我对vb不是很熟悉,但是参考c#代码,可以手动指定Authority:
app.UseOpenIdConnectAuthentication(
new OpenIdConnectAuthenticationOptions
{
// The `Authority` represents the v2.0 endpoint - https://login.microsoftonline.com/common/v2.0
Authority = Globals.Authority,
ClientId = Globals.ClientId,
RedirectUri = Globals.RedirectUri,
PostLogoutRedirectUri = Globals.RedirectUri,
Scope = Globals.BasicSignInScopes + " Mail.Read", // a basic set of permissions for user sign in & profile access "openid profile offline_access"
TokenValidationParameters = new TokenValidationParameters
{
ValidateIssuer = false,
// In a real application you would use IssuerValidator for additional checks, like making sure the user's organization has signed up for your app.
// IssuerValidator = (issuer, token, tvp) =>
// {
// //if(MyCustomTenantValidation(issuer))
// return issuer;
// //else
// // throw new SecurityTokenInvalidIssuerException("Invalid issuer");
// },
//NameClaimType = "name",
},
Notifications = new OpenIdConnectAuthenticationNotifications()
{
AuthorizationCodeReceived = OnAuthorizationCodeReceived,
AuthenticationFailed = OnAuthenticationFailed,
}
});
看起来https://login.microsoftonline.com/common/v2.0
将默认使用。所以你可以将值更改为https://login.microsoftonline.com/{your_tenant}/v2.0
Update:
您可以创建一个新的 vb Web 项目,并选择使用 Azure AD 单租户身份验证。
然后你会得到一个可行的样本:
Partial Public Class Startup
Private Shared clientId As String = ConfigurationManager.AppSettings("ida:ClientId")
Private Shared aadInstance As String = EnsureTrailingSlash(ConfigurationManager.AppSettings("ida:AADInstance"))
Private Shared tenantId As String = ConfigurationManager.AppSettings("ida:TenantId")
Private Shared postLogoutRedirectUri As String = ConfigurationManager.AppSettings("ida:PostLogoutRedirectUri")
Private Shared authority As String = aadInstance & tenantId
Public Sub ConfigureAuth(app As IAppBuilder)
app.SetDefaultSignInAsAuthenticationType(CookieAuthenticationDefaults.AuthenticationType)
app.UseCookieAuthentication(New CookieAuthenticationOptions())
app.UseOpenIdConnectAuthentication(New OpenIdConnectAuthenticationOptions() With {
.ClientId = clientId,
.Authority = authority,
.PostLogoutRedirectUri = postLogoutRedirectUri
})
End Sub
*
*
End Class
还支持指定权限。并且可以看到已经设置为aadInstance&tenantId
如果要使用 Azure AD v2,则需要使用 v2.0 终结点。