开发环境

Question

更新：

As suggested I changed my Startup.auth.cs to code below

    public partial class Startup
    {
        private static string clientId = ConfigurationManager.AppSettings["ida:ClientId"];
        private static string appKey = ConfigurationManager.AppSettings["ida:ClientSecret"];
        private static string aadInstance = ConfigurationManager.AppSettings["ida:AADInstance"];
        private static string tenantId = ConfigurationManager.AppSettings["ida:TenantId"];
        private static string postLogoutRedirectUri = ConfigurationManager.AppSettings["ida:PostLogoutRedirectUri"];

        public static readonly string Authority = aadInstance + tenantId;

        // This is the resource ID of the AAD Graph API.  We'll need this to request a token to call the Graph API.
        string graphResourceId = "https://graph.windows.net";

        public void ConfigureAuth(IAppBuilder app)
        {
            ApplicationDbContext db = new ApplicationDbContext();

            app.SetDefaultSignInAsAuthenticationType(CookieAuthenticationDefaults.AuthenticationType);

            app.UseCookieAuthentication(new CookieAuthenticationOptions());

            app.UseOpenIdConnectAuthentication(
                new OpenIdConnectAuthenticationOptions
                {
                    ClientId = clientId,
                    Authority = Authority,
                    PostLogoutRedirectUri = postLogoutRedirectUri,

                    Notifications = new OpenIdConnectAuthenticationNotifications()
                    {
                        // If there is a code in the OpenID Connect response, redeem it for an access token and refresh token, and store those away.
                       AuthorizationCodeReceived = (context) => 
                       {
                           var code = context.Code;
                           ClientCredential credential = new ClientCredential(clientId, appKey);
                           string signedInUserID = context.AuthenticationTicket.Identity.FindFirst(ClaimTypes.NameIdentifier).Value;
                           AuthenticationContext authContext = new AuthenticationContext(Authority, new ADALTokenCache(signedInUserID));



                               AuthenticationResult result =
                                 authContext.AcquireTokenByAuthorizationCode(
                                     code,
                                     new Uri(HttpContext.Current.Request.Url.GetLeftPart(UriPartial.Path)),
                                     credential,
                                     graphResourceId);


                           return Task.FromResult(0);
                       },


                        RedirectToIdentityProvider = context =>
                        {
                            string appBaseUrl = context.Request.Scheme + "://" + context.Request.Host + context.Request.PathBase;
                            string currentUrl = context.Request.Scheme + "://" + context.Request.Host + context.Request.Path;
                            context.ProtocolMessage.RedirectUri = currentUrl;
                            context.ProtocolMessage.PostLogoutRedirectUri = appBaseUrl;
                            return Task.FromResult(0);
                        }
                    }
                });
        }
    }

现在我有了这个：

有时在我的ApplicationDbContext上发生DbEntityValidationException（用于存储ADALTokenCache）

使用Azure AD ou Office 365对Web应用程序进行编码以进行用户身份验证时，您需要创建应用程序密钥，并在登录后配置Azure重定向到您的应用程序的URL。 此URL应在web.config中配置，但Azure AD会忽略应用程序发送的URI参数，并将您重定向到生产URI而不是开发URI。

我的开发网址：https://localhost:44315/ 生产网址：http://timesheet.tecnun.com.br/

应用程序忽略web.config并始终重定向到生产URL

的web.config：

  <appSettings>
    <add key="webpages:Version" value="3.0.0.0" />
    <add key="webpages:Enabled" value="false" />
    <add key="ClientValidationEnabled" value="true" />
    <add key="UnobtrusiveJavaScriptEnabled" value="true" />
    <add key="ida:ClientId" value="xxxxx" />
    <add key="ida:AADInstance" value="https://login.microsoftonline.com/" />
    <add key="ida:ClientSecret" value="xxxx" />
    <add key="ida:Domain" value="tecnun.com.br" />
    <add key="ida:TenantId" value="xxx" />
    <add key="ida:PostLogoutRedirectUri" value="https://localhost:44315/" />
  </appSettings>

我的天蓝色配置：

我喜欢使用两种环境，即开发和生产/真实。但是我无法在不创建两个应用程序的情况下找到如何做到这一点。

Answer 1

要使相同的应用程序适用于不同的重定向URL，我们可以在Web应用程序重定向到身份数据提供程序之前动态更改它。

以下是供您参考的代码示例：

app.UseOpenIdConnectAuthentication(
    new OpenIdConnectAuthenticationOptions
    {
        ClientId = clientId,
        Authority = authority,

        Notifications = new OpenIdConnectAuthenticationNotifications
        {
            RedirectToIdentityProvider=context=>
            {                                  
                string appBaseUrl = context.Request.Scheme + "://" + context.Request.Host + context.Request.PathBase;
                string currentUrl = context.Request.Scheme + "://" + context.Request.Host + context.Request.Path;
                context.ProtocolMessage.RedirectUri = currentUrl;
                context.ProtocolMessage.PostLogoutRedirectUri = appBaseUrl;
                return Task.FromResult(0);
            }
        }
    });