Azure AD身份验证重定向无法从Windows Docker容器工作

编程问答 2022-06-05

问题描述

我正在容器化用VB.net编写的ASP.net Webforms应用程序。它使用Azure AD身份验证SSO。在非docker环境中,启动应用程序URL时,它将重定向到Microsoft.login URL,然后从天蓝色广告重定向到Azure门户中设置的“重定向URL”。 但是,从Docker容器开始,它没有重定向。我正在使用OWIN OpenID身份验证。我在web.config中添加了startup.cs和AutomaticAppStartup和appStartup项。 Web.config中的键

value

已安装的软件包-

<pre>
<add key="owin:AutomaticAppStartup" value="true" />
<add key="owin:appStartup" value="Startup" />
</pre>

startup.cs中的代码

    public class Startup
    {
        private static TraceSource ts = new TraceSource("TraceTest");
    
        public void Configuration(IAppBuilder app)
        {
            Tools.Log("In  Configuration");
            ServicePointManager.SecurityProtocol = SecurityProtocolType.Tls12;
            app.Use();
    
            app.SetDefaultSignInAsAuthenticationType(CookieAuthenticationDefaults.AuthenticationType);
    
            Trace.TraceInformation("Hit Config Auth function");
            ts.TraceEvent(TraceEventType.Error,1,"Error message.");
            ts.Close();
    
            app.UseCookieAuthentication(new CookieAuthenticationOptions(){
                LoginPath= new PathString("/SignIn.aspx"),AuthenticationMode = AuthenticationMode.Active,AuthenticationType = DefaultAuthenticationTypes.ApplicationCookie,CookieHttpOnly = false,CookieSecure = CookieSecureOption.Always,CookiePath = "/",CookieName = CookieAuthenticationDefaults.CookiePrefix + "GM"
            });
    
            app.UseOpenIdConnectAuthentication(
                new OpenIdConnectAuthenticationOptions
                {
                    Authority = "https://sts.windows.net/XXXXX",ClientId = "XXXXX-XXXXX-XXXXX-XXXXX-XXXX",ClientSecret = "XXX-X-XXXXX-XXX.XXXX",RedirectUri = "https://URL",PostLogoutRedirectUri = "https://URL",Scope = OpenIdConnectScope.OpenIdProfile,ResponseType = OpenIdConnectResponseType.CodeIdToken,UseTokenLifetime = false,SaveTokens=true,TokenValidationParameters = new TokenValidationParameters
                    {
                        ValidateIssuer = false,},Notifications = new OpenIdConnectAuthenticationNotifications()
                    {
                        AuthorizationCodeReceived = OnAuthorizationCodeReceived,AuthenticationFailed = OnAuthenticationFailed,RedirectToIdentityProvider = OnRedirectToIdentityProvider,SecurityTokenValidated = (context) =>
                        {
                            Tools.Log("SecurityTokenValidated " );
                            var claims = context.AuthenticationTicket.Identity.Claims;
                            var groups = from c in claims
                                         where c.Type == "groups"
                                         select c;
    
                            foreach (var group in groups)
                            {
                                context.AuthenticationTicket.Identity.AddClaim(new System.Security.Claims.Claim(System.Security.Claims.ClaimTypes.Role,group.Value));
                            }
                            Tools.Log("SecurityTokenValidated " + context.AuthenticationTicket.Identity.Claims);
                            return Task.FromResult(0);
                        }
                    },});              
            app.UseStageMarker(PipelineStage.Authenticate);
            app.UseStageMarker(PipelineStage.Authorize);        
            Tools.Log("End Configuration method of Startup class");
        }
    
        private static string EnsureTrailingSlash(string value)
        {
            if (value == null)
            {
                value = string.Empty;
            }
    
            if (!value.EndsWith("/",StringComparison.Ordinal))
            {
                return value + "/";
            }
    
            return value;
        }
        private async Task OnAuthorizationCodeReceived(AuthorizationCodeReceivedNotification context)
        {
            Tools.Log("In begin OnAuthorizationCodeReceived ");
            IConfidentialClientApplication clientApp = MsalAppBuilder.BuildConfidentialClientApplication();
            AuthenticationResult result = await clientApp.AcquireTokenByAuthorizationCode(new[] { "openid profile" },context.Code).ExecuteAsync();
            Console.WriteLine("OnAuthorizationCodeReceived "+ context);
            Tools.Log("In OnAuthorizationCodeReceived " + context.Response.ToString());
        }
    
        private static Task OnRedirectToIdentityProvider(RedirectToIdentityProviderNotification notification)
        {
            Tools.Log("In OnRedirectToIdentityProvider " + notification.HandledResponse.ToString());
            var stateQueryString = notification.ProtocolMessage.State.Split('=');
            var protectedState = stateQueryString[1];
            var state = notification.Options.StateDataFormat.Unprotect(protectedState);
            Console.WriteLine("OnRedirectToIdentityProvider " + notification);      
     notification.ProtocolMessage.State = stateQueryString[0] + "=" +   notification.Options.StateDataFormat.Protect(state);
    Tools.Log("OnRedirectToIdentityProvider "+ notification.Response.Context.Response.StatusCode.ToString());
            return Task.FromResult(0);
        }

此外,在dockerfile中,我正在使用nuget软件包还原,以确保将owin软件包也安装在docker容器中。 Dockerfile 

<pre>
<package id="Microsoft.AspNet.Identity.Core" version="2.2.3" targetFramework="net472" />
  <package id="Microsoft.AspNet.Identity.Owin" version="2.2.3" targetFramework="net472" />
  <package id="Microsoft.AspNet.Mvc" version="5.2.7" targetFramework="net472" />
  <package id="Microsoft.AspNet.Razor" version="3.2.7" targetFramework="net472" />
  <package id="Microsoft.AspNet.WebApi" version="5.2.7" targetFramework="net472" />
  <package id="Microsoft.AspNet.WebApi.Client" version="5.2.7" targetFramework="net472" />
  <package id="Microsoft.AspNet.WebApi.Core" version="5.2.7" targetFramework="net472" />
  <package id="Microsoft.AspNet.WebApi.WebHost" version="5.2.7" targetFramework="net472" />
  <package id="Microsoft.AspNet.WebPages" version="3.2.7" targetFramework="net472" />
  <package id="Microsoft.Identity.Client" version="4.21.0" targetFramework="net472" />
  <package id="Microsoft.IdentityModel.JsonWebTokens" version="5.3.0" targetFramework="net472" />
  <package id="Microsoft.IdentityModel.Logging" version="5.3.0" targetFramework="net472" />
  <package id="Microsoft.IdentityModel.Protocols" version="5.3.0" targetFramework="net472" />
  <package id="Microsoft.IdentityModel.Protocols.OpenIdConnect" version="5.3.0" targetFramework="net472" />
  <package id="Microsoft.IdentityModel.Tokens" version="5.3.0" targetFramework="net472" />
  <package id="Microsoft.Owin" version="4.1.1" targetFramework="net472" />
  <package id="Microsoft.Owin.Host.SystemWeb" version="4.1.1" targetFramework="net472" />
  <package id="Microsoft.Owin.Security" version="4.1.1" targetFramework="net472" />
  <package id="Microsoft.Owin.Security.Cookies" version="4.1.1" targetFramework="net472" />
  <package id="Microsoft.Owin.Security.OAuth" version="3.0.1" targetFramework="net472" />
  <package id="Microsoft.Owin.Security.OpenIdConnect" version="4.1.1" targetFramework="net472" />
  <package id="Microsoft.Web.Infrastructure" version="1.0.0.0" targetFramework="net472" />
  <package id="Newtonsoft.Json" version="10.0.1" targetFramework="net472" />
  <package id="Owin" version="1.0" targetFramework="net472" />
  <package id="System.IdentityModel.Tokens.Jwt" version="5.3.0" targetFramework="net472" />
  <package id="System.Runtime.Caching" version="4.7.0" targetFramework="net472" />
  <package id="System.Security.Claims" version="4.3.0" targetFramework="net472" />
</pre>

您能建议什么,这可能阻止重定向到Microsoft.login页面。

解决方法

暂无找到可以解决该程序问题的有效方法,小编努力寻找整理中!

如果你已经找到好的解决方法,欢迎将解决方案带上本链接一起发送给小编。

小编邮箱:dio#foxmail.com (将#修改为@)

asp.netazure-active-directorydockerdocker-for-windowswebforms