小贝子编程

已发送无提示登录请求,但没有用户登录并AADSTS50058收到错误代码



我正在尝试将示例Angular应用程序与Azure Active Directory集成。为此,我使用了

  • MSAL Microsoft库。
  • 我的 Azure 门户订阅试用期为 30 天。

请找到我所做的步骤。

步骤 1在我的试用版 Azure 订阅中注册应用程序。将重定向 URI 设置为 http://localhost:4200

步骤 2选择隐式授权,访问令牌和 ID 令牌已选中。

步骤-3应用程序模块 我像这样修改。

import { BrowserModule } from '@angular/platform-browser';
import { NgModule } from '@angular/core';
import { AppRoutingModule } from './app-routing.module';
import { AppComponent } from './app.component';
import { ProfileComponent } from './profile/profile.component';
import { MsalModule, MsalInterceptor } from '@azure/msal-angular';
import { HTTP_INTERCEPTORS, HttpClientModule } from '@angular/common/http';
import { HomeComponent } from './home/home.component';
const isIE = window.navigator.userAgent.indexOf('MSIE ') > -1 || window.navigator.userAgent.indexOf('Trident/') > -1;
@NgModule({
declarations: [
AppComponent,
ProfileComponent,
HomeComponent
],
imports: [
BrowserModule,
AppRoutingModule,
HttpClientModule,
MsalModule.forRoot({
auth: {
clientId: 'MyclientId', // This is your client ID
authority: 'https://login.microsoftonline.com/MytenantId', // This is your tenant ID
redirectUri: 'http://localhost:4200'// This is your redirect URI
},
cache: {
cacheLocation: 'localStorage',
storeAuthStateInCookie: isIE, // Set to true for Internet Explorer 11
},
}, {
popUp: !isIE,
consentScopes: [
'user.read',
'openid',
'profile',
],
unprotectedResources: [],
protectedResourceMap: [
['https://graph.microsoft.com/v1.0/me', ['user.read']]
],
extraQueryParameters: {}
})
],
providers: [
{
provide: HTTP_INTERCEPTORS,
useClass: MsalInterceptor,
multi: true
}
],
bootstrap: [AppComponent]
})
export class AppModule { }

步骤 4我的应用路由

import { NgModule } from '@angular/core';
import { Routes, RouterModule } from '@angular/router';
import { ProfileComponent } from './profile/profile.component';
import { MsalGuard } from '@azure/msal-angular';
import { HomeComponent } from './home/home.component';
const routes: Routes = [
{
path: 'profile',
component: ProfileComponent,
canActivate: [
MsalGuard
]
},
{
path: '',
component: HomeComponent
}
];

@NgModule({
imports: [RouterModule.forRoot(routes)],
exports: [RouterModule]
})
export class AppRoutingModule { }

步骤 5应用组件

import { Component,OnInit } from '@angular/core';
import { MsalService, BroadcastService } from '@azure/msal-angular';
import { CryptoUtils, Logger } from 'msal';
@Component({
selector: 'app-root',
templateUrl: './app.component.html',
styleUrls: ['./app.component.css']
})
export class AppComponent implements OnInit  {
isIframe = false;
loggedIn = false;
constructor(private broadcastService: BroadcastService, private authService: MsalService) { }  
ngOnInit(): void {
this.isIframe = window !== window.parent && !window.opener;
this.checkAccount();
this.broadcastService.subscribe('msal:loginSuccess', () => {
this.checkAccount();
});
this.authService.handleRedirectCallback((authError, response) => {
if (authError) {
console.error('Redirect Error: ', authError.errorMessage);
return;
}
console.log('Redirect Success: ', response.accessToken);
});
this.authService.setLogger(new Logger((logLevel, message, piiEnabled) => {
console.log('MSAL Logging: ', message);
}, {
correlationId: CryptoUtils.createNewGuid(),
piiLoggingEnabled: false
}));
}
checkAccount() {
this.loggedIn = !!this.authService.getAccount();
}
login() {
const isIE = window.navigator.userAgent.indexOf('MSIE ') > -1 || window.navigator.userAgent.indexOf('Trident/') > -1;
if (isIE) {
this.authService.loginRedirect({
extraScopesToConsent: ["user.read", "openid", "profile"]
});
} else {
this.authService.loginPopup({
extraScopesToConsent: ["user.read", "openid", "profile"]
});
}
}
logout() {
this.authService.logout();
}
}

步骤-6配置文件组件

import { Component, OnInit } from '@angular/core';
import { MsalService } from '@azure/msal-angular';
import { HttpClient } from '@angular/common/http';
const GRAPH_ENDPOINT = 'https://graph.microsoft.com/v1.0/me';
@Component({
selector: 'app-profile',
templateUrl: './profile.component.html',
styleUrls: ['./profile.component.css']
})
export class ProfileComponent implements OnInit {
profile:any;
constructor(private authService: MsalService, private http: HttpClient) { }
ngOnInit() {
this.getProfile();
}
getProfile() {
this.http.get(GRAPH_ENDPOINT).toPromise()
.then(profile => {
this.profile = profile;
});
}
}

我按照以下链接中给出的相同步骤进行操作 https://learn.microsoft.com/en-us/azure/active-directory/develop/tutorial-v2-angular

应用程序登录。当我检查会话存储时,可以看到令牌。但是当访问配置文件组件时。它将引发以下错误。我不明白为什么会出现此错误。我错过了什么吗?请指导我,我错过了什么。

core.js:6260 ERROR Error: Uncaught (in promise): InteractionRequiredAuthError: AADSTS50058: A silent sign-in request was sent but no user is signed in. The cookies used to represent the user's session were not sent in the request to Azure AD. This can happen if the user is using Internet Explorer or Edge, and the web app sending the silent sign-in request is in different IE security zone than the Azure AD endpoint (login.microsoftonline.com).
Trace ID: 89abda01-6426-4658-8692-7690f74f8d00
Correlation ID: cf52e237-939c-4ce0-875b-d8a5555a0a13
Timestamp: 2020-05-17 20:42:55Z
InteractionRequiredAuthError: AADSTS50058: A silent sign-in request was sent but no user is signed in. The cookies used to represent the user's session were not sent in the request to Azure AD. This can happen if the user is using Internet Explorer or Edge, and the web app sending the silent sign-in request is in different IE security zone than the Azure AD endpoint (login.microsoftonline.com).
Trace ID: 89abda01-6426-4658-8692-7690f74f8d00
Correlation ID: cf52e237-939c-4ce0-875b-d8a5555a0a13
Timestamp: 2020-05-17 20:42:55Z
at InteractionRequiredAuthError.AuthError [as constructor] (AuthError.js:22)
at InteractionRequiredAuthError.ServerError [as constructor] (ServerError.js:22)
at new InteractionRequiredAuthError (InteractionRequiredAuthError.js:24)
at MsalService.push../node_modules/msal/lib-es6/UserAgentApplication.js.UserAgentApplication.saveTokenFromHash (UserAgentApplication.js:1289)
at MsalService.push../node_modules/msal/lib-es6/UserAgentApplication.js.UserAgentApplication.processCallBack (UserAgentApplication.js:845)
at MsalService.push../node_modules/msal/lib-es6/UserAgentApplication.js.UserAgentApplication.handleAuthenticationResponse (UserAgentApplication.js:897)
at MsalService.<anonymous> (UserAgentApplication.js:667)
at step (tslib.es6.js:100)
at Object.next (tslib.es6.js:81)
at fulfilled (tslib.es6.js:71)
at resolvePromise (zone-evergreen.js:798)
at resolvePromise (zone-evergreen.js:750)
at zone-evergreen.js:860
at ZoneDelegate.invokeTask (zone-evergreen.js:399)
at Object.onInvokeTask (core.js:41640)
at ZoneDelegate.invokeTask (zone-evergreen.js:398)
at Zone.runTask (zone-evergreen.js:167)
at drainMicroTaskQueue (zone-evergreen.js:569)
at invokeTask (zone-evergreen.js:484)
at ZoneTask.invoke (zone-evergreen.js:469)

你能包括小提琴手的痕迹吗?

从指南:

这意味着用户未登录。这是一个常见的错误,是 当用户未经身份验证且尚未登录时,应达到预期。如果 在用户具有的 SSO 上下文中遇到此错误 以前登录,这意味着 SSO 会话不是 已找到或无效。如果出现以下情况,则此错误可能会返回到应用程序 提示符=指定无。

如果向用户显示多个 UPN 并且预期的 UPN 未登录,我也看到会发生这种情况,因此也可以检查这一点。

相关内容

最新更新


热门标签:

javascript python java c# php android html jquery c++ css ios sql mysql arrays asp.net json python-3.x ruby-on-rails .net sql-server django objective-c excel regex ruby linux ajax iphone xml vba spring asp.net-mvc database wordpress string postgresql wpf windows xcode bash git oracle list vb.net multithreading eclipse algorithm macos powershell visual-studio image forms numpy scala function api selenium