2017-01-10 22 views
0

プロジェクトを1.1.0にアップグレードした後、私のazure ADオープンID認証に対して認証エラーが発生しました。netcoreアップグレード1.0.0から1.1.0へのアップグレード後にAzure認証が失敗する

フィドラーのようにエラーを示している。

WWW認証:ベアラエラー= "INVALID_REQUEST"、error_codes = "[90010]"、ましたerror_description = "AADSTS90010:JWTトークンのUserInfoエンドポイントで使用することはできません%。 0D%で0aTrace。

これは、400エラーにBadRequestを相関し、ユーザーがログインすることはできません。

app.UseOpenIdConnectAuthentication(new OpenIdConnectOptions 
     { 
      AutomaticAuthenticate = true, 
      AutomaticChallenge = true, 
      ClientId = Configuration["Authentication:AzureAd:ClientId"], 
      Authority = Configuration["Authentication:AzureAd:AADInstance"] + Configuration["Authentication:AzureAd:TenantId"], 
      ClientSecret = Configuration["Authentication:AzureAd:ClientSecret"], 
      CallbackPath = Configuration["Authentication:AzureAd:CallbackPath"],     
      ResponseType = OpenIdConnectResponseType.CodeIdToken,  
      GetClaimsFromUserInfoEndpoint = true,     
      Events = new OpenIdConnectEvents 
      { 
       OnAuthenticationFailed = OnAuthenticationFailed, 
       OnAuthorizationCodeReceived = OnAuthorizationCodeReceived, 
       OnMessageReceived = OnMessageReceived, 
       OnTicketReceived = OnTicketRecieved, 
       OnTokenValidated = OnTokenValidated, 
       OnUserInformationReceived = OnUserInformationReceived, 
       OnTokenResponseReceived = OnTokenResponseRecieved, 
       OnRemoteFailure = OnRemoteFailure 
      }   

private async Task OnAuthorizationCodeReceived(AuthorizationCodeReceivedContext context) 
    { 
     var aadInstance = "https://login.microsoftonline.com/"; 
     var graphResourceId = "https://graph.windows.net"; 

     string userObjectId = (context.Ticket.Principal.FindFirst("http://schemas.microsoft.com/identity/claims/objectidentifier"))?.Value; 
     ClientCredential clientCred = new ClientCredential(clientId, clientSecret); 
     AuthenticationContext authContext = new AuthenticationContext(aadInstance + tenant); 
     AuthenticationResult authResult = await authContext.AcquireTokenByAuthorizationCodeAsync(
      context.ProtocolMessage.Code, new Uri(context.Properties.Items[OpenIdConnectDefaults.RedirectUriForCodePropertiesKey]), clientCred, graphResourceId); 


     context.HandleCodeRedemption(authResult.AccessToken, authResult.IdToken); 

    } 

は私がCodeIdTokenを使用してしようとしているので、私は今、異なるユーザークレームを処理する必要がありますかGetClaimsFromuserInfoEndpointオプションを使用しますか?

編集:あなたは、他のカスタムコードを、私はGetClaimsFromUserInfoEndpointをコメントアウトした場合、これは罰金

答えて

0

の作品を持っていましたか?それは私のためにうまく機能し、ここにあなたの参照のためのコードです:

{ 
    "buildOptions": { 
     "emitEntryPoint": true, 
     "preserveCompilationContext": true 
    }, 

    "runtimeOptions": { 
     "gcServer": true 
    }, 

    "dependencies": { 
     "Microsoft.AspNetCore.Diagnostics": "1.0.0", 
     "Microsoft.AspNetCore.Mvc": "1.0.0", 
     "Microsoft.AspNetCore.Mvc.TagHelpers": "1.0.0", 
     "Microsoft.AspNetCore.Server.IISIntegration": "1.0.0", 
     "Microsoft.AspNetCore.StaticFiles": "1.0.0", 
     "Microsoft.Extensions.Configuration.FileExtensions": "1.0.0", 
     "Microsoft.Extensions.Configuration.Json": "1.0.0", 
     "Microsoft.Extensions.Logging": "1.0.0", 
     "Microsoft.Extensions.Logging.Console": "1.0.0", 
     "Microsoft.Extensions.Logging.Debug": "1.0.0", 
     "Microsoft.AspNetCore.Authentication.Cookies": "1.0.0", 
     "Microsoft.AspNetCore.Server.Kestrel": "1.0.0", 
     "Microsoft.AspNetCore.Authentication.OpenIdConnect": "1.0.0", 
     "Microsoft.NETCore.App": { 
      "type": "platform", 
      "version": "1.1.0" 
     }, 
     "Microsoft.VisualStudio.Web.BrowserLink.Loader": "14.0.0" 
    }, 

    "frameworks": { 
     "netcoreapp1.1": { 
      "imports": [ 
       "dotnet5.6", 
       "dnxcore50", 
       "portable-net45+win8" 
      ] 
     } 
    }, 

    "tools": { 
     "Microsoft.AspNetCore.Server.IISIntegration.Tools": { 
      "version": "1.0.0-preview2-final", 
      "imports": "portable-net45+win8+dnxcore50" 
     } 
    }, 

    "publishOptions": { 
     "include": [ 
      "wwwroot", 
      "Views", 
      "appsettings.json", 
      "web.config" 
     ] 
    }, 

    "scripts": { 
     "prepublish": [ "npm install", "bower install", "gulp clean", "gulp min" ], 
     "postpublish": [ "dotnet publish-iis --publish-folder %publish:OutputPath%" ] 
    } 
} 
:ここ

app.UseOpenIdConnectAuthentication(new OpenIdConnectOptions 
{   
    AutomaticAuthenticate = true, 
    AutomaticChallenge = true, 
    ClientId = Configuration["AzureAD:ClientId"], 
    Authority = String.Format(Configuration["AzureAd:AadInstance"], Configuration["AzureAd:Tenant"]), 
    ClientSecret = Configuration["AzureAd:ClientSecret"], 
    CallbackPath = new PathString("/signin-oidc"), 
    ResponseType = OpenIdConnectResponseType.CodeIdToken, 
    GetClaimsFromUserInfoEndpoint = true, 
    Events = new OpenIdConnectEvents 
    { 
     OnAuthenticationFailed = OnAuthenticationFailed, 
     OnAuthorizationCodeReceived = OnAuthorizationCodeReceived, 
     OnMessageReceived = OnMessageReceived, 
     OnTicketReceived = OnTicketRecieved, 
     OnTokenValidated = OnTokenValidated, 
     OnUserInformationReceived = OnUserInformationReceived, 
     OnTokenResponseReceived = OnTokenResponseRecieved, 
     OnRemoteFailure = OnRemoteFailure 
    } 

}); 

private Task OnRemoteFailure(FailureContext context) 
{ 
    context.HandleResponse(); 
    context.Response.Redirect("/Home/Error?message=" + context.Failure.Message); 
    return Task.FromResult(0); 
} 

private Task OnAuthenticationFailed(AuthenticationFailedContext context) 
{ 
    return Task.FromResult(0); 
} 

private Task OnAuthorizationCodeReceived(AuthorizationCodeReceivedContext context) 
{ 
    return Task.FromResult(0); 
} 

private Task OnMessageReceived(MessageReceivedContext context) 
{ 
    return Task.FromResult(0); 
} 

private Task OnTicketRecieved(TicketReceivedContext context) 
{ 
    return Task.FromResult(0); 
} 

private Task OnTokenValidated(TokenValidatedContext context) 
{ 
    return Task.FromResult(0); 
} 
private Task OnUserInformationReceived(UserInformationReceivedContext context) 
{ 
    return Task.FromResult(0); 
} 

private Task OnTokenResponseRecieved(TokenResponseReceivedContext context) 
{ 
    return Task.FromResult(0); 
} 

はproject.jsonファイルです

関連する問題