在OpenIDConnect选项下指定Redirecturi -Azure AD，.NET6 C＃

发布于 2025-02-09 17:49:55 字数 1287 浏览 0 评论 0 原文

我有一个Azure Active Directory，并在其下注册了我的应用程序。在门户网站的重定向库下，我指定了此http：// custom_domain/signin-oidc。

在我的startup.cs下，我有这些代码。


            services.Configure<OpenIdConnectOptions>(AzureADDefaults.OpenIdScheme, options =>
            {
                options.Authority = options.Authority + "/v2.0";
                options.TokenValidationParameters.ValidateIssuer = false;
            });

应用程序设置下指定的所有信息都是正确的（clientId，tenantid等），

当部署到我的Azure App Service时，重定向URI更改为App Service Original URL名称而不是自定义域。

执行我的应用程序时检查了登录页面： https://login.microsoftonline.com/5910deee------/oauth2/v2.0/authorize?client_id = 2782---- = https％3A％2f％2F **错误 dyirect URI未在Azure Portal AD AD REDIRECT URI **％3A444345％2FSignin-odc＆amp; wendesp; wenspys_type = id_token = id_token＆amp; scope = openID％20profile＆amp; ansp＆amp; Amp＆amp; Amp; Amp; Amp; Amp; Amp; Amp; Amp; Amp; Amp; Amp; Amp; Amp; Amp; Amp; Amp; Amp; Amp； ; nonce = 6379148910548699 ......

如何在我的代码中指定重定向URI，或者将MS登录页面重定向到我的自定义域URI？在门户网站下指定 - ＆gt;广告 - ＆gt;身份验证 - ＆GT;重定向URI不起作用。

原文

I have an azure Active Directory and have my app registered under it.
Under the RedirectURIs in the portal, i have specified this http://custom_domain/signin-oidc.

Under my startup.cs, i have these codes.


            services.Configure<OpenIdConnectOptions>(AzureADDefaults.OpenIdScheme, options =>
            {
                options.Authority = options.Authority + "/v2.0";
                options.TokenValidationParameters.ValidateIssuer = false;
            });

All the information specified under the app settings is correct (ClientID, TenantID, etc)

When deployed to my Azure App Service, the redirect URI changes to the app service original url name instead of the custom domain.

Inspected the login page when my app was executed:
https://login.microsoftonline.com/5910deee------/oauth2/v2.0/authorize?client_id=2782------&redirect_uri=https%3A%2F%2F**WRONG REDIRECT URI WHICH WAS NOT SPECIFIED UNDER THE AZURE PORTAL AD REDIRECT URI**%3A44345%2Fsignin-oidc&response_type=id_token&scope=openid%20profile&response_mode=form_post&nonce=6379148910548699......

How can I specify the redirect uri in my codes, or have the MS login page redirect to my custom domain uri? Specifying under the PORTAL -> AD -> Authentication -> Redirect URIs does not work.

分享到QQ

分享到微博

如果你对这篇内容有疑问，欢迎到本站社区发帖提问参与讨论，获取更多帮助，或者扫码二维码加入 Web 技术交流群。

发布评论

需要登录才能够评论，你可以免费注册一个本站的账号。

亚希 2025-02-16 17:49:56

以下是您可以遵循的解决方法以解决上述问题；

确保您已在您的 azure ad ad application application application application application reii相同的重定向。 > appsettings.json 文件。

如 @ tinywang 所述，如果您的应用程序中有多个重定向uri ，请删除这些，并保留在登录后要重定向的相同。

im遇到错误“值'中的路径必须以'/'开头。
我按照您分享的图像遵循。值为 /signin-oidc
最初

，如果您已经完成了上述所有步骤，请确保您的重定向URI必须以 https 开始，而不是 http ，如您所提到的 http：//custom_domain/signin-oidc 无效。

例如，您可以设置类似： - https：//contoso.com/abc/response-oidc 。

program.cs 应该看起来像这样： -

var builder = WebApplication.CreateBuilder(args);

// Add services to the container.
builder.Services.AddAuthentication(OpenIdConnectDefaults.AuthenticationScheme)
    .AddMicrosoftIdentityWebApp(builder.Configuration.GetSection("AzureAd"));

builder.Services.AddAuthorization(options =>
{
    // By default, all incoming requests will be authorized according to the default policy.
    options.FallbackPolicy = options.DefaultPolicy;
});
builder.Services.AddRazorPages()
    .AddMicrosoftIdentityUI();

var app = builder.Build();

// Configure the HTTP request pipeline.
if (!app.Environment.IsDevelopment())
{
    app.UseExceptionHandler("/Error");
    // The default HSTS value is 30 days. You may want to change this for production scenarios, see https://aka.ms/aspnetcore-hsts.
    app.UseHsts();
}

app.UseHttpsRedirection();
app.UseStaticFiles();

app.UseRouting();

app.UseAuthentication();
app.UseAuthorization();

app.MapRazorPages();
app.MapControllers();

app.Run();

和在 appsettings.json

{
  "AzureAd": {
    "Instance": "https://login.microsoftonline.com/",
    "Domain": "[ e.g. contoso.onmicrosoft.com]",
    "TenantId": "00000-00000-0000000",
    "ClientId": "11111111-222222-333",
    "CallbackPath": "/signin-oidc",
    "SignedOutCallbackPath ": "/signout-callback-oidc"
  },
  "Logging": {
    "LogLevel": {
      "Default": "Information",
      "Microsoft": "Warning",
      "Microsoft.Hosting.Lifetime": "Information"
    }
  },
  "AllowedHosts": "*"
}

注意： - 请确保您拥有 已启用在Visual Studio中，SSL值 。

有关完整的设置和更多信息，请参阅以下链接： -

Microsoft文档 | 支持的重定向uri 和 <强>配置文件 。
博客 | 创建ASP.NET Web应用程序（.NET Framework - Web framework或MVC）使用Azure AD ADENATICY 。。
< em> 所以线程 @ diegosasw

建议

Below are the workaround you can follow to resolve the above issue;

Make sure that you have provided the redirect uri same as on our Azure AD application(Authentication >..Redirect Uri) in your appsettings.json file.

As stated by @Tinywang, If you have multiple redirect uri in your application please remove those and keep the same which you want to redirect after log-in.

i m getting the error "The path in 'value' must start with '/'. " when
i follow as per the image you shared. The value is /signin-oidc
initially

So if you have done with all the above steps , Please make sure that your redirect uri must be begin with https and not http as you have mentioned in the question it is http://custom_domain/signin-oidc which is not valid.

For example you can set something like:- https://contoso.com/abc/response-oidc.

Program.cs should look like this:-

var builder = WebApplication.CreateBuilder(args);

// Add services to the container.
builder.Services.AddAuthentication(OpenIdConnectDefaults.AuthenticationScheme)
    .AddMicrosoftIdentityWebApp(builder.Configuration.GetSection("AzureAd"));

builder.Services.AddAuthorization(options =>
{
    // By default, all incoming requests will be authorized according to the default policy.
    options.FallbackPolicy = options.DefaultPolicy;
});
builder.Services.AddRazorPages()
    .AddMicrosoftIdentityUI();

var app = builder.Build();

// Configure the HTTP request pipeline.
if (!app.Environment.IsDevelopment())
{
    app.UseExceptionHandler("/Error");
    // The default HSTS value is 30 days. You may want to change this for production scenarios, see https://aka.ms/aspnetcore-hsts.
    app.UseHsts();
}

app.UseHttpsRedirection();
app.UseStaticFiles();

app.UseRouting();

app.UseAuthentication();
app.UseAuthorization();

app.MapRazorPages();
app.MapControllers();

app.Run();

And in appsettings.json

{
  "AzureAd": {
    "Instance": "https://login.microsoftonline.com/",
    "Domain": "[ e.g. contoso.onmicrosoft.com]",
    "TenantId": "00000-00000-0000000",
    "ClientId": "11111111-222222-333",
    "CallbackPath": "/signin-oidc",
    "SignedOutCallbackPath ": "/signout-callback-oidc"
  },
  "Logging": {
    "LogLevel": {
      "Default": "Information",
      "Microsoft": "Warning",
      "Microsoft.Hosting.Lifetime": "Information"
    }
  },
  "AllowedHosts": "*"
}