0
作为我的一个要求,我应该将IdentitySever与Active Directory连接到现有的用户和声明。到目前为止,我设法在Azure门户中创建应用程序注册。所以我有一个Appication ID
并且还配置了一个API Key
。此外,我有端点的列表:将IdentityServer4连接到Azure Active Directory
https://login.windows.net/{ad_guid}/federationmetadata/2007-06/federationmetadata.xml
https://login.windows.net/{ad_guid}/wsfed
https://login.windows.net/{ad_guid}/saml2
https://login.windows.net/{ad_guid}/saml2
https://graph.windows.net/{ad_guid}
https://login.windows.net/{ad_guid}/oauth2/token
https://login.windows.net/{ad_guid}/oauth2/authorize
我可以得到
https://login.windows.net/{ad_guid}/.well-known/openid-configuration
的OpenID的构成来documentation from Microsoft我现在应该配置这样的端点:
app.SetDefaultSignInAsAuthenticationType(
CookieAuthenticationDefaults.AuthenticationType);
app.UseCookieAuthentication(new CookieAuthenticationOptions());
var uri = "https://login.windows.net/{0}";
var instance = configuration["AzureAD:Instance"];
var authority = string.Format(CultureInfo.InvariantCulture, uri, instance);
app.UseOpenIdConnectAuthentication(new OpenIdConnectAuthenticationOptions
{
DisplayName = "Azure Active Directory",
AuthenticationScheme = "AzureAD",
SignInScheme = IdentityServerConstants.ExternalCookieAuthenticationScheme,
ClientId = configuration["AzureAD:AppId"],
Authority = authority,
Scope = {"openid", "email"}
});
由于某种原因,这是行不通的。任何想法我可能错过了?
在配置[ “OpenID登录:AzureAD:实例”],并在 “实例” 的价值有你的房客的名字? – JakeJ
它是AzureAD实例的GUID – MovGP0