()
        .RequireAuthenticatedUser()
        .Build();

    // <ms_docref_add_msal>
    IEnumerable<string>? initialScopes = configuration["DownstreamApi:Scopes"]?.Split(' ');

    services.AddMicrosoftIdentityWebAppAuthentication(configuration, "AzureAd")
        .EnableTokenAcquisitionToCallDownstreamApi(initialScopes)
        .AddDownstreamApi("DownstreamApi", configuration.GetSection("DownstreamApi"))
        .AddInMemoryTokenCaches();
    // </ms_docref_add_msal>

    // <ms_docref_add_default_controller_for_sign-in-out>
    services.AddRazorPages().AddMvcOptions(options =>
    {
        options.Filters.Add(new AuthorizeFilter(authenticatedPolicy));
        //filters omitted for brevity
    }).AddMicrosoftIdentityUI();
    // </ms_docref_add_default_controller_for_sign-in-out>

    services.AddCascadingAuthenticationState();
    services.AddAuthorizationBuilder()
        //policies omitted for brevity
        .AddFallbackPolicy(PolicyConstants.MustBeAuthenticated, authenticatedPolicy);
}

然后,为了清楚起见,这是应用程序配置

var app = builder.Build();

// Configure the HTTP request pipeline.
if (app.Environment.IsDevelopment())
{
    app.UseWebAssemblyDebugging();
}
else
{
    app.UseHsts();
}

app.UseHttpsRedirection();

app.UseStaticFiles();
app.UseAntiforgery();

app.UseAuthentication();
app.UseAuthorization();

app.MapRazorComponents<App>()
    .AddInteractiveServerRenderMode()
    .AddInteractiveWebAssemblyRenderMode()
    .AddAdditionalAssemblies(typeof(MyClientApp._Imports).Assembly);

app.Run();

然后,我将未经身份验证的用户重定向到 

MicrosoftIdentity/Account/SignIn
。这很好用。用户被发送到登录并通过声明进行身份验证。

现在我想添加一个注销链接

<a href="MicrosoftIdentity/Account/SignOut" class="ti-dropdown-item">
    <i class="ti ti-logout  text-lg"></i>
    Sign Out
</a>

但是,当重定向发生时,

MicrosoftIdentity/Account/SignOut
会抛出 404。我认为登录有效但注销无效很奇怪。

blazor azure-ad-msal .net-8.0 microsoft-entra
1个回答
0
投票

执行 AAD 注销操作时,OP 面临 404 错误。

根据 OP 的确认,缺少 

app.AddRouting();
app.MapControllers();
导致了该问题。

最新问题
© www.soinside.com 2019 - 2024. All rights reserved.