在Docker中运行Visual Studio模板Azure AD身份验证的ASP.NET Core MVC应用程序

我使用Visual Studio模板创建了一个AzureAD认证的ASP.NET Core MVC应用程序。为了测试，我想在本地Docker示例中运行应用程序。
然而，在使用Visual Studio生成的Docker文件后，我得到以下错误：

Correlation failed.

DockerFile

FROM mcr.microsoft.com/dotnet/aspnet:7.0 AS base
WORKDIR /app
EXPOSE 80
EXPOSE 443

FROM mcr.microsoft.com/dotnet/sdk:7.0 AS build
WORKDIR /src
COPY ["MyApp/MyApp.csproj", "MyApp/"]
RUN dotnet restore "MyApp/MyApp.csproj"
COPY . .
WORKDIR "/src/MyApp"
RUN dotnet build "MyApp.csproj" -c Release -o /app/build

FROM build AS publish
RUN dotnet publish "MyApp.csproj" -c Release -o /app/publish /p:UseAppHost=false

FROM base AS final
WORKDIR /app
COPY --from=publish /app/publish .
ENTRYPOINT ["dotnet", "MyApp.dll"]

端口绑定如下：

8080:80

我已经在AzureAD中设置了回调URL如下：

http://localhost:8080/signin-oidc

更新

我发现一些文章建议添加以下内容：

services.Configure<CookiePolicyOptions>(options =>
{
    // This lambda determines whether user consent for non-essential cookies is needed for a given request.
    options.CheckConsentNeeded = context => true;
    options.MinimumSameSitePolicy = SameSiteMode.None;
});

app.UseCookiePolicy();

但这会产生一个新的错误：

Exception: Unable to unprotect the message.State.
Unknown location

Exception: An error was encountered while handling the remote login.Microsoft.AspNetCore.Authentication.RemoteAuthenticationHandler<TOptions>.HandleRequestAsync()

我能够使用Docker为ASP.NET Core MVC应用程序运行Azure AD authentication。

在创建模板时，选择身份验证类型为Microsoft Identity platform。
这使得可以从Visual Studio配置应用程序注册。无需手动创建和添加配置。

我在Docker文件中发现的唯一区别是。

ARG BUILD_CONFIGURATION=Release

我也试过了。

谢谢@Jason Pan的评论。
是的，正如Jason Pan所提到的那样，尝试使用https而不是http。

即使我能够运行的应用程序与您提供的代码（CookiePolicyOptions）.
我的默认Program.cs文件 *

using Microsoft.AspNetCore.Authentication;
using Microsoft.AspNetCore.Authentication.OpenIdConnect;
using Microsoft.AspNetCore.Authorization;
using Microsoft.AspNetCore.Mvc.Authorization;
using Microsoft.Identity.Web;
using Microsoft.Identity.Web.UI;

var builder = WebApplication.CreateBuilder(args);
builder.Services.AddAuthentication(OpenIdConnectDefaults.AuthenticationScheme)
    .AddMicrosoftIdentityWebApp(builder.Configuration.GetSection("AzureAd"));

builder.Services.AddControllersWithViews(options =>
{
    var policy = new AuthorizationPolicyBuilder()
        .RequireAuthenticatedUser()
        .Build();
    options.Filters.Add(new AuthorizeFilter(policy));
});
builder.Services.AddRazorPages()
    .AddMicrosoftIdentityUI();

var app = builder.Build();
if (!app.Environment.IsDevelopment())
{
    app.UseExceptionHandler("/Home/Error");    
    app.UseHsts();
}

app.UseHttpsRedirection();
app.UseStaticFiles();
app.UseRouting();
app.UseAuthorization();

app.MapControllerRoute(
    name: "default",
    pattern: "{controller=Home}/{action=Index}/{id?}");
app.MapRazorPages();
app.Run();

输出：*

Docker接口：*

2023-09-30 14:21:47       Now listening on: https://[::]:443
2023-09-30 14:21:47       Now listening on: http://[::]:80
2023-09-30 14:21:47       Application started. Press Ctrl+C to shut down.
2023-09-30 14:21:47       Hosting environment: Development
2023-09-30 14:21:55 info: Microsoft.IdentityModel.LoggingExtensions.IdentityLoggerAdapter[0]
2023-09-30 14:21:55       Microsoft.IdentityModel Version: 6.32.0.0. Date 09/30/2023 08:51:55. PII logging is OFF. See https://aka.ms/IdentityModel/PII for details. 
2023-09-30 14:21:55       IDX10242: Security token: '[PII of type 'System.IdentityModel.Tokens.Jwt.JwtSecurityToken' is hidden. For more details, see https://aka.ms/IdentityModel/PII.]' has a valid signature.
2023-09-30 14:21:55 info: Microsoft.IdentityModel.LoggingExtensions.IdentityLoggerAdapter[0]
2023-09-30 14:21:55       IDX10239: Lifetime of the token is valid.
2023-09-30 14:21:55 info: Microsoft.IdentityModel.LoggingExtensions.IdentityLoggerAdapter[0]
2023-09-30 14:21:55       IDX10234: Audience Validated.Audience: '********'
2023-09-30 14:21:55 info: Microsoft.IdentityModel.LoggingExtensions.IdentityLoggerAdapter[0]
2023-09-30 14:21:55       IDX10245: Creating claims identity from the validated token: '[PII of type 'System.IdentityModel.Tokens.Jwt.JwtSecurityToken' is hidden. For more details, see https://aka.ms/IdentityModel/PII.]'.

参考SO thread，它解决了旧版本中的相同类型的问题。

在Docker中运行Visual Studio模板Azure AD身份验证的ASP.NET Core MVC应用程序

1条答案

相关问题

热门标签

最新问答