我正在尝试使用OWIN Open ID Connect中间件将ASP.NET应用程序的身份验证外包给Azure Active Directory.在访问需要授权的页面后,该应用程序成功重定向到Azure AD登录页面.但是,登录到Azure AD时遇到以下错误:
I'm attempting to use the OWIN Open ID Connect middleware to outsource authentication for my ASP.NET application to Azure Active Directory. The application successfully redirects to the Azure AD sign-in page upon accessing a page that requires authorisation. However upon signing in to Azure AD I'm encountering the following error:
AADSTS90002:请求的租户标识符'00000000-0000-0000-0000-000000000000'无效.租户标识符不能为空的GUID.
AADSTS90002: Requested tenant identifier '00000000-0000-0000-0000-000000000000' is not valid. Tenant identifiers may not be an empty GUID.
这是对UseOpenIdConnectAuthentication的呼叫.授权URL中包含的租户是f82d0e29-6018-43c6-b806-1f46a009ff4a.那么,为什么Azure AD认为我要为租户传递一个空的GUID?
Here is the call to UseOpenIdConnectAuthentication. The tenant which is included in the Authority URL is f82d0e29-6018-43c6-b806-1f46a009ff4a. So why does Azure AD think I am passing in an empty GUID for the tenant?
app.UseOpenIdConnectAuthentication(new OpenIdConnectAuthenticationOptions { AuthenticationType = "AzureAd", Caption = "Office 365", Scope = "openid email profile", ClientId = "e34401b2-6a9f-4547-9229-f0d93a33b1a1", Authority = "login.windows/f82d0e29-6018-43c6-b806-1f46a009ff4a/", PostLogoutRedirectUri = "localhost:44333", RedirectUri = "localhost:44333", AuthenticationMode = AuthenticationMode.Passive, SignInAsAuthenticationType = signInAsType });推荐答案
AAD目前可能存在错误.与此大约在同一时间也开始了另一个线程:空GUID使用Azure AD同意流时出现错误-根据一条评论,AAD团队已经意识到并正在调查它.
There may be a bug in AAD right now. Another thread also started around the same time as this one: Empty GUID error when using Azure AD consent flow - According to one comment the AAD team is aware and looking into it.
更新:
有关完整的诊断和解决方案,请参见我对此问题的版本:
See my version of this question for the full diagnosis and solution:
Azure Active Directory为其传递空GUID具有默认模板的tenantId
更多推荐
OpenIdConnect错误
发布评论