我使用的是https://github.com/damienbod/dotnet-template-angular使用带有Azure AD登录的Asp.Net API构建Angular SPA。这使用https://github.com/damienbod/angular-auth-oidc-client在Angular方面与Azure对话。
我按预期获得了Micosoft登录,但在输入用户登录详细信息后,它返回错误:
AADSTS500013-未提供资源标识符
我在其他一些问题中看到了这个错误,但不同的应用程序设置没有使用相同的Angular OIDC cliet。我不确定这是问题所在,还是我在Azure应用程序注册中遗漏了什么?
更新我的Azure应用程序是使用旧版本的应用程序注册的,所以看起来像这样:
"oidc": {
"issuer": "https://login.microsoftonline.com/[....]/",
"client_id": "[...]",
"scope": "openid",
"resource": "https://graph.microsoft.com/"
}
您是否在用于验证用户的Azure AD中注册了应用程序?在clientId节点下的appsettings.json文件中,您将看到必须为ASP.NET应用程序提供的应用程序ID:
"oidc": {
"issuer": "https://login.microsoftonline.com/common/v2.0/",
"client_id": "d4d8dc5a-3e3b-4cf8-9ba5-eee9e27764a1",
"scope": "openid profile email",
"resource": "https://graph.windows.net",
"prompt": "consent"
}
此外,请确保在您的Angular应用程序中包括Azure AD租户的OIDC配置,如dotnet Angular Azure AD OIDC库的loadConfig函数的comments app.module.ts中所述。
export function loadConfig(oidcConfigService: OidcConfigService) {
console.log('APP_INITIALIZER STARTING');
// https://login.microsoftonline.com/damienbod.onmicrosoft.com/.well-known/openid-configuration
// jwt keys: https://login.microsoftonline.com/common/discovery/keys
// Azure AD does not support CORS, so you need to download the OIDC configuration, and use these from the application.
// The jwt keys needs to be configured in the well-known-openid-configuration.json
return () => oidcConfigService.load(`${window.location.origin}/api/config/configuration`);
//return () => oidcConfigService.load_using_custom_stsServer('https://localhost:44347/well-known-openid-configuration.json');
}
此配置可在https://login.microsoftonline.com/{your-tenant-name}.onmicrosoft.com/.well-known/openid-configuration访问。