How to change authentication mode (from Windows to Azure AD)(如何更改身份验证模式(从 Windows 到 Azure AD))

本文介绍了如何更改身份验证模式(从 Windows 到 Azure AD)的处理方法,对大家解决问题具有一定的参考价值,需要的朋友们下面随着小编来一起学习吧!

问题描述

我有一个当前使用 Windows 身份验证的现有 WebForms 应用程序,我想通过 Azure AD 对其进行身份验证.该应用程序已在 Azure 中配置(我有 AppID 和 TenantID),但该应用程序仍通过 Windows 身份验证进行身份验证.

根据本指南.

大多数指南都使用 MVC 作为他们的示例,而我找不到对现有 WebForms 应用程序的全面介绍.

我是否需要更改 web.config 中的某些内容?

我在 Startup 和 Startup.Auth 中有以下代码(我手动创建,看起来与指南中描述的完全一样)

启动.Auth

public void ConfigureAuth(IAppBuilder app){app.SetDefaultSignInAsAuthenticationType(CookieAuthenticationDefaults.AuthenticationType);app.SetDefaultSignInAsAuthenticationType(CookieAuthenticationDefaults.AuthenticationType);app.UseCookieAuthentication(new CookieAuthenticationOptions());app.UseOpenIdConnectAuthentication(新的 OpenIdConnectAuthenticationOptions{ClientId = "应用id";权限=租户ID";});}
启动
public void Configuration(IAppBuilder app){配置身份验证(应用程序);}
下面是 web.config 中的 authentication 设置,我尝试将其从 Windows 设置为 None,但该应用只是抛出了一个 401 页面,并没有尝试向 AAD 进行身份验证.
<授权><拒绝用户=?"/></授权>
 解决方案 
虽然我不能 100% 确定您的问题是什么,但这里有一个使用 Web 表单进行 AAD 身份验证的工作示例.
Web.config 
<><代码><配置><!-- Azure AD 设置--><应用设置><add key="ida:ClientId" value="{ClientId}"/><add key="ida:AADInstance" value="https://login.microsoftonline.com/"/><add key="ida:Domain" value="{租户}"/><add key="ida:TenantId" value="{TenantId}"/><add key="ida:PostLogoutRedirectUri" value="https://localhost:44306/"/></appSettings><位置路径="帐户"><system.web><授权><allow users="*"/></授权></system.web></位置><system.web><!-- 请求登录--><授权><拒绝用户=?"/></授权><认证模式=无"/><编译调试="true" targetFramework="4.5"/><httpRuntime targetFramework="4.5"/><页面><命名空间><add namespace="System.Web.Optimization"/></命名空间><控制><add assembly="Microsoft.AspNet.Web.Optimization.WebForms" namespace="Microsoft.AspNet.Web.Optimization.WebForms" tagPrefix="webopt"/></控制></页面><http模块><add name="ApplicationInsightsWebTracking" type="Microsoft.ApplicationInsights.Web.ApplicationInsightsHttpModule, Microsoft.AI.Web"/></httpModules></system.web><system.webServer><!-- 删除表单身份验证模块.--><模块><remove name="FormsAuthentication"/><remove name="ApplicationInsightsWebTracking"/><add name="ApplicationInsightsWebTracking" type="Microsoft.ApplicationInsights.Web.ApplicationInsightsHttpModule, Microsoft.AI.Web" preCondition="managedHandler"/></模块><validation validateIntegratedModeConfiguration="false"/></system.webServer><运行时><assemblyBinding xmlns="urn:schemas-microsoft-com:asm.v1"><从属程序集><assemblyIdentity name="Newtonsoft.Json"culture="neutral" publicKeyToken="30ad4fe6b2a6aeed"/><bindingRedirect oldVersion="0.0.0.0-6.0.0.0" newVersion="6.0.0.0"/></dependentAssembly><从属程序集><assemblyIdentity name="WebGrease"culture="neutral" publicKeyToken="31bf3856ad364e35"/><bindingRedirect oldVersion="0.0.0.0-1.5.2.14234" newVersion="1.5.2.14234"/></dependentAssembly></assemblyBinding></运行时><system.codedom><编译器><compiler language="c#;cs;csharp" extension=".cs" type="Microsoft.CodeDom.Providers.DotNetCompilerPlatform.CSharpCodeProvider, Microsoft.CodeDom.Providers.DotNetCompilerPlatform, Version=1.0.8.0, Culture=neutral, PublicKeyToken=31bf3856ad364e35" warningLevel="4" compilerOptions="/langversion:6/nowarn:1659;1699;1701"/><compiler language="vb;vbs;visualbasic;vbscript" extension=".vb" type="Microsoft.CodeDom.Providers.DotNetCompilerPlatform.VBCodeProvider, Microsoft.CodeDom.Providers.DotNetCompilerPlatform, Version=1.0.8.0, Culture=neutral, PublicKeyToken=31bf3856ad364e35" warningLevel="4" compilerOptions="/langversion:14/nowarn:41008/define:_MYTYPE="Web&quot;/optionInfer+"/></编译器></system.codedom></配置>

Startup.Auth.cs

公共部分类启动{私有静态字符串 clientId = ConfigurationManager.AppSettings["ida:ClientId"];私有静态字符串 aadInstance = ConfigurationManager.AppSettings["ida:AADInstance"];私有静态字符串tenantId = ConfigurationManager.AppSettings["ida:TenantId"];私有静态字符串 postLogoutRedirectUri = ConfigurationManager.AppSettings["ida:PostLogoutRedirectUri"];字符串权限 = aadInstance + 租户 ID;public void ConfigureAuth(IAppBuilder app){app.SetDefaultSignInAsAuthenticationType(CookieAuthenticationDefaults.AuthenticationType);app.UseCookieAuthentication(new CookieAuthenticationOptions());app.UseOpenIdConnectAuthentication(新的 OpenIdConnectAuthenticationOptions{客户端 ID = 客户端 ID,权威=权威,PostLogoutRedirectUri = postLogoutRedirectUri,通知 = 新 OpenIdConnectAuthenticationNotifications(){AuthenticationFailed =(上下文)=>{返回 System.Threading.Tasks.Task.FromResult(0);}}});//这使得在此行之上定义的任何中间件在 web.config 中应用授权规则之前运行app.UseStageMarker(PipelineStage.Authenticate);}}

I have an existing WebForms application that currently uses Windows Authentication that I want to authenticate through Azure AD. The app is already configured in Azure (I have the AppID and TenantID), but the application still authenticates via Windows Authentication.

Changes were made to the application by following this guide.

Most guides use MVC as their example, and I couldn't find a thorough walk through for existing WebForms applications.

Do I need to change something in the web.config?

I have the following codes in the Startup and Startup.Auth (which I created manually and looks exactly as what's described in the guide)

Startup.Auth

public void ConfigureAuth(IAppBuilder app) 
{
app.SetDefaultSignInAsAuthenticationType(CookieAuthenticationDefaults.AuthenticationType);
app.SetDefaultSignInAsAuthenticationType(CookieAuthenticationDefaults.AuthenticationType);
app.UseCookieAuthentication(new CookieAuthenticationOptions());
app.UseOpenIdConnectAuthentication(
        new OpenIdConnectAuthenticationOptions
        {
            ClientId = "the app id";
            Authority = "the tenant id";
        });
}

Startup

public void Configuration(IAppBuilder app)
{
  ConfigureAuth(app);
}

Below is the authentication setting in the web.config which I tried setting from Windows to None, but the app just threw a 401 page and didn't try to authenticate to AAD.

<authentication mode="Windows" />
<authorization>
   <deny users="?" />
</authorization>

解决方案

While I am not 100 percent sure what your issue is, Here is a working example for AAD Authentication with Web Forms.

Web.config 

<configuration>

<!-- Azure AD Settings -->
  <appSettings>
    <add key="ida:ClientId" value="{ClientId}" />
    <add key="ida:AADInstance" value="https://login.microsoftonline.com/" />
    <add key="ida:Domain" value="{Tenant}" />
    <add key="ida:TenantId" value="{TenantId}" />
    <add key="ida:PostLogoutRedirectUri" value="https://localhost:44306/" />
  </appSettings>

  <location path="Account">
    <system.web>
      <authorization>
        <allow users="*" />
      </authorization>
    </system.web>
  </location>
  <system.web>

    <!-- Request Login -->
    <authorization>
      <deny users="?" />
    </authorization>


    <authentication mode="None" />
    <compilation debug="true" targetFramework="4.5" />
    <httpRuntime targetFramework="4.5" />
    <pages>
      <namespaces>
        <add namespace="System.Web.Optimization" />
      </namespaces>
      <controls>
        <add assembly="Microsoft.AspNet.Web.Optimization.WebForms" namespace="Microsoft.AspNet.Web.Optimization.WebForms" tagPrefix="webopt" />
      </controls>
    </pages>
    <httpModules>
      <add name="ApplicationInsightsWebTracking" type="Microsoft.ApplicationInsights.Web.ApplicationInsightsHttpModule, Microsoft.AI.Web" />
    </httpModules>
  </system.web>
  <system.webServer>

    <!-- Remove Forms Authentication Module. -->
    <modules>
      <remove name="FormsAuthentication" />
      <remove name="ApplicationInsightsWebTracking" />
      <add name="ApplicationInsightsWebTracking" type="Microsoft.ApplicationInsights.Web.ApplicationInsightsHttpModule, Microsoft.AI.Web" preCondition="managedHandler" />
    </modules>


    <validation validateIntegratedModeConfiguration="false" />
  </system.webServer>
  <runtime>
    <assemblyBinding xmlns="urn:schemas-microsoft-com:asm.v1">
      <dependentAssembly>
        <assemblyIdentity name="Newtonsoft.Json" culture="neutral" publicKeyToken="30ad4fe6b2a6aeed" />
        <bindingRedirect oldVersion="0.0.0.0-6.0.0.0" newVersion="6.0.0.0" />
      </dependentAssembly>
      <dependentAssembly>
        <assemblyIdentity name="WebGrease" culture="neutral" publicKeyToken="31bf3856ad364e35" />
        <bindingRedirect oldVersion="0.0.0.0-1.5.2.14234" newVersion="1.5.2.14234" />
      </dependentAssembly>
    </assemblyBinding>
  </runtime>
  <system.codedom>
    <compilers>
      <compiler language="c#;cs;csharp" extension=".cs" type="Microsoft.CodeDom.Providers.DotNetCompilerPlatform.CSharpCodeProvider, Microsoft.CodeDom.Providers.DotNetCompilerPlatform, Version=1.0.8.0, Culture=neutral, PublicKeyToken=31bf3856ad364e35" warningLevel="4" compilerOptions="/langversion:6 /nowarn:1659;1699;1701" />
      <compiler language="vb;vbs;visualbasic;vbscript" extension=".vb" type="Microsoft.CodeDom.Providers.DotNetCompilerPlatform.VBCodeProvider, Microsoft.CodeDom.Providers.DotNetCompilerPlatform, Version=1.0.8.0, Culture=neutral, PublicKeyToken=31bf3856ad364e35" warningLevel="4" compilerOptions="/langversion:14 /nowarn:41008 /define:_MYTYPE="Web" /optionInfer+" />
    </compilers>
  </system.codedom>
</configuration>

Startup.Auth.cs

public partial class Startup
{
    private static string clientId = ConfigurationManager.AppSettings["ida:ClientId"];
    private static string aadInstance = ConfigurationManager.AppSettings["ida:AADInstance"];
    private static string tenantId = ConfigurationManager.AppSettings["ida:TenantId"];
    private static string postLogoutRedirectUri = ConfigurationManager.AppSettings["ida:PostLogoutRedirectUri"];

    string authority = aadInstance + tenantId;

    public void ConfigureAuth(IAppBuilder app)
    {
        app.SetDefaultSignInAsAuthenticationType(CookieAuthenticationDefaults.AuthenticationType);

        app.UseCookieAuthentication(new CookieAuthenticationOptions());

        app.UseOpenIdConnectAuthentication(
            new OpenIdConnectAuthenticationOptions
            {
                ClientId = clientId,
                Authority = authority,
                PostLogoutRedirectUri = postLogoutRedirectUri,

                Notifications = new OpenIdConnectAuthenticationNotifications()
                {
                    AuthenticationFailed = (context) =>
                    {
                        return System.Threading.Tasks.Task.FromResult(0);
                    }
                }

            }
            );

        // This makes any middleware defined above this line run before the Authorization rule is applied in web.config
        app.UseStageMarker(PipelineStage.Authenticate);
    }
}

这篇关于如何更改身份验证模式(从 Windows 到 Azure AD)的文章就介绍到这了,希望我们推荐的答案对大家有所帮助,也希望大家多多支持编程学习网!