问题
I have a problem publishing a web app that uses organizational account for authentication. Namely, I chose to publish it on azure website, using new azure SQL database as tenant db. I use Single account and specify .onmicrosoft.com domain.
Step by step:
- New ASP.NET application, MVC
- Change Authentication -> Organizational Accounts -> Cloud - Single Organization, Domain: .onmicrosoft.com, Access Level: Single Sign On
- Microsoft Azure -> Host in the cloud (checked), Website
- Selected database server in Azure
- Debug/Run in IIS Express works as expected, it goes to Organizational page for authentication and then browse back to Home/Index showing the user's email in the navigation pane.
- Publish Web with default (auto-generated) profile creates couple of errors:
6.1. It browse to http and not to https by default
6.2. Browsing manually to https://.... redirects to onmicrosoft.com for authentication, and after authentication successfully finishes, redirects back to
https://localhost:xxxxx
Where can I configure redirect URL for organizational accounts? I've done for some previous projects Microsoft account authentication, and I know that client id and secret id are bound to a specific return url, but I have no idea where to look for application properties when organizational accounts are used.
Thanks.
Predrag.
回答1:
To answer my question. Below is one possible workable workflow:
- From Visual Studio 2013, Project->New->Web->ASP.NET Web Application
- Name: WebApplication2
New ASP.NET Project – WebApplication2
a. Select a template: MVC
b. Change Authentication
i. Organizational Accounts ii. Cloud – Single Organization iii. Domain: <organization_name>.onmicrosoft.com iv. Access Level: Single Sign Onc. OK
Configure Microsoft Azure Website
a. Site name: WebApplicationXXXXX
b. Region: North Europe
c. Database server: existing database server
d. Database username: admin
e. Database password: admin_password
f. OK
Publish with the default profile without changing any parameters
a. The result will be Server error in application. In the address bar, it will be
http://webapplicationXXXXX.azurewebsites.net/Browse to https instead of http:
https://webapplicationXXXXX.azurewebsites.net/a. It will be redirected to organizational account correctly. After successful authentication, it will be redirected back to
https://localhost:44310/which is not accessible from Azure website, so it will fail.Launch publishing again with some corrections this time, Publish Web
a. Connection->DestinationUrl:
https://webapplicationXXXXX.azurewebsites.net/b. Settings->Enable Organizational Authentication (check)
i. Domain: <organization_name>.onmicrosoft.com ii. Access Level: Single Sign Onc. Publish
It might fail to authenticate first time (no idea why), but when manually browsed to https://webapplicationXXXXX.azurewebsites.net/, it will work as it is supposed to.
By skipping steps 5 and 6 above, the workflow becomes workable. It’s another question if it’s optimal and according to the best practices.
回答2:
You can setup return url for organizational account auth inside active directory in management panel (azure)
Here a good article
Select your App inside Active Directory, click on app name -> config -> single sign on -> config return url
回答3:
I was having the same problem but found that enable organisational authentication option has been removed in Visual Studio 2015 and 2017.
You have to edit the relying party trust on your ADFS server. Right click > Properties > Endpoints > Add a WS-Federation Endpoint pointing to your https root site URL > Tick set as default.
My site now works and authenticates with ADFS.
来源:https://stackoverflow.com/questions/27887947/published-asp-net-mvc-5-app-with-organizational-account-authentication-redirects