.net - AzureAD not working with IdentityUser and IdentityRole
问题描述
I'm trying to get AzureAD authentication implemented in my app, which has role authentication. When I try to run the app, instead of automatically going to Microsoft login page (like it does in new project made apps), it goes to login page, with an option to use Azure Active Directory, when clicked on, it throws Error loading external login information. and nothing happens.
After tinkering with it for a bit, I've noticed that if I remove this line of code
services.AddDefaultIdentity<IdentityUser>().AddRoles<IdentityRole>().AddEntityFrameworkStores<ApplicationDbContext>();
from ConfigureServices in Startup.cs, it starts working again.
What is it about that line of code that interferes with AzureAD?
解决方案
使用代码将 ASP.NET Core Identity 添加到应用程序中,Azure AD 是外部身份验证提供程序之一。
在这种情况下,您可以设置CookieSchemeName为,Identity.External以便 asp.net 核心身份可以从外部身份提供者获取外部用户配置文件:
"AzureAd": {
"Instance": "https://login.microsoftonline.com/",
"Domain": "xxx.onmicrosoft.com",
"TenantId": "xxx-a2dd-4fde-bf8f-f75ab18b21ac",
"ClientId": "xxxxx-9f22-4c88-aafb-fe00a30caa78",
"CallbackPath": "/signin-oidc",
"CookieSchemeName": "Identity.External"
},
认证后,默认情况下,asp.net core identity 会创建一个本地账户关联你的外部账户,这样你就可以用你的本地身份系统进行授权。
推荐阅读
- c# - 当我在 C# 中按 Enter 时,Intellisense 没有插入
- json - 在 hive 数据类型中,映射比 JSON 字符串快多少?
- vb.net - 如何在richtextbox中插入编号的项目符号列表
- ruby-on-rails - ChartKick 抛出错误“PG::GroupingError: ERROR:”
- amazon-web-services - AWS Lambda 层:无法创建层版本:签名已过期
- bash - 如何在循环多行字符串时避免 \r
- c++ - 函数“fread()”不读取特定文件类型?
- reactjs - 如何在 ReactJS 中的屏幕之间导航?
- javascript - 在 Vue 中获取 ReadStream 对象
- c# - 如何添加自定义 Windows 音频输入?