将IdentityServer4与Azure Active Directory连接

时间:2017-07-14 07:12:00

标签: azure-active-directory identityserver4

作为我的要求之一,我应该将IdentitySever与Active Directory与现有用户和声明连接起来。到目前为止,我设法在Azure门户中创建了一个App Registration。所以我有Appication ID并且还配置了API Key。此外,我有一个端点列表:

https://login.windows.net/{ad_guid}/federationmetadata/2007-06/federationmetadata.xml
https://login.windows.net/{ad_guid}/wsfed
https://login.windows.net/{ad_guid}/saml2
https://login.windows.net/{ad_guid}/saml2
https://graph.windows.net/{ad_guid}
https://login.windows.net/{ad_guid}/oauth2/token
https://login.windows.net/{ad_guid}/oauth2/authorize

我可以使用

获取OpenID配置 
https://login.windows.net/{ad_guid}/.well-known/openid-configuration

根据documentation from Microsoft,我现在应该像这样配置端点:

app.SetDefaultSignInAsAuthenticationType(
    CookieAuthenticationDefaults.AuthenticationType);

app.UseCookieAuthentication(new CookieAuthenticationOptions());

var uri = "https://login.windows.net/{0}";
var instance = configuration["AzureAD:Instance"];
var authority = string.Format(CultureInfo.InvariantCulture, uri, instance);

app.UseOpenIdConnectAuthentication(new OpenIdConnectAuthenticationOptions
{
    DisplayName = "Azure Active Directory",
    AuthenticationScheme = "AzureAD",
    SignInScheme = IdentityServerConstants.ExternalCookieAuthenticationScheme,
    ClientId = configuration["AzureAD:AppId"],
    Authority = authority, 
    Scope = {"openid", "email"}
});

由于某种原因,这不起作用。我可能错过了什么想法?

1 个答案:

答案 0 :(得分:1)

显然,我几乎是对的。这是我的解决方案:

WebRequest.Create(url)
JwtSecurityTokenHandler.DefaultInboundClaimTypeMap.Clear();

app.UseCookieAuthentication(new CookieAuthenticationOptions
{
    AuthenticationScheme = 
        IdentityServerConstants.DefaultCookieAuthenticationScheme,
    AutomaticAuthenticate = true,
    AutomaticChallenge = true
});
相关问题
最新问题