您是否已在用于验证用户身份的Azure AD中注册了应用程序?在那里,您将在appsettings.json
节点下的clientId
文件中为ASP.NET应用程序提供一个应用程序ID:
"oidc": {
"issuer": "https://login.microsoftonline.com/common/v2.0/","client_id": "d4d8dc5a-3e3b-4cf8-9ba5-eee9e27764a1","scope": "openid profile email","resource": "https://graph.windows.net","prompt": "consent"
}
还要确保如dotnet-angular-azure-ad-oidc库的loadConfig
函数的注释app.module.ts中所述,在Angular应用程序中包括Azure AD租户的OIDC配置。
export function loadConfig(oidcConfigService: OidcConfigService) {
console.log('APP_INITIALIZER STARTING');
// https://login.microsoftonline.com/damienbod.onmicrosoft.com/.well-known/openid-configuration
// jwt keys: https://login.microsoftonline.com/common/discovery/keys
// Azure AD does not support CORS,so you need to download the OIDC configuration,and use these from the application.
// The jwt keys needs to be configured in the well-known-openid-configuration.json
return () => oidcConfigService.load(`${window.location.origin}/api/config/configuration`);
//return () => oidcConfigService.load_using_custom_stsServer('https://localhost:44347/well-known-openid-configuration.json');
}
此配置可通过https://login.microsoftonline.com/{your-tenant-name}.onmicrosoft.com/.well-known/openid-configuration
访问。
本文链接:https://www.f2er.com/3152382.html