我正在开发一个ASP.NET Core应用程序,它连接到AzureAD进行身份验证,我一直坚持这个与回复地址相关的问题。我得到的错误信息是:
AADSTS50011:回复地址“http://xxx.xcf-np.local/signin-oidc”未使用安全方案。
这是因为回复地址是HTTP而不是HTTPS。
'http://xxx.xcf-np.local/signin-oidc'是CloudFoundry上的路由地址,但面向公众的网址为https://abc.np.ag/(您在浏览器中输入的网址)
我有几个问题 1.我通过https://abc.np.ag/访问了网站,但为什么我将CF uri作为我的回复地址? 2.有没有办法强制我的回复地址到公共URL?
public void Configure(IApplicationBuilder app, IHostingEnvironment env, ILoggerFactory loggerFactory)
{
loggerFactory.AddConsole(Configuration.GetSection("Logging"));
loggerFactory.AddDebug();
app.UseDeveloperExceptionPage();
app.UseBrowserLink();
app.UseStaticFiles();
app.UseSession();
// Configure the OWIN pipeline to use cookie auth.
app.UseCookieAuthentication(new CookieAuthenticationOptions());
// Configure the OWIN pipeline to use OpenID Connect auth.
app.UseOpenIdConnectAuthentication(new OpenIdConnectOptions
{
ClientId = Configuration["AzureAD:ClientId"],
Authority = string.Format(CultureInfo.InvariantCulture, Configuration["AzureAd:AadInstance"], "common", "/v2.0"),
ResponseType = OpenIdConnectResponseType.IdToken,
Events = new OpenIdConnectEvents
{
OnRemoteFailure = RemoteFailure,
OnTokenValidated = TokenValidated,
},
TokenValidationParameters = new TokenValidationParameters
{
// Instead of using the default validation (validating against
// a single issuer value, as we do in line of business apps),
// we inject our own multitenant validation logic
ValidateIssuer = false,
NameClaimType = "name"
}
});
app.UseMvc(routes =>
{
routes.MapRoute(
"areaRoute",
"{area:exists}/{controller}/{action}/{id?}");
routes.MapRoute(
"default",
"{controller=Home}/{action=Index}/{id?}");
});
}
private static Task TokenValidated(TokenValidatedContext context)
{
// do stuff...
return Task.FromResult(0);
}
// Handle sign-in errors differently than generic errors.
private static Task RemoteFailure(FailureContext context)
{
context.HandleResponse();
context.Response.Redirect("/Home/Error?message=" + context.Failure.Message);
return Task.FromResult(0);
}