SSO：Microsoft身份和Azure AD身份验证

Question

我想为我的.Net核心Web应用程序实现Windows SSO身份验证，我尝试按照以下方法进行操作，但是Authorize属性无法正常工作。当我执行带有授权属性的操作时，这应该导航到Azure AD登录页面，但它没有导航到任何地方，并且返回如下所示的URL显示，我在哪里出错了？与代码还有其他关系吗？

from flask import render_template, url_for, flash, redirect, session, request
from scrabblescorer import app, db
from scrabblescorer.models import Player
from scrabblescorer.forms import TwoPlayerGameForm, NewGameForm, TwoPlayerNameForm, \
    ThreePlayerGameForm, FourPlayerGameForm, ThreePlayerNameForm, FourPlayerNameForm, FinalScoreForm


# Pre game class
@app.route("/", methods=['GET', 'POST'])
@app.route("/home", methods=['GET', 'POST'])
def start_game():
    db.drop_all()
    form = NewGameForm()
    # Save the number of players to be accessed elsewhere
    session['num_players'] = request.form.get('num_players')
    if form.validate_on_submit():
        db.create_all()
        return redirect(url_for('enter_names'))
    return render_template('start_game.html', form=form)


@app.route("/enter_names", methods=['GET', 'POST'])
def enter_names():
    num_players = session.get('num_players', None)
    if num_players == '2':
        form = TwoPlayerNameForm()
    elif num_players == '3':
        form = ThreePlayerNameForm()
    elif num_players == '4':
        form = FourPlayerNameForm()

    if form.validate_on_submit():
        # Add player names to the database
        for field in form:
            if field.type == 'StringField':
                player = Player(player=field.data, score=0)
                db.session.add(player)
        db.session.commit()
        flash('Starting Game!', 'success')
        return redirect(url_for('game'))
    return render_template('enter_names.html', form=form)


# Mid game class
@app.route("/game", methods=['GET', 'POST'])
def game():
    num_players = session.get('num_players', None)
    if num_players == '2':
        form = TwoPlayerGameForm()
    elif num_players == '3':
        form = ThreePlayerGameForm()
    elif num_players == '4':
        form = FourPlayerGameForm()

    players = Player.query.all()
    # Add latest turn scores to the database
    if form.validate_on_submit():
        fields = [field for field in form if field.type == 'IntegerField']
        for field, player in zip(fields, players):
            player.score += field.data
        db.session.commit()

        # Checks which button was pressed
        if form.submit.data:
            flash('Scores updated.', 'success')
            return redirect(url_for('game'))
        elif form.end_game.data:
            return redirect(url_for('final_scores'))
    return render_template('game.html', form=form, players=players, num_players=num_players)


# final scores
@app.route("/final_scores", methods=['GET', 'POST'])
def final_scores():
    players = Player.query.all()
    form = FinalScoreForm()
    if form.validate_on_submit():
        return redirect(url_for('start_game'))
    return render_template('final_scores.html', form=form, players=players)

当我从ProjectController导航到页面时，它会提供以下返回URL，但不会导航到Microsoft Azure登录页面。

[Microsoft.AspNetCore.Authorization.Authorize]
public class ProjectController : BaseController
{
 .....
}

我的Startup.cs，

 https://localhost:44360/Account/Login?ReturnUrl=%2FProject%2FManageProject

我的AzureAd字符串

 public void ConfigureServices(IServiceCollection services)
    {
        services.Configure<CookiePolicyOptions>(options =>
        {
            // This lambda determines whether user consent for non-essential cookies is needed for a given request.
            options.CheckConsentNeeded = context => true;
            options.MinimumSameSitePolicy = SameSiteMode.None;
        });


        services.AddAuthentication(IISDefaults.AuthenticationScheme);

        services.AddAuthentication(AzureADDefaults.AuthenticationScheme).AddAzureAD
               (options => Configuration.Bind("AzureAd", options));

        services.Configure<OpenIdConnectOptions>(AzureADDefaults.OpenIdScheme, options =>
        {
            options.Authority = options.Authority + "/v2.0/";         // Microsoft identity platform

            options.TokenValidationParameters.ValidateIssuer = false; // accept several tenants (here simplified)
        });

        services.AddIdentity<IdentityUser, IdentityRole>(options =>
        {
            options.User.RequireUniqueEmail = false;
        })
        .AddEntityFrameworkStores<ShardingDbContext>()
        .AddDefaultTokenProviders();

        services.AddDistributedMemoryCache();

        services.AddSession(options =>
        {
            // Set a short timeout for easy testing.
            //options.IdleTimeout = TimeSpan.FromSeconds(10);
            //options.Cookie.HttpOnly = true;
            // Make the session cookie essential
            options.Cookie.IsEssential = true;
        });

        services.AddMvc().SetCompatibilityVersion(CompatibilityVersion.Version_2_1);

        //Fetching Connection string from APPSETTINGS.JSON  
        var ConnectionString = Configuration.GetConnectionString("MbkDbConstr");

        //Entity Framework  
        services.AddDbContext<ShardingDbContext>(options => options.UseSqlServer(ConnectionString));

        //Automapper Configuration
        AutoMapperConfiguration.Configure();
    }

}