RAh*_*pte 1 azure multi-tenant azure-active-directory azure-web-app-service asp.net-core
设置多租户应用程序后,出现以下错误。处理请求时发生未处理的异常。
SecurityTokenInvalidIssuerException: IDX10205: 发行人验证失败。发行人:“ https://sts.windows.net/2566cb39-d9fg-5ad6-tryb-d1e2kl067a89/ ”。不匹配:validationParameters.ValidIssuer:'null'或validationParameters.ValidIssuers:' https : //sts.windows.net/{tenantid}/'。
Microsoft.AspNetCore.Authentication.RemoteAuthenticationHandler+d__12.MoveNext() 堆栈查询 Cookie 标头 SecurityTokenInvalidIssuerException:IDX10205:颁发者验证失败。发行人:“ https://sts.windows.net/2096cb39-d9fd-4ad6-bbeb-d1e2be067a89/ ”。不匹配:validationParameters.ValidIssuer: 'null' 或 validationParameters.ValidIssuers: ' https://sts.windows.net/{租户}/'。Microsoft.AspNetCore.Authentication.RemoteAuthenticationHandler+d__12.MoveNext() System.Runtime.CompilerServices.TaskAwaiter.ThrowForNonSuccess(任务任务) System.Runtime.CompilerServices.TaskAwaiter.HandleNonSuccessAndDebuggerNotification(任务任务) Microsoft.AspNetCore.Authentication.AuthenticationMiddleware+d__6.Move () System.Runtime.CompilerServices.TaskAwaiter.ThrowForNonSuccess(Task task) System.Runtime.CompilerServices.TaskAwaiter.HandleNonSuccessAndDebuggerNotification(Task task) Microsoft.AspNetCore.Session.SessionMiddleware+d__9.MoveNext() Microsoft.AspNetCore.Session.SessionMiddleware+d__9 .MoveNext() System.Runtime.CompilerServices.TaskAwaiter.ThrowForNonSuccess(Task task) System.Runtime.CompilerServices.TaskAwaiter。
下面是startup.cs代码
using System;
using System.Collections.Generic;
using System.IO;
using System.Linq;
using System.Threading.Tasks;
using LPPlusUI.Models;
using Microsoft.AspNetCore.Authentication;
using Microsoft.AspNetCore.Authentication.Cookies;
using Microsoft.AspNetCore.Authentication.JwtBearer;
using Microsoft.AspNetCore.Authentication.OpenIdConnect;
using Microsoft.AspNetCore.Builder;
using Microsoft.AspNetCore.Hosting;
using Microsoft.EntityFrameworkCore;
using Microsoft.Extensions.Configuration;
using Microsoft.Extensions.DependencyInjection;
using Microsoft.Extensions.FileProviders;
using Microsoft.IdentityModel.Tokens;
using ReflectionIT.Mvc.Paging;
namespace LPPlusUI
{
public class Startup
{
public Startup(IConfiguration configuration)
{
Configuration = configuration;
}
public IConfiguration Configuration { get; }
// This method gets called by the runtime. Use this method to add services to the container.
public void ConfigureServices(IServiceCollection services)
{
services.AddAuthentication(sharedOptions =>
{
sharedOptions.DefaultScheme = CookieAuthenticationDefaults.AuthenticationScheme;
sharedOptions.DefaultChallengeScheme = OpenIdConnectDefaults.AuthenticationScheme;
})
.AddAzureAd(options => Configuration.Bind("AzureAd", options))
.AddCookie();
services.AddDistributedMemoryCache();
services.AddSession(options => {
options.IdleTimeout = TimeSpan.FromMinutes(30);//You can set Time
});
services.AddMvc();
services.AddPaging();
var connection = @"string";
services.AddDbContext<LPPlusExamContext>(options => options.UseSqlServer(connection));
}
//This method gets called by the runtime.Use this method to configure the HTTP request pipeline.
public void Configure(IApplicationBuilder app, IHostingEnvironment env)
{
if (env.IsDevelopment())
{
app.UseBrowserLink();
app.UseDeveloperExceptionPage();
}
else
{
app.UseExceptionHandler("/Home/Error");
}
app.UseStaticFiles();
app.UseSession();
app.UseAuthentication();
app.UseMvc(routes =>
{
routes.MapRoute(
name: "default",
template: "{controller=Home}/{action=Index}/{id?}");
});
}
}
}
下面是来自 appsettings.json 的代码
{
"Logging": {
"IncludeScopes": false,
"LogLevel": {
"Default": "Warning"
}
},
"AzureAd": {
"ClientId": "141b2123-d239-3568a-a713-4d4fg5781f57",
"Domain": "lpstaging.onmicrosoft.com",
"Instance": "https://login.microsoftonline.com/",
"TenantId": "common",
"CallbackPath": "/signin-oidc",
"ClientSecret": "eVLSRM7yHjkjh678sghgjdGTh7shjkSgtGSU4=",
"AppIDURL": "https://lpstaging.onmicrosoft.com/<app-id>",
"ConfigView": "MVC"
}
}
我让它工作...
services.AddAuthentication(options => { options.DefaultScheme = CookieAuthenticationDefaults.AuthenticationScheme; options.DefaultChallengeScheme = OpenIdConnectDefaults.AuthenticationScheme; })
.AddOpenIdConnect(options =>
{
var azureadoptions = new AzureAdOptions(); Configuration.Bind("AzureAd", azureadoptions);
options.ClientId = $"{azureadoptions.ClientId}";
options.Authority = $"{azureadoptions.Instance}{azureadoptions.TenantId}";
options.TokenValidationParameters = new Microsoft.IdentityModel.Tokens.TokenValidationParameters
{
ValidateIssuer = false,
ValidAudience = $"{azureadoptions.ClientId}",
//ValidAudiences = new List<string> { $"{azureadoptions.ClientId}", $"api://{azureadoptions.ClientId}", $"https://myapp.azurewebsites.net/" },
//ValidIssuer = $"https://sts.windows.net/{azureadoptions.ClientId}/" // for "signInAudience": "AzureADMyOrg" or "AzureADMultipleOrgs"
//ValidIssuer = $"{azureadoptions.Instance}{azureadoptions.TenantId}" // for "signInAudience": "AzureADandPersonalMicrosoftAccount"
//ValidIssuers = new List<string> { $"https://sts.windows.net/{azureadoptions.TenantId}/", $"{azureadoptions.Instance}{azureadoptions.TenantId}/v2.0" }
};
//Log.LogInformation($"the AddJwtBearer options have been configured for ClientId = {azureadoptions.ClientId}");
})
.AddCookie();
| 归档时间: |
|
| 查看次数: |
2720 次 |
| 最近记录: |