使用Azure AD登录Nodejs Web应用程序

时间:2015-12-16 11:49:01

标签: node.js azure login

我试图弄清楚如何使用Azure AD对用户进行身份验证。为了进行实验,我尝试了在https://github.com/Azure-Samples/active-directory-node-webapp-openidconnect找到的Microsoft示例。

我在Azure中设置了一个Active Directory,并添加了一个名为 test 的新应用程序,其中添加了id uri:http://testmagnhalv

现在,当我按照自述文件中的说明运行服务器时,我会被重定向到login.microsoftonline.com并提示登录。但是当我提供username / pw时,我会再次被重定向回登录页面。

我怀疑问题是我没有正确设置config.json中的变量,但我很难找到需要设置值的文档。

任何人都有过这个例子的经验吗?

3 个答案:

答案 0 :(得分:1)

首先,您必须将应用添加到活动目录,然后使用ADAL (Active Directory Authentication Library) for nodeJS 

header('Content-Type: text/event-stream');
header('Cache-Control: no-cache');

require_once('lib/libsse/src/libsse.php');

//create the event handler
class messages extends SSEEvent {

    public function update($messages){
        //send notification data to the user
        return $messages;
    }

    public function check(){
          $sql = mysqli_connect("localhost", "username", "password");
          mysqli_select_db($sql, "db");

          $username = 'name';
          $a = mysqli_query($sql, "SELECT `last_checked` FROM `users` WHERE `name` = '".$username."';");
          $a = mysqli_fetch_row($a);

          mysqli_query($sql, "UPDATE `users` SET `last_checked` = now() WHERE `name` = '".$username."';");

          $b = mysqli_query($sql, "SELECT `last_checked` FROM `users` WHERE `name` = '".$username."';");
          $b = mysqli_fetch_row($b);

          return json_encode($a[0]."---".$b[0]);
    }
}

$sse = new SSE();//create a libSSE instance
//adjust libSSE settings
$sse->exec_limit = 0; //the execution time of the loop in seconds. Default: 600. Set to 0 to allow the script to run as long as possible.
$sse->sleep_time = 5; //The time to sleep after the data has been sent in seconds. Default: 0.5.
$sse->client_reconnect = 2; //the time for the client to reconnect after the connection has lost in seconds. Default: 1.
$sse->keep_alive_time = 10; //The interval of sending a signal to keep the connection alive. Default: 300 seconds.
$sse->addEventListener('messages',new messages());//register your event handler
$sse->start();//start the event loop

准备您的应用以进行身份​​验证,引用azure AD App注册值。

npm install adal-node

现在您需要获得授权令。

var AuthenticationContext = require('adal-node').AuthenticationContext;

var clientId = 'yourClientIdHere';
var clientSecret = 'yourAADIssuedClientSecretHere'
var redirectUri = 'yourRedirectUriHere';
var authorityHostUrl = 'https://login.windows.net';
var tenant = 'myTenant';
var authorityUrl = authorityHostUrl + '/' + tenant;
var redirectUri = 'http://localhost:3000/getAToken';
var resource = '00000002-0000-0000-c000-000000000000';
var templateAuthzUrl = 'https://login.windows.net/' + 
                        tenant + 
                        '/oauth2/authorize?response_type=code&client_id=' +
                        clientId + 
                        '&redirect_uri=' + 
                        redirectUri + '
                        &state=<state>&resource=' + 
                        resource;

最后处理身份验证重定向

function createAuthorizationUrl(state) {
  return templateAuthzUrl.replace('<state>', state);
}

// Clients get redirected here in order to create an OAuth authorize url and redirect them to AAD.
// There they will authenticate and give their consent to allow this app access to
// some resource they own.
app.get('/auth', function(req, res) {
  crypto.randomBytes(48, function(ex, buf) {
    var token = buf.toString('base64').replace(/\//g,'_').replace(/\+/g,'-');

    res.cookie('authstate', token);
    var authorizationUrl = createAuthorizationUrl(token);

    res.redirect(authorizationUrl);
  });
});

您可以在ADAL中找到nodeJS存储库的完整示例,以及更多内容:

Windows Azure Active Directory Authentication Library (ADAL) for Node.js

这是从GitHub ADAL存储库中获取的simple but full demo

网站sample.js 

// After consent is granted AAD redirects here.  The ADAL library is invoked via the
// AuthenticationContext and retrieves an access token that can be used to access the
// user owned resource.
app.get('/getAToken', function(req, res) {
  if (req.cookies.authstate !== req.query.state) {
    res.send('error: state does not match');
  }

  var authenticationContext = new AuthenticationContext(authorityUrl);

  authenticationContext.acquireTokenWithAuthorizationCode(
    req.query.code,
    redirectUri,
    resource,
    clientId, 
    clientSecret,
    function(err, response) {
      var errorMessage = '';
      if (err) {
        errorMessage = 'error: ' + err.message + '\n';
      }
      errorMessage += 'response: ' + JSON.stringify(response);
      res.send(errorMessage);
    }
  );
});

https://github.com/AzureAD/azure-activedirectory-library-for-nodejs/blob/master/sample/website-sample.js

答案 1 :(得分:0)

据我所知,我建议你可以按照下面的两个文件作为参考来开始。

  1. Web App登录&amp;使用Azure AD https://azure.microsoft.com/en-us/documentation/articles/active-directory-devquickstarts-openidconnect-nodejs/
    2. 注销
  2. 将Azure AD集成到NodeJS Web应用程序https://azure.microsoft.com/en-us/documentation/samples/active-directory-node-webapp-openidconnect/

    3. 为了便于开发,您可以尝试使用节点包passport-azure-adhttps://github.com/AzureAD/passport-azure-ad)作为passporthttp://passportjs.org/)的一种策略,以便NodeJS实现您的需要。

答案 2 :(得分:0)

我有类似的问题并且能够解决。谷歌搜索后,我在config.js中进行了两项更改。

  1. 发布者值设置为false。
  2. responseMode值从查询更改为form_post。

config.js:

exports.creds = {
    issuer : false,  
    realm : "<TENANT>",
    returnURL: 'http://localhost:3000/auth/openid/return',
    identityMetadata: 'https://login.microsoftonline.com/common/.well-known/openid-configuration', // For using Microsoft you should never need to change this.
    clientID: '<CLIENT_ID>',
    clientSecret: '<CLIENT_SECRET>', // if you are doing code or id_token code
    skipUserProfile: true, // for AzureAD should be set to true.
    responseType: 'id_token code', // for login only flows use id_token. For accessing resources use `id_token code`
    responseMode: 'form_post', // For login only flows we should have token passed back to us in a POST
 };
相关问题
最新问题