我在Azure网站上运行了一个ASP.NET核心应用程序。该站点已设置为根据此this example
使用Azure AD进行身份验证我们一直在与一组用户一起测试该网站,最初他们可以访问该网站。大约24小时后,当他们尝试访问网站时,我的网站上的 / signin-oidc 和https://login.microsoftonline.com auth端点之间进入了一个循环,然后崩溃了502.3坏网关。
不确定它是否相关,但我也在日志中看到了这一点
用户授权失败:(null)。
这发生在两个Azure网站(登台和制作)上,但我无法在本地运行的笔记本电脑上复制它。
这是我在StartUp.cs中使用的代码
services.AddAuthentication(options =>
{
options.DefaultScheme = CookieAuthenticationDefaults.AuthenticationScheme;
options.DefaultChallengeScheme = OpenIdConnectDefaults.AuthenticationScheme;
}).AddOpenIdConnect(options =>
{
options.ClientId = azureAdOptions.ClientId;
var scopes = new List<string>
{
"openid,",
"email",
"profile,",
"offline_access",
"user_impersonation",
"User.Read",
"Mail.Read",
"Mail.Send",
"Directory.Read",
"User.ReadBasic.All",
"Calendars.ReadWrite",
"Sites.ReadWrite.All"
};
foreach (var scope in scopes)
{
options.Scope.Add(scope);
}
options.Resource = graphOptions.ResourceId;
options.Authority = $"{azureAdOptions.AadInstance}{azureAdOptions.Tenant}";
options.SignedOutRedirectUri = azureAdOptions.PostLogoutRedirectUri;
options.CallbackPath = "/signin-oidc";
options.ResponseType = OpenIdConnectResponseType.CodeIdToken;
options.Events = new OpenIdConnectEvents
{
OnRemoteFailure = OnAuthenticationFailed,
OnAuthorizationCodeReceived = async (context) =>
{
var code = context.ProtocolMessage.Code;
var identifier = context.Principal.GetObjectIdentifierValue();
var provider = services.BuildServiceProvider();
var authProvider = provider.GetService<IInSiteAuthProvider>();
var result = await authProvider.GetTokenByAuthorizationCodeAsync(identifier, code);
if (result == null)
{
context.Fail("couldn't get auth code");
}
else
{
context.HandleCodeRedemption(result.AccessToken, result.IdToken);
}
}
};
}).AddCookie();