我在Azure AD中配置了两个租户。我的用户在我的租户中成功进行身份验证,但是另一个租户的其他用户可以访问我的应用程序。
我的申请有什么问题?我在我的代码中使用OpenId Connect协议,例如:
app.UseOpenIdConnectAuthentication(
new OpenIdConnectAuthenticationOptions
{
ClientId = clientId,
Authority = authority,
TokenValidationParameters = new System.IdentityModel.Tokens.TokenValidationParameters
{
ValidateIssuer = false,
},
Notifications = new OpenIdConnectAuthenticationNotifications()
{
SecurityTokenValidated = (context) =>
{
return Task.FromResult(0);
},
AuthenticationFailed = (context) =>
{
context.HandleResponse();
return Task.FromResult(0);
}
}
});
我在Azure上设置错误了吗?
有人帮助我吗?
谢谢,
维莱拉
答案 0 :(得分:0)
我在Azure AD中配置了两个租户。
租户对应Azure Active Directory。因此,当有两个租户意味着您有两个不同的Azure Active Directory时。(请参阅here关于详细信息概念)
要启用多租户应用,我们需要从old Azure portal启用它并定位您的应用。然后你可以通过参考下图来设置它:
app.UseOpenIdConnectAuthentication(
new OpenIdConnectAuthenticationOptions
{
ClientId = ClientId,
Authority = Authority,
TokenValidationParameters = new System.IdentityModel.Tokens.TokenValidationParameters
{
// instead of using the default validation (validating against a single issuer value, as we do in line of business apps),
// we inject our own multitenant validation logic
ValidateIssuer = false,
},
Notifications = new OpenIdConnectAuthenticationNotifications()
{
// we use this notification for injecting our custom logic
SecurityTokenValidated = (context) =>
{
// retriever caller data from the incoming principal
string issuer = context.AuthenticationTicket.Identity.FindFirst("iss").Value;
var issuer1 = "";
var issuer2 = "";
if ((issuer!=issuer1)&& (issuer != issuer2))
// the caller was neither from a trusted issuer - throw to block the authentication flow
throw new SecurityTokenValidationException();
return Task.FromResult(0);
}
}
});