Azure AD身份验证

时间:2015-11-24 21:41:01

标签: azure owin

我正在尝试将ASP.NET MVC应用程序从表单身份验证迁移到Azure AD。在本地它工作正常,但当我部署到开发服务器时,我收到此错误:

[InvalidOperationException: IDX10803: Unable to create to obtain configuration from: 'https://login.microsoftonline.com/mydomain.onmicrosoft.com/.well-known/openid-configuration'.]

这是Startup类:

 public partial class Startup
{
    private static readonly string clientId = ConfigurationManager.AppSettings["ida:ClientId"];
    private static readonly string aadInstance = ConfigurationManager.AppSettings["ida:AADInstance"];
    private static readonly string postLogoutRedirectUri = ConfigurationManager.AppSettings["ida:PostLogoutRedirectUri"];
    private static readonly string redirectUri = ConfigurationManager.AppSettings["ida:RedirectUri"];
    private static readonly string tenant = ConfigurationManager.AppSettings["ida:Tenant"];
    private static readonly string domain = ConfigurationManager.AppSettings["ida:Domain"];

    private static readonly string authority = string.Format(aadInstance, tenant);

    public void ConfigureAuth(IAppBuilder app)
    {
        app.SetDefaultSignInAsAuthenticationType(CookieAuthenticationDefaults.AuthenticationType);

        app.UseCookieAuthentication(new CookieAuthenticationOptions());

        app.UseOpenIdConnectAuthentication(
            new OpenIdConnectAuthenticationOptions
            {
                ClientId = clientId,
                Authority = authority,
                PostLogoutRedirectUri = postLogoutRedirectUri,
                RedirectUri = redirectUri,
                /*
                * Skipping the Home Realm Discovery Page in Azure AD
                * http://www.cloudidentity.com/blog/2014/11/17/skipping-the-home-realm-discovery-page-in-azure-ad/
                */
                Notifications = new OpenIdConnectAuthenticationNotifications
                {
                    RedirectToIdentityProvider = (context) =>
                    {
                        context.ProtocolMessage.DomainHint = domain;
                        return Task.FromResult(0);
                    }
                }
            });
    }
}

如果我打开https://login.microsoftonline.com/mydomain.onmicrosoft.com/.well-known/openid-configuration链接,我会收到:

{"authorization_endpoint":"https://login.microsoftonline.com/58f6d2d3-81bd-40d7-872f-8e17475a8058/oauth2/authorize","token_endpoint":"https://login.microsoftonline.com/58f6d2d3-81bd-40d7-872f-8e17475a8058/oauth2/token","token_endpoint_auth_methods_supported":["client_secret_post","private_key_jwt"],"jwks_uri":"https://login.microsoftonline.com/common/discovery/keys","response_modes_supported":["query","fragment","form_post"],"subject_types_supported":["pairwise"],"id_token_signing_alg_values_supported":["RS256"],"response_types_supported":["code","id_token","code id_token","token id_token","token"],"scopes_supported":["openid"],"issuer":"https://sts.windows.net/58f6d2d3-81bd-40d7-872f-8e17475a8058/","claims_supported":["sub","iss","aud","exp","iat","auth_time","acr","amr","nonce","email","given_name","family_name","nickname"],"microsoft_multi_refresh_token":true,"check_session_iframe":"https://login.microsoftonline.com/58f6d2d3-81bd-40d7-872f-8e17475a8058/oauth2/checksession","end_session_endpoint":"https://login.microsoftonline.com/58f6d2d3-81bd-40d7-872f-8e17475a8058/oauth2/logout","userinfo_endpoint":"https://login.microsoftonline.com/58f6d2d3-81bd-40d7-872f-8e17475a8058/openid/userinfo"}

1 个答案:

答案 0 :(得分:0)

似乎问题是防火墙设置。