My problem is that I cannot make Azure AD auth work when creating the App registrations (in Azure portal) manually.
(我的问题是,当手动创建应用程序注册(在Azure门户中)时,无法使Azure AD身份验证起作用。)
It all works fine if I create a new website using the MVC 5 template and let Visual Studio (2017) create a new App registration.
(如果我使用MVC 5模板创建新网站并让Visual Studio(2017)创建新的App注册,则一切正常。)
When I try to use the one I created it doesn't work and I'm getting this exception:
(当我尝试使用自己创建的程序时,它不起作用,并且出现此异常:)
stack trace:
(堆栈跟踪:)
at Microsoft.IdentityModel.Protocols.HttpDocumentRetriever.d__8.MoveNext() --- End of stack trace from previous location where exception was thrown --- at System.Runtime.CompilerServices.TaskAwaiter.ThrowForNonSuccess(Task task) at System.Runtime.CompilerServices.TaskAwaiter.HandleNonSuccessAndDebuggerNotification(Task task) Microsoft.IdentityModel.Protocols.OpenIdConnect.OpenIdConnectConfigurationRetriever.d__3.MoveNext() --- End of stack trace from previous location where exception was thrown --- at System.Runtime.CompilerServices.TaskAwaiter.ThrowForNonSuccess(Task task) at System.Runtime.CompilerServices.TaskAwaiter.HandleNonSuccessAndDebuggerNotification(Task task) at System.Runtime.CompilerServices.TaskAwaiter.ValidateEnd(Task task)
(在Microsoft.IdentityModel.Protocols.HttpDocumentRetriever.d__8.MoveNext()处-从上次引发异常的位置开始的堆栈跟踪-在System.Runtime处System.Runtime.CompilerServices.TaskAwaiter.ThrowForNonSuccess(任务任务)处CompilerServices.TaskAwaiter.HandleNonSuccessAndDebuggerNotification(任务任务)Microsoft.IdentityModel.Protocols.OpenIdConnect.OpenIdConnectConfigurationRetriever.d__3.MoveNext()---从上次引发异常的位置开始的堆栈跟踪---位于System.Runtime.CompilerServices.TaskAwaiter。 System.Runtime.CompilerServices.TaskAwaiter.HandleNonSuccessAndDebuggerNotification(Task任务)位于System.Runtime.CompilerServices.TaskAwaiter.ValidateEnd(任务任务)处的ThrowForNonSuccess(任务任务))
at Microsoft.IdentityModel.Protocols.ConfigurationManager`1.d__24.MoveNext()
(在Microsoft.IdentityModel.Protocols.ConfigurationManager`1.d__24.MoveNext())
Startup code I use in both:
(我在两个中都使用的启动代码:)
private static string aadInstance = ConfigurationManager.AppSettings["ida:AADInstance"];
private static string clientId = ConfigurationManager.AppSettings["ida:ClientId"];
private static string postLogoutRedirectUri = ConfigurationManager.AppSettings["ida:PostLogoutRedirectUri"];
private static string tenant = ConfigurationManager.AppSettings["ida:TenantId"];
private string authority = String.Format(CultureInfo.InvariantCulture, aadInstance, tenant);
public void ConfigureAuth(IAppBuilder app)
{
app.SetDefaultSignInAsAuthenticationType(CookieAuthenticationDefaults.AuthenticationType);
app.UseCookieAuthentication(new CookieAuthenticationOptions());
app.UseOpenIdConnectAuthentication(
new OpenIdConnectAuthenticationOptions
{
ClientId = clientId,
Authority = authority,
PostLogoutRedirectUri = postLogoutRedirectUri,
RedirectUri = postLogoutRedirectUri,
Notifications = new OpenIdConnectAuthenticationNotifications
{
AuthenticationFailed = context =>
{
context.HandleResponse();
context.Response.Redirect("/Error?message=" + context.Exception.Message);
return Task.FromResult(0);
}
},
TokenValidationParameters = new TokenValidationParameters
{
RequireSignedTokens = false,
},
});
}
The only difference I was able to find is that the automatically created App registration has one key and its manifest contains "passwordCredentials".
(我能够找到的唯一区别是,自动创建的App注册具有一个密钥,其清单包含“ passwordCredentials”。)
Manually created app doesn't have it.
(手动创建的应用没有此应用。)
I use the IIS Express for both websites. (我对两个网站都使用IIS Express。)
Both Application ID and Tenant ID are correct as well as HTTPS port. (Application ID和Tenant ID以及HTTPS端口都是正确的。)
All OWIN packages have the same version (in both apps). (所有OWIN软件包都具有相同的版本(在两个应用程序中)。)
I think IIS Express somehow uses that key from above but I couldn't find where or how it's applied as my startup code is exactly the same. (我认为IIS Express以某种方式从上方使用了该密钥,但是由于启动代码完全相同,所以我找不到它在哪里或如何应用。)
Any help appreciated (任何帮助表示赞赏)
PS: I also tried to host it on local IIS with the same result...
(PS:我也尝试将其托管在本地IIS上,结果相同。)
ask by vhr translate from so 
