通过OpenID Connect连接到AzureAd在.NET 8中似乎被破坏了

ig9co6j1  于 12个月前  发布在  .NET
关注(0)|答案(1)|浏览(108)

我刚刚将我的项目从.NET 7升级到.NET 8,OpenID Connect to AzureAD停止工作。以下代码在.NET 7中工作:

authenticationBuilder.AddOpenIdConnect(authenticationScheme: "AzureAd", displayName: "Azure Active Directory", options =>
{
              string oidcInstance = configuration["AzureAd:Instance"]!;
              string oidcDomain = configuration["AzureAd:Domain"]!;
              string oidcClientId = configuration["AzureAd:ClientId"]!;
              string oidcTenantId = configuration["AzureAd:TenantId"]!;
              string oidcClientSecret = configuration["AzureAd:ClientSecret"]!;

              options.Authority = $"https://login.microsoftonline.com/{oidcTenantId}/v2.0/";
              options.RequireHttpsMetadata = false;
              options.ClientId = oidcClientId;
              options.ClientSecret = oidcClientSecret;
              options.ResponseType = OpenIdConnectResponseType.CodeIdToken;
              options.TokenValidationParameters.IssuerValidator = AadIssuerValidator.GetAadIssuerValidator(oidcInstance).Validate;
              options.GetClaimsFromUserInfoEndpoint = true;
              options.MapInboundClaims = false;
              options.TokenValidationParameters.NameClaimType = "name";
              options.CallbackPath = new PathString("/signin-oidc");
              options.SignedOutCallbackPath = new PathString("/signout-callback-oidc");
              options.RemoteSignOutPath = new PathString("/signout-oidc");

              //Setting the following has no effect.
              //options.MetadataAddress = $"https://login.microsoftonline.com/{oidcTenantId}/v2.0/.well-known/openid-configuration";

              options.Events.OnUserInformationReceived = async userInformationReceivedContext =>
              {
                             //...
              };
});

字符串
在.NET 8中出现以下错误:
IOException:IDX20807:无法从以下位置检索文档:“https://login.microsoftonline.com/v2.0/.well-known/openid-configuration '. HttpResponseMessage:”StatusCode:400,ReasonPhrase:“Bad Request”,版本:1.1,内容:System.Net.Http.HttpConnectionResponseContent,标头:
{
缓存控制:私有
安全传输:max-age=31536000; includeSubDomains
X-Content-Type-Options:nosniff
控制-允许-来源:*
方法:GET,OPTIONS
P3P:CP=“DSP CUR OTPi IND OTRi ONL FIN”
x-ms-request-id:4379b336-fe23-4d6c-95c6-d71717573e00
x-ms-ests-server:2.1.16790.7 - SCUS磁盘切片
X-XSS-保护:0
设置Cookie:fpc=Av3iPXMPIHBMgE-fomXi7KM; expires=Sun,17-Dec-2023 02:58:22 GMT; path=/; secure; HttpOnly; SameSite=None
Set-Cookie:x-ms-gateway-slice=estsfd; path=/; secure; httponly
日期:2023年11月17日星期五02:58:21 GMT
Content-Type:application/json; charset=utf-8
内容长度:649
}“,HttpResponseMessage.Content:”{“error”:“invalid_tenant”,“error_description”:“AADSTS 90002:未找到租户”v2.0“。请检查以确保您具有正确的租户ID并且正在登录到正确的云。请与您的订阅管理员联系,如果租户没有活动的订阅,则可能会发生这种情况。跟踪ID:4379 b336-fe 23 - 4d 6c-95 c6-d 71717573 e00相关ID:0 c5 cf 6 f7 - 311 f-4122-a547-aaee 24 d3159 e时间戳:2023-11-17 02:58:22 Z”,“错误代码”:[90002],“时间戳”:“2023-11-17 02:58:22 Z”,“trace_id”:“4379 b336-fe 23 - 4d 6c-95 c6-d 71717573 e00”,“correlation_id”:“0 c5 cf 6 f7 - 311 f-4122-a547-aaee 24 d3159 e”,“error_uri”:“https://login.microsoftonline.com/error?code=90002“}”.
如果你能帮忙的话,我将不胜感激。

vvppvyoh

vvppvyoh1#

我试着用你的代码,即使我得到了类似的错误代码。

IOException: IDX20807: Unable to retrieve document from:
InvalidOperationException: IDX20803: Unable to obtain configuration from: 'https://login.microsoftonline.com/v2.0/.well-known/openid-configuration'.

字符串

  • 问题似乎是通过TokenValidationParameters
  • 删除下面的代码行
options.TokenValidationParameters.IssuerValidator = AadIssuerValidator.GetAadIssuerValidator(oidcInstance).Validate; 
options.TokenValidationParameters.NameClaimType = "name";

  • 并添加TokenValidationParameters如下。
options.TokenValidationParameters = new TokenValidationParameters
  {
      NameClaimType = "name"    
  };

  • 现在我能够访问应用程序没有任何问题。
  • 我的完整Program.cs文件:*
using Microsoft.AspNetCore.Authentication;
using Microsoft.AspNetCore.Authentication.Cookies;
using Microsoft.AspNetCore.Authentication.OpenIdConnect;
using Microsoft.AspNetCore.Authorization;
using Microsoft.AspNetCore.Mvc.Authorization;
using Microsoft.Identity.Web;
using Microsoft.Identity.Web.UI;
using Microsoft.IdentityModel.Protocols.OpenIdConnect;
using Microsoft.IdentityModel.Tokens;
using Microsoft.IdentityModel.Validators;

var builder = WebApplication.CreateBuilder(args);

builder.Services.AddAuthentication(options =>
{
    options.DefaultScheme = CookieAuthenticationDefaults.AuthenticationScheme;
    options.DefaultChallengeScheme = OpenIdConnectDefaults.AuthenticationScheme;
})
    .AddCookie()
    .AddOpenIdConnect(options =>
    {
        string oidcInstance = builder.Configuration["AzureAd:Instance"]!;
        string oidcDomain = builder.Configuration["AzureAd:Domain"]!;
        string oidcClientId = builder.Configuration["AzureAd:ClientId"]!;
        string oidcTenantId = builder.Configuration["AzureAd:TenantId"]!;
        string oidcClientSecret = builder.Configuration["AzureAd:ClientSecret"]!;

        options.Authority = $"https://login.microsoftonline.com/{oidcTenantId}/v2.0/";
        options.RequireHttpsMetadata = false;
        options.ClientId = oidcClientId;
        options.ClientSecret = oidcClientSecret;
        options.ResponseType = OpenIdConnectResponseType.CodeIdToken;
        //options.TokenValidationParameters.IssuerValidator = AadIssuerValidator.GetAadIssuerValidator(oidcInstance).Validate;

        options.TokenValidationParameters = new TokenValidationParameters
        {
            NameClaimType = "name",
        };

        options.GetClaimsFromUserInfoEndpoint = true;
        options.MapInboundClaims = false;
        //options.TokenValidationParameters.NameClaimType = "name";
        options.CallbackPath = new PathString("/signin-oidc");
        options.SignedOutCallbackPath = new PathString("/signout-callback-oidc");
        options.RemoteSignOutPath = new PathString("/signout-oidc");

builder.Services.AddRazorPages()
    .AddMicrosoftIdentityUI();

var app = builder.Build();

if (!app.Environment.IsDevelopment())
{
    app.UseExceptionHandler("/Error");
    app.UseHsts();
}

app.UseHttpsRedirection();
app.UseStaticFiles();
app.UseRouting();
app.UseAuthentication();
app.UseAuthorization();
app.MapRazorPages();
app.MapControllers();
app.Run();

  • 输出:*

相关问题