在测试环境中使用Azure Active执行身份验证过程时出错
在测试环境中使用Azure Active执行身份验证过程时出错
提问于 2022-08-26 14:09:30
我正在为web项目实现AD的身份验证。当我在本地运行时,身份验证成功运行,但是当它被带到测试环境时,它会生成以下错误:
System.InvalidOperationException: IDX20803: Unable to obtain configuration from: '[PII is hidden]'. ---> System.IO.IOException: IDX20804: Unable to retrieve document from: '[PII is hidden]'. ---> System.Threading.Tasks.TaskCanceledException: A task was canceled.
at System.Runtime.CompilerServices.TaskAwaiter.ThrowForNonSuccess(Task task)
at System.Runtime.CompilerServices.TaskAwaiter.HandleNonSuccessAndDebuggerNotification(Task task)
at Microsoft.IdentityModel.Protocols.HttpDocumentRetriever.<GetDocumentAsync>d__8.MoveNext()
--- End of inner exception stack trace ---
at Microsoft.IdentityModel.Protocols.HttpDocumentRetriever.<GetDocumentAsync>d__8.MoveNext()
--- End of stack trace from previous location where exception was thrown ---
at System.Runtime.CompilerServices.TaskAwaiter.ThrowForNonSuccess(Task task)
at System.Runtime.CompilerServices.TaskAwaiter.HandleNonSuccessAndDebuggerNotification(Task task)
at Microsoft.IdentityModel.Protocols.OpenIdConn在门户中创建的设置
设置Startup.Auth
public partial class Startup
{
// Para obtener más información sobre cómo configurar la autenticación, visite https://go.microsoft.com/fwlink/?LinkId=301864
private static string clientId = ConfigurationManager.AppSettings["ida:ClientId"];
private static string appKey = ConfigurationManager.AppSettings["ida:ClientSecret"];
private static string aadInstance = ConfigurationManager.AppSettings["ida:AADInstance"];
private static string tenantId = ConfigurationManager.AppSettings["ida:TenantId"];
private static string postLogoutRedirectUri = ConfigurationManager.AppSettings["ida:PostLogoutRedirectUri"];
private static string postLoginRedirectUri = ConfigurationManager.AppSettings["ida:PostLogoutRedirectUri"];
public static readonly string Authority = aadInstance + tenantId;
public void ConfigureAuth(IAppBuilder app)
{
app.SetDefaultSignInAsAuthenticationType(CookieAuthenticationDefaults.AuthenticationType);
//https://www.jamessturtevant.com/posts/ASPNET-Identity-Custom-Database-and-OWIN/
app.CreatePerOwinContext(ApplicationDbContext.Create);
app.UseCookieAuthentication(new CookieAuthenticationOptions());
app.UseOpenIdConnectAuthentication(
new OpenIdConnectAuthenticationOptions
{
ClientId = clientId,
Authority = Authority,
PostLogoutRedirectUri = postLogoutRedirectUri,
RedirectUri = postLoginRedirectUri
});
app.UseCookieAuthentication(new CookieAuthenticationOptions
{
AuthenticationType = DefaultAuthenticationTypes.ApplicationCookie
});
}
}控制器SingIn和SingOut
public void SignIn()
{
// Enviar una solicitud de inicio de sesión a OpenID Connect.
if (!Request.IsAuthenticated)
{
HttpContext.GetOwinContext().Authentication.Challenge(new AuthenticationProperties { RedirectUri = "/" }, OpenIdConnectAuthenticationDefaults.AuthenticationType);
}
}
public void SignOut()
{
if (true)
{
// Send an OpenID Connect sign-out request.
HttpContext.GetOwinContext().Authentication.SignOut(
OpenIdConnectAuthenticationDefaults.AuthenticationType, CookieAuthenticationDefaults.AuthenticationType);
}
}回答 1
Stack Overflow用户
发布于 2022-08-30 10:56:54
- 请检查在天蓝色上运行时是否有适当的互联网连接问题。
- 错误意味着应用程序无法下载OpenId配置文档,该配置文档几乎包含该应用程序登录所需的信息--例如URL、服务的公开签名密钥的位置。
- 请确保这两行是正确的,否则它会出错: .UseAuthentication() .UseAuthorization()
- 此外,此错误可能是使用web.config文件中的错误web.config url和
“Instance": "https://login.microsoftonline.com/"来清楚地查找错误。在您的IdentityModelEventSource.ShowPII中设置= true。 如果(env.IsDevelopment()) { // IdentityModelEventSource.ShowPII = true;// } - 请确保使用您的点网框架的最新版本(或4.7.2),因为有些任务可能需要更新/最新版本的.NET框架才能正常工作。
- 检查并使用协议-TLS1.2作为
TLS 1.1 or TLS 1.0 are depreciated.应用程序 - 在某些情况下,包可能仍然默认为TLS 1.1,即使在加载元数据时更改了它,并且可能需要时间来反映正确的元数据。
- 要解决这个问题,请尝试在Global.asax.cs中添加以下内容,这将允许在指向tls1.2或更高版本时获得openid配置,并将门户中的tls更改为1.2。 受保护的void Application_Start() { ServicePointManager.SecurityProtocol = SecurityProtocolType.Tls12 x SecurityProtocolType.Tls12 SecurityProtocolType.Ssl3;//允许TLSV1.2和SSL3只/或SSL3= System.Net.SecurityProtocolType.Tls12;/其他代码}
参考资料:
页面原文内容由Stack Overflow提供。腾讯云小微IT领域专用引擎提供翻译支持
原文链接:
https://stackoverflow.com/questions/73502328
复制相关文章
相似问题
腾讯云开发者
