asp.net – Azure AD B2C – 多个子域

发布时间：2020-12-16 09:55:40 所属栏目：asp.Net 来源：网络整理

导读：我可以设置Azure Active Directory B2C以使用多个子域吗？这是我到目前为止所做的：设置一个B2C目录创建了一个Web应用程序：mytest.com – 此应用程序中的身份验证和授权工作正常. 我创建了另一个应用程序：subdomain.mytest.com – 它使用相同的Azure B2

我可以设置Azure Active Directory B2C以使用多个子域吗？
这是我到目前为止所做的：

>设置一个B2C目录
>创建了一个Web应用程序：mytest.com – 此应用程序中的身份验证和授权工作正常.
>我创建了另一个应用程序：subdomain.mytest.com – 它使用相同的Azure B2C Active目录

现在,我想要的是：当我登录“mytest.com”时也登录到“subdomain.mytest.com”

这可能吗？

我的应用程序是使用OpenId Connect的ASP.NET MVC应用程序
如果需要,我可以提供更详细的信息.

谢谢

解决方法

使它工作的线：

app.UseCookieAuthentication(new CookieAuthenticationOptions(){CookieDomain =“.mytest.com”});

当我读到这篇文章时,我想通了：https://auth0.com/blog/2014/01/27/ten-things-you-should-know-about-tokens-and-cookies/(第3节)

public void ConfigureAuth(IAppBuilder app)
    {
        app.SetDefaultSignInAsAuthenticationType(CookieAuthenticationDefaults.AuthenticationType);

        app.UseCookieAuthentication(new CookieAuthenticationOptions() { CookieDomain = ".mytest.com"});

        var options = new OpenIdConnectAuthenticationOptions
        {
            ClientId = clientIdb2c,RedirectUri = redirectUri,PostLogoutRedirectUri = redirectUri,Notifications = new OpenIdConnectAuthenticationNotifications()
            {
                MessageReceived = (context) =>
                {

                    //AADB2C90091: The user has cancelled entering self-asserted information.
                    if (!string.IsNullOrEmpty(context.ProtocolMessage.ErrorDescription) && !context.ProtocolMessage.ErrorDescription.StartsWith("AADB2C90091:",StringComparison.OrdinalIgnoreCase))
                    {
                        if (context.ProtocolMessage.ErrorDescription.StartsWith("AADB2C99002",StringComparison.OrdinalIgnoreCase))
                        {
                            throw new SecurityTokenValidationException("User does not exist. Please sign up before you can sign in.");
                        }
                    }

                    return Task.FromResult(0);
                },RedirectToIdentityProvider = OnRedirectToIdentityProvider,AuthenticationFailed = AuthenticationFailed,SecurityTokenValidated = (context) =>
                {
                    //Create the logic to redirect here.
                    context.AuthenticationTicket.Properties.RedirectUri = "https://sub1.mytest.com";

                    return Task.FromResult(0);
                }
            },Scope = "openid offline_access",ResponseType = "id_token",// The PolicyConfigurationManager takes care of getting the correct Azure AD authentication
            // endpoints from the OpenID Connect metadata endpoint.  It is included in the PolicyAuthHelpers folder.
            ConfigurationManager = new PolicyConfigurationManager(
                String.Format(CultureInfo.InvariantCulture,aadInstance,tenant,"/v2.0",OIDCMetadataSuffix),new string[] { SignUpPolicyId,SignInPolicyId,ProfilePolicyId }),};

        app.USEOpenIdConnectAuthentication(options);
    }

（编辑：李大同）

【声明】本站内容均来自网络，其相关言论仅代表作者个人观点，不代表本站立场。若无意侵犯到您的权利，请及时与联系站长删除相关内容!