我正在尝试设置一个使用Azure AD作为身份验证提供程序的Azure应用程序服务,并仅通过ARM模板锁定对AD的访问。
基本上来自“允许匿名请求(不执行任何操作)”
以“使用Azure Active Directory登录”
我认为它必须是属性-> siteAuthSettings下的属性之一,但它似乎不起作用。这是我的模板:
{
"apiVersion": "2015-04-01",
"name": "web",
"type": "config",
"dependsOn": [
"[resourceId('Microsoft.Web/sites', parameters('webAppName'))]"
],
"properties": {
"siteAuthEnabled": true,
"siteAuthSettings": {
"enabled": true,
"httpApiPrefixPath": null,
"unauthenticatedClientAction": 0,
"tokenStoreEnabled": null,
"allowedExternalRedirectUrls": null,
"defaultProvider": 0,
"clientId": "[parameters('clientId')]",
"clientSecret": null,
"issuer": "[parameters('issuerUrl')]",
"allowedAudiences": null,
"additionalLoginParams": null,
"isAadAutoProvisioned": false,
"aadClientId": "[parameters('clientId')]",
"openIdIssuer": "[parameters('issuerUrl')]",
"googleClientId": null,
"googleClientSecret": null,
"googleOAuthScopes": null,
"facebookAppId": null,
"facebookAppSecret": null,
"facebookOAuthScopes": null,
"twitterConsumerKey": null,
"twitterConsumerSecret": null,
"microsoftAccountClientId": null,
"microsoftAccountClientSecret": null,
"microsoftAccountOAuthScopes": null
}
似乎无法解决,欢迎提出任何建议! 🙏
您的模板看起来还不错。这个例子适用于我的应用程序:
{
"apiVersion": "2015-08-01",
"name": "web",
"type": "config",
"dependsOn": [
"[resourceId('Microsoft.Web/Sites', parameters('webAppName'))]"
],
"properties": {
"siteAuthEnabled": "[parameters('enableAadAuthentication')]",
"siteAuthSettings": {
"clientId": "[parameters('aadClientId')]",
"issuer": "[parameters('aadIssuerUrl')]",
"isAadAutoProvisioned": false
}
}
}
我唯一可以看到的区别是"apiVersion": "2015-08-01",
,因此您应该仔细检查它和实际参数。您issuerUrl
应该看起来像这样:https://login.microsoftonline.com/mytenant.onmicrosoft.com