1. 技术文章
  2. Asp.net UseOpenIdConnectAuthentication not working in Azure

Asp.net UseOpenIdConnectAuthentication not working in Azure

北城余情 提交于 2020-04-17 05:43:36

问题


I am using UseOpenIdConnectAuthentication to authenticate users. My application code works fine locally. But, when I run it on Azure, the SecurityTokenValidated event is never fired. Consequently, the code runs fine but the user is never authenticated. I am not sure if the issue is with my code or with Azure. This is being used in a Web Form, Asp.net application (not Core). I use the Azure trace feature to log. I can see that only "RedirectToIdentityProvider" is fired. No other event gets called. Here is my code:

Startup.Auth.Vb:

 Public Sub ConfigureAuth(app As IAppBuilder)

      Dim clientId As String = ""
      Dim authority As String = ""
      Dim redirectURI As String

      Trace.TraceInformation("Hit Config Auth function")
      ServicePointManager.SecurityProtocol = SecurityProtocolType.Tls12
      JwtSecurityTokenHandler.DefaultInboundClaimTypeMap = New Dictionary(Of String, String)

      app.SetDefaultSignInAsAuthenticationType("Cookies")
      app.UseCookieAuthentication(New CookieAuthenticationOptions() With {
                .AuthenticationMode = AuthenticationMode.Active,
                .CookieManager = New SystemWebCookieManager
            })  


      redirectURI = appSettings("ID_Redirect_URI")
      clientId = appSettings("ID_ClientID")
      authority = appSettings("ID_Authority")
      Trace.TraceInformation(redirectURI)
      Trace.TraceInformation(clientId)
      Trace.TraceInformation(authority)

      Trace.TraceInformation("creating OpenIDAuthOptions")
      Dim OpenIdAuthOption = New OpenIdConnectAuthenticationOptions() With {
           .SignInAsAuthenticationType = "Cookies",
           .Authority = authority,
           .RequireHttpsMetadata = False,
           .ClientId = clientId,
           .ResponseType = "id_token",
           .Scope = "openid profile roles",
           .RedirectUri = redirectURI,
           .PostLogoutRedirectUri = redirectURI,
           .Notifications = New OpenIdConnectAuthenticationNotifications() With {
                .AuthenticationFailed = Function(ctx)
                      Trace.TraceInformation("Auth Failed event")
                      Return Task.FromResult(0)
                 End Function,
                 .SecurityTokenReceived = Function(ctx)
                      Trace.TraceInformation("Sec Token Recieved event")
                      Return Task.FromResult(0)
                  End Function,
                  .MessageReceived = Function(ctx)
                      Trace.TraceInformation("Message Recieved event")
                      Return Task.FromResult(0)
                      End Function,
                  .SecurityTokenValidated = Function(ctx)
                     Trace.TraceInformation("Security token validated")                          
                     Return Task.FromResult(0)
                     End Function,
                  .AuthorizationCodeReceived = Function(ctx)
                     Trace.TraceInformation("Auth Code Recieved event")
                     Return Task.FromResult(0)
                     End Function,
                  .RedirectToIdentityProvider = Function(context)
                   Trace.TraceInformation("start of RedirectToIDProvider")
                    Return Task.FromResult(0)
                    End Function
                    }
            }

            Trace.TraceInformation("adding OpenIdAuthOptyions")
            app.UseOpenIdConnectAuthentication(OpenIdAuthOption)
            Trace.TraceInformation("finihsed adding OpenIdAuthOptyions")
        End Sub

As I mentioned above, this code works fine locally. It only does not work when hosted on Azure. When running locally, the events are fired in this order:

  1. RedirectToIdentityProvider
  2. Message Received
  3. Security Token Received
  4. Security Token Validated

But, in Azure, only RedirectToIdentityProvider is fired.


回答1:


Changed your Action to take when request is not authenticated in App Service Authentication/Authorization section in the azure portal from LogIn with Azure Active Directory to Allow Anonymous requests. As shown on the picture below:

Then the SecurityTokenValidated would be fired. App services auth takes place outside of you app, so customized auth code in your app never gets a chance to run. When you turn that off it allows your app to handle the auth itself the same way it does locally.

Here is the similar issue you could refer to.




回答2:


Try changing the application manifest of the application definition on Azure to set the "oauth2AllowIdTokenImplicitFlow" property to true from false.

  1. Go to the Azure Portal,
  2. Select to Azure Active Directory
  3. Select App Registrations
  4. Select your app.
  5. Click on Manifest
  6. Find the value oauth2AllowIdTokenImplicitFlow and change it's value to true
  7. Click Save

2) In your startup.cs file, change the following:

ResponseType = OpenIdConnectResponseType.Code
to
ResponseType = OpenIdConnectResponseType.CodeIdToken

and see if it helps.



来源:https://stackoverflow.com/questions/55225902/asp-net-useopenidconnectauthentication-not-working-in-azure

标签
ASP.NET
azure
owin
openid
openid-connect
易学教程内所有资源均来自网络或用户发布的内容,如有违反法律规定的内容欢迎反馈
该文章没有解决你所遇到的问题?点击提问,说说你的问题,让更多的人一起探讨吧!