问题
I've been trying to solve this issue for over a week now with no progress whatsoever. I’m having trouble authenticating using Cordova Azure Mobile App plugin and .NET/C# back-end.
I'm following this tutorial on creating a Cordova app for Android/iOS. I added Azure Active Directory as my provider for authentication based on this tutorial. I downloaded the quickstart projects from the Azure Portal for Cordova and .NET/C# back-end.
I deployed the Azure mobile app back-end and updated the Resource Explorer to allow https://localhost:4000 and https://{myazurewebsite}.azurewebsites.net by adding the URL’s in allowedExternalRedirectUrls. I also updated CORS to allow those same URL’s. I added my Single Sign-On Reply URL to be https://{myazurewebsite}.azurewebsites.net/.auth/login/aad/callback. I ensured that my Cordova app has the InAppBrowser and Azure Mobile Apps plugin installed. I updated the Content-Security-Policy to point to https://login.windows.net and https://{myazurewebsite}.azurewebsites.net. I updated my onDeviceReady() function to be:
function onDeviceReady() {
// Create a connection reference to our Azure Mobile Apps backend
client = new WindowsAzure.MobileServiceClient('https://{myazurewebsite}.azurewebsites.net');
// Login to the service
client.login('aad')
.then(function () {
// BEGINNING OF ORIGINAL CODE
// Create a table reference
todoItemTable = client.getTable('todoitem');
// Refresh the todoItems
refreshDisplay();
// Wire up the UI Event Handler for the Add Item
$('#add-item').submit(addItemHandler);
$('#refresh').on('click', refreshDisplay);
// END OF ORIGINAL CODE
}, handleError);
}
When I execute the Cordova app in Ripple while connected to my work LAN, the app loads into Ripple and then a second window opens asking me for my AAD credentials. I enter my username, tab off, and the redirect starts to happen and I am successfully authenticated and able to interact with the ToDoItems from the tutorial.
When I execute the Cordova app in Ripple while connected to a public network, the app loads into Ripple and then a second window opens asking me for my AAD credentials. I enter my username, tab off, and the redirect starts to happen and the I am presented with an additional prompt shown in the image below:
When I execute the Cordova app and send it to an Android or iOS device while connected to a public network, I receive the Cordova WebView (InAppBrowser) which asks for my credentials. I enter my username, press the password text box, and the redirect starts. It then just goes to a blank white page and hangs there.
Am I missing something? Why do I get a second prompt in Ripple when connected to a public network and why does the Cordova WebView show a blank screen after trying to authenticate the user name only?
Azure Mobile App CORS settings:
Azure Mobile App AAD Authentication settings
Azure Resource Explorer settings:
Azure Active Directory WebApp created by Express setting Active Directory Management Mode The delegate permission set is the default one: Sign in and read user profile
回答1:
It looks like the public network is set up on a proxy. You are then proxying a proxy and the backend is not seeing the URL it expects - instead, it is seeing the URL of the proxy.
I suspect this is one of those things that will work fine in a "normal" mobile situation. Run the app on a real device instead when you are on the public network.
回答2:
The problem was that my company was sending Azure AD authentication requests through Azure to our on-premise ADFS servers. The infrastructure group at our company needed to add a WAP (Web Application Proxy) Server in the middle to intercept communication and allow this flow to work.
Once they added the WAP server, it was no longer an issue.
来源:https://stackoverflow.com/questions/38576301/cordova-aad-server-flow-authentication-hangs-on-android-and-ios