この問題を回避するためにMicrosoftに1ヶ月かかりました。私たちのウェブサイトをバックアップして稼働させるには、結論:以下はこの経験からのテイクアウトです。
1)あなたのプロダクションがあなたのウェブサイトで100%働いていることを確認するまで、プレビューB2Cを削除しないでください。
2)本番B2Cを作成するときは、プレビューB2Cで行ったのと同じ名前を使用しないでください。
3)サインイン、サインアップ、パスワードリセット、またはプロファイル編集ポリシーに同じ名前を使用しないでください(Microsoftの既知のバグです) 。
- ローカルのテストに使用するポート番号は、Azure B2Cアプリケーション応答URL、web.config ReturnURL変数、およびプロジェクトプロパティで変更する必要があります設定します。 (これも私たちのために重要でした)。
5)。マイクロソフトは、私たちは次のような場所にOpenIdConnectへの呼び出しを変更しました:
A)IDA:
<add key="ida:AadInstance" value="https://login.microsoftonline.com/{0}/v2.0/.well-known/openid-configuration?p={1}"/>
B)App_Start/Startup.Auth.cs
で変更したコードにweb.configファイルでAadInstance
using System;
using System.Collections.Generic;
using System.Linq;
using System.Web;
using Owin;
using Microsoft.Owin.Security;
using Microsoft.Owin.Security.Cookies;
using Microsoft.Owin.Security.OpenIdConnect;
using System.Threading.Tasks;
using Microsoft.Owin.Security.Notifications;
using Microsoft.IdentityModel.Protocols;
using System.Web.Mvc;
using System.Configuration;
using System.IdentityModel.Tokens;
using System.Threading;
using System.Globalization;
using Microsoft.Owin;
namespace WebSite
{
public partial class Startup
{
// The ACR claim is used to indicate which policy was executed
public const string AcrClaimType = "http://schemas.microsoft.com/claims/authnclassreference";
// App config settings
public static string clientId = ConfigurationManager.AppSettings["ida:ClientId"];
public static string aadInstance = ConfigurationManager.AppSettings["ida:AadInstance"];
public static string tenant = ConfigurationManager.AppSettings["ida:Tenant"];
public static string redirectUri = ConfigurationManager.AppSettings["ida:RedirectUri"];
// B2C policy identifiers
public static string SignUpPolicyId = ConfigurationManager.AppSettings["ida:SignUpPolicyId"];
public static string SignInPolicyId = ConfigurationManager.AppSettings["ida:SignInPolicyId"];
public static string ProfilePolicyId = ConfigurationManager.AppSettings["ida:UserProfilePolicyId"];
public static string ChangePasswordPolicyId = ConfigurationManager.AppSettings["ida:ChangePasswordPolicyId"];
public void ConfigureAuth(IAppBuilder app)
{
app.SetDefaultSignInAsAuthenticationType(CookieAuthenticationDefaults.AuthenticationType);
app.UseCookieAuthentication(new CookieAuthenticationOptions());
// Configure OpenID Connect middleware for each policy
app.UseOpenIdConnectAuthentication(CreateOptionsFromPolicy(SignUpPolicyId));
app.UseOpenIdConnectAuthentication(CreateOptionsFromPolicy(SignInPolicyId));
app.UseOpenIdConnectAuthentication(CreateOptionsFromPolicy(ProfilePolicyId));
app.UseOpenIdConnectAuthentication(CreateOptionsFromPolicy(ChangePasswordPolicyId));
}
// Used for avoiding yellow-screen-of-death
private Task AuthenticationFailed(AuthenticationFailedNotification<OpenIdConnectMessage, OpenIdConnectAuthenticationOptions> notification)
{
notification.HandleResponse();
if (notification.Exception.Message == "access_denied")
{
notification.Response.Redirect("/");
}
else
{
notification.Response.Redirect("/Home/Error?message=" + notification.Exception.Message);
}
return Task.FromResult(0);
}
private OpenIdConnectAuthenticationOptions CreateOptionsFromPolicy(string policy)
{
return new OpenIdConnectAuthenticationOptions
{
MetadataAddress = String.Format(CultureInfo.InvariantCulture, aadInstance, tenant, policy),
AuthenticationType = policy,
ClientId = clientId,
RedirectUri = redirectUri,
PostLogoutRedirectUri = redirectUri,
Notifications = new OpenIdConnectAuthenticationNotifications
{
AuthenticationFailed = AuthenticationFailed
},
Scope = "openid",
ResponseType = "id_token",
TokenValidationParameters = new TokenValidationParameters
{
NameClaimType = "name",
SaveSigninToken = true //important to save the token in boostrapcontext
},
ProtocolValidator = new OpenIdConnectProtocolValidator { RequireNonce = false }
};
}
}
}
C)コントローラで修正されたコード/ AccountController.cs(添付のコードを参照)
using Microsoft.Owin.Security;
using System;
using System.Collections.Generic;
using System.Diagnostics;
using System.Linq;
using System.Web;
using System.Web.Mvc;
using Microsoft.Owin.Security.OpenIdConnect;
using Microsoft.Owin.Security.Cookies;
using System.Security.Claims;
using EMC_Portal_Web.Services.DataAccess;
using EMC_Portal_Web;
namespace WebSite.Controllers
{
public class AccountController : Controller
{
public void SignIn()
{
// To execute a policy, you simply need to trigger an OWIN challenge.
// You can indicate which policy to use by adding it to the AuthenticationProperties using the PolicyKey provided.
try
{
if (!Request.IsAuthenticated)
{
// To execute a policy, you simply need to trigger an OWIN challenge.
// You can indicate which policy to use by specifying the policy id as the AuthenticationType
HttpContext.GetOwinContext().Authentication.Challenge(
new AuthenticationProperties() { RedirectUri = Startup.redirectUri }, Startup.SignInPolicyId);
}
}
catch (Exception ex)
{
Trace.TraceError("Error Message: " + ex.Message + " Stack: " + ex.StackTrace);
}
}
public void SignUp()
{
try
{
if (!Request.IsAuthenticated)
{
HttpContext.GetOwinContext().Authentication.Challenge(
new AuthenticationProperties() { RedirectUri = Startup.redirectUri }, Startup.SignUpPolicyId);
}
}
catch (Exception ex)
{
Trace.TraceError("Error Message: " + ex.Message + " Stack: " + ex.StackTrace);
}
}
public new void Profile()
{
try
{
if (Request.IsAuthenticated)
{
HttpContext.GetOwinContext().Authentication.Challenge(
new AuthenticationProperties() { RedirectUri = Startup.redirectUri }, Startup.ProfilePolicyId);
}
}
catch (Exception ex)
{
Trace.TraceError("Error Message: " + ex.Message + " Stack: " + ex.StackTrace);
}
}
public void ChangePassword()
{
try
{
if (Request.IsAuthenticated)
{
HttpContext.GetOwinContext().Authentication.Challenge(
new AuthenticationProperties() { RedirectUri = Startup.redirectUri }, Startup.ChangePasswordPolicyId);
}
}
catch (Exception ex)
{
Trace.TraceError("Error Message: " + ex.Message + " Stack: " + ex.StackTrace);
}
}
public ActionResult SignOut()
{
try
{
if (Request.IsAuthenticated)
{
IEnumerable<AuthenticationDescription> authTypes = HttpContext.GetOwinContext().Authentication.GetAuthenticationTypes();
HttpContext.GetOwinContext().Authentication.SignOut(authTypes.Select(t => t.AuthenticationType).ToArray());
}
return Redirect(System.Web.HttpContext.Current.Application["Index"].ToString());
}
catch (Exception ex)
{
Trace.TraceError("Error Message: " + ex.Message + " Stack: " + ex.StackTrace);
return Redirect(System.Web.HttpContext.Current.Application["Home"].ToString());
}
}
}
}